Patches released for exploited Windows PrintNightmare bug

  By Juha SaarinenJul 7 202111:47AM All supported Windows versions need updating. Microsoft has released updates for all supported versions of its Windows desktop and server operating systems to fix the PrintNightmare remote code execution zero day vulnerability that is currently being exploited by unnamed threat actors. PrintNightmare is rated as a critical vulnerability, with low…

Suspected ‘Dr HeX’ Hacker Busted for 9 Years of Phishing

Author:Lisa Vaas July 7, 2021  12:23 pm The unnamed suspect allegedly helped to develop carding and phishing kits with the aim of stealing customers’ bank-card data. A Moroccan man suspected of being “Dr HeX” – the prolific threat actor behind a nine-year cyber-blitz on thousands of victims through phishing, website defacing, malware development, fraud and carding…

Kaseya VSA Attack: REvil Returns and Other Hackers Are Riding Their Coattails

  CREATED 1 HOUR AGO by AlienVault Public  TLP:  White The attack leveraged the on-premises servers deployed by IT Management Software vendor Kaseya. It was initially thought that Kaseya might have been compromised themselves as a root cause — similar to the compromises associated with SolarWinds software in December of 2020. Instead, the attackers found and leveraged an unpatched…

Bandidos at large: A spying campaign in Latin America

  CREATED 1 HOUR AGO by AlienVault Public  TLP:  White In 2021 ESET detected an ongoing campaign targeting corporate networks in Spanish-speaking countries, with 90% of the detections in Venezuela. When comparing the malware used in this campaign with what was previously documented, they found new functionality and changes to this malware, known as Bandook. They also found that…

Ryuk ransomware now targeting webservers

  CREATED 10 HOURS AGO by AlienVault Public  TLP:  White Ryuk ransomware, which encrypts files and demands payment in Bitcoin for the release of the keys used to decrypt them, is now targeting web servers, according to a report published by McAfee.REFERENCE:https://www.mcafee.com/enterprise/en-us/assets/reports/rp-ryuk-ransomware-targeting-webservers.pdf TAGS:ryuk, ransomware MALWARE FAMILY:Ryuk ATT&CK IDS:T1134 – Access Token Manipulation, T1059.003 – Windows Command Shell, T1471 – Data Encrypted for…

WildPressure targets macOS

CREATED 10 HOURS AGO by AlienVault Public  TLP:  White Kaspersky has discovered a new campaign from the WildPressure threat actor. This campaign includes the C++ Milum Trojan, a corresponding VBScript variant and a set of modules that include an orchestrator and three plugins. REFERENCE:https://securelist.com/wildpressure-targets-macos/103072/ TAGS:milum, wildpressure, macos, apt, tandis, python guard ADVERSARY:WildPressure MALWARE FAMILIES:Milum, Tandis, Python Guard ATT&CK IDS:T1047 – Windows Management Instrumentation, T1140 – Deobfuscate/Decode Files…