Blog

Jul152021

Threat Brief: Windows Print Spooler RCE Vulnerability (CVE-2021-34527 AKA PrintNightmare)

Current ThreatsBy admin-sentinalJuly 15, 2021Leave a comment

By Unit 42 July 14, 2021 at 4:00 PM Category: Threat Brief, Unit 42 Tags: CVE-2021-1675, CVE-2021-34527, PrintNightmare, remote code execution, threat brief, Windows Executive Summary On July 1, 2021, Microsoft released a security advisory for a new remote code execution (RCE) vulnerability in Windows, CVE-2021-34527, referred to publicly as “PrintNightmare.” Security researchers initially believed this vulnerability to be tied to CVE-2021-1675 (Windows Print Spooler Remote…

Details

Jul92021

Conti Unpacked: Understanding Ransomware Development as a Response to Detection

Current ThreatsBy admin-sentinalJuly 9, 2021Leave a comment

CREATED 2 HOURS AGO by AlienVaultPublic TLP: WhiteSentinelOne Labs takes a look at Conti’s development over the time and how it has evolved, comparing functionality across versions. REFERENCE: https://assets.sentinelone.com/ransomware-enterprise/conti-ransomware-unpacked TAGS: conti, ransomware MALWARE FAMILY: Conti Ransomware ATT&CK IDS: T1001 – Data Obfuscation, T1471 – Data Encrypted for Impact, T1407 – Download New Code at Runtime,…

Details

Jul92021

PurpleFox botnet exploiting PrintNightmare in cryptocurrency mining campaign

Current ThreatsBy admin-sentinalJuly 9, 2021Leave a comment

CREATED 48 MINUTES AGO by AlienVaultPublic TLP: WhiteTwitter user @C0rk1_H assesses that the PurpleFox botnet has begun exploiting the PrintNightmare (CVE-2021-34527) vulnerability in a recent cryptocurrency mining campaign. REFERENCE: https://twitter.com/C0rk1_H/status/1412801973628272641TAGS: purplefox, printnightmare, cve-2021-34527MALWARE FAMILY: win.purplefox

Details

Jul82021

Patches released for exploited Windows PrintNightmare bug

Current ThreatsBy admin-sentinalJuly 8, 2021Leave a comment

  By Juha SaarinenJul 7 202111:47AM All supported Windows versions need updating. Microsoft has released updates for all supported versions of its Windows desktop and server operating systems to fix the PrintNightmare remote code execution zero day vulnerability that is currently being exploited by unnamed threat actors. PrintNightmare is rated as a critical vulnerability, with low…

Details

Jul82021

NSW Education department hit by cyber attack

Current ThreatsBy admin-sentinalJuly 8, 2021Leave a comment

By Justin HendryJul 8 20212:47PM Just days before school term resumes. The NSW Department of Education has suffered a cyber attack just days before the school term resumes and students in Greater Sydney are forced to rely on remote learning. The department said in a statement on Thursday that the attack had forced it to deactivate…

Details

Jul82021

Lazarus malware abusing Non-ActiveX Module in South Korea

Current ThreatsBy admin-sentinalJuly 8, 2021Leave a comment

  CREATED 51 MINUTES AGO by AlienVault Public  TLP:  White A malicious code sample has been detected that checks to see if the company has C programs installed. After checking the existence of C program related files before performing malicious actions, if they do not exist, no additional actions are performed. Otherwise, the final action is to download and…

Details