Challenges Remain in Evaluating Ransomware Crackdowns

Challenges Remain in Evaluating Ransomware Crackdowns

An international takedown operation targeting the LockBit ransomware group’s technical infrastructure, and hitting associated individuals with arrests, indictments and sanctions, was celebrated as a major win earlier this week. However, questions remain about what types of long-term effects this law enforcement action will have, both on LockBit and on the ransomware threat landscape as a … Read more

Categories duo

Critical ScreenConnect Flaw Under Active Exploitation

Critical ScreenConnect Flaw Under Active Exploitation

Attackers are actively exploiting the critical authentication bypass in the ConnectWise ScreenConnect software disclosed on Monday and there is now proof-of-concept exploit code available for the flaw, as well. The flaw affects all versions of ScreenConnect below 23.9.8 and researchers who’ve analyzed it found that the bug is quite easy to exploit, and there are … Read more

Categories duo

Europol, FBI Announce LockBit Ransomware Crackdown

Europol, FBI Announce LockBit Ransomware Crackdown

An international takedown operation has hit the infamous LockBit ransomware group on multiple levels, with law enforcement agencies targeting its technical infrastructure, making arrests and releasing a decryption tool for victims to recover encrypted files without paying a ransom. The sweeping operation, announced Tuesday, was coordinated by Europol and Eurojust, and involved law enforcement from … Read more

Categories duo

U.S. Government Disrupts Botnet Used by Russian GRU Hackers

U.S. Government Disrupts Botnet Used by Russian GRU Hackers

The Justice Department on Thursday announced that it has disrupted a botnet operated by Russia’s GRU Military Unit 26165, also known as APT28. The DoJ said that during a January operation it was able to neutralize the malware network made up of hundreds of Ubiquiti Edge OS routers. These small office/home office (SOHO) routers were … Read more

Categories duo

APT Exploits Microsoft Zero-Day in Malware Attacks

APT Exploits Microsoft Zero-Day in Malware Attacks

An APT group has been exploiting a Microsoft zero-day vulnerability in attacks in order to bypass Microsoft Defender SmartScreen and infect financial market trader companies with the DarkMe malware. Researchers with Trend Micro’s Zero Day Initiative said that the known APT group, called Water Hydra, was leveraging the flaw (CVE-2024-21412) in order to bypass Defender … Read more

Categories duo

U.S. Organizations Targeted in Bumblebee Malware Campaign

U.S. Organizations Targeted in Bumblebee Malware Campaign

A number of U.S.-based organizations were targeted with emails last week that attempted to spread the well-known Bumblebee malware. The campaign uses a slightly modified attack chain for Bumblebee and marks the return of the malware after a four-month absence from the threat landscape. Bumblebee is a sophisticated downloader first spotted in March 2022, which … Read more

Categories duo

QNAP Fixes Pair of Command Injection Flaws

QNAP Fixes Pair of Command Injection Flaws

QNAP has fixed two vulnerabilities in its QTS and QuTS hero operating systems, including a high-severity command-injection bug that could allow an attacker to execute arbitrary code on a vulnerable device. The vulnerability exists in several versions of the operating systems, which run on various QNAP network-attached storage devices, including many enterprise-grade appliances. Stephen Fewer, … Read more

Categories duo

Ivanti Discloses New Flaw in Policy Secure, Connect Secure VPN

Ivanti Discloses New Flaw in Policy Secure, Connect Secure VPN

A new vulnerability has been disclosed in certain versions of Ivanti’s Connect Secure VPN and Ivanti Policy Secure appliances. This latest flaw (CVE-2024-22024), described by Ivanti as an XML external entity or XXE flaw, stems from the SAML component of Connect Secure, Ivanti Policy Secure and ZTA gateways. If exploited, the flaw could enable an … Read more

Categories duo
jsplaces