AstraLocker Ransomware Operators Publish File Decryption Tools

AstraLocker ransomware operators have announced that the malware is ending its work and have uploaded data decryption tools to VirusTotal. The hackers say that they do not plan to return to ransomware in the future, but intend to switch to cryptojacking. The Bleeping Computer reports that it has already studied the archive published by the… Continue reading AstraLocker Ransomware Operators Publish File Decryption Tools

0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years

Google Project Zero researcher Maddie Stone published a study on 0-day vulnerabilities in 2022 on GitHub called “0-day In-the-Wild Exploitation in 2022…so far”. According to Stone, 9 of the 18 exploited zero-day vulnerabilities are variants of previously patched vulnerabilities. In many cases, the attacks were not sophisticated, and the attacker could have exploited the vulnerability… Continue reading 0-Day Vulnerabilities of 2022 Repeat the Mistakes of Past Years

MITER experts have published a list of the 25 most dangerous problems of 2022

MITER experts have published a list of the 25 most common and dangerous problems of 2022. Such bugs can potentially expose systems to attack, allow attackers to take control of vulnerable devices, access sensitive information, or cause a denial of service. By the way, we also love all sorts of lists and tops, for example:… Continue reading MITER experts have published a list of the 25 most dangerous problems of 2022

ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers

Lumen Black Lotus Labs has discovered a new Remote Access Trojan (RAT) called ZuoRAT, attacking remote workers’ routers in North America and Europe since 2020. The malware appeared in the first months of the COVID-19 pandemic but remained unnoticed for more than two years. The researchers write that the complexity of this targeted campaign, as… Continue reading ZuoRAT Trojan Hacks Asus, Cisco, DrayTek and NETGEAR Routers

Hackers Launched LockBit 3.0 and Bug Bounty Ransomware

The LockBit ransomware group released the LockBit 3.0 malware, at the same time introduced its own bug bounty ransomware program, and also announced that it would accept ransoms in the Zcash cryptocurrency. Bleeping Computer recalls that LockBit appeared in 2019 and has since become one of the most active threats, accounting for about 40% of… Continue reading Hackers Launched LockBit 3.0 and Bug Bounty Ransomware

Phishers Can Bypass Multi-Factor Authentication with Microsoft Edge WebView2

An information security expert known as mr.d0x has developed a new attack technique that abuses Microsoft Edge WebView2 applications to steal authentication cookies. In theory, this allows bypassing multi-factor authentication when logging into stolen accounts. Read also: 10 Ways To Recognize and Avoid Phishing Scams. The new attack technique is called WebView2-Cookie-Stealer and consists of… Continue reading Phishers Can Bypass Multi-Factor Authentication with Microsoft Edge WebView2

Chinese Hackers Use Ransomware As a Cover for Espionage

Secureworks experts have found that Chinese hackers from two groups that specialize in espionage and theft of intellectual property from Japanese and Western companies use ransomware to hide their actions. Let me remind you that we also wrote that Chinese Hacker Group Revealed after a Decade of Undetected Espionage, and also that Chinese Hackers Attack… Continue reading Chinese Hackers Use Ransomware As a Cover for Espionage

Microsoft Accuses Russia of Cyberattacks against Ukraine’s Allies

In the latest report on global information security, Microsoft accuses Russia of massive cyberattacks in connection with the war in Ukraine. It states that Russian hackers have carried out numerous cyber-espionage operations against Ukraine’s allied countries since the start of Russia’s full-scale invasion of Ukraine. Let me remind you that we reported that Hacker groups… Continue reading Microsoft Accuses Russia of Cyberattacks against Ukraine’s Allies

Russian Hackers Use Follina Vulnerability to Attack Users in Ukraine

The Ukraine Computer Emergency Response Team (CERT-UA) said Russian hackers are exploiting the Follina vulnerability in new phishing campaigns to install CredoMap malware and Cobalt Strike beacons. According to experts, the APT28 hacker group (Strontium, Fancy Bear and Sofacy) sends out emails with a malicious document called “Nuclear Terrorism Is a Real Threat.rtf”. The hackers… Continue reading Russian Hackers Use Follina Vulnerability to Attack Users in Ukraine

New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains

The recently published DFSCoerce PoC exploit uses the MS-DFSNM file system to take over Windows domains. This exploit is conceptually similar to the sensational PetitPotam attack. Let me remind you that we recently talked about how LockFile ransomware adopts ProxyShell and PetitPotam vulnerabilities. Filip Dragovich published a PoC script called “DFSCoerce” to attack an NTLM… Continue reading New DFSCoerce PoC Exploit Allows Attackers to Take Over Windows Domains