0

Executive Summary A suspected zero-day exploit was used to deliver REvil ransomware to thousands of corporate endpoints. Attackers targeted Kaseya VSA servers commonly used by Managed Security Service Providers and IT management firms in order to reach the breadth of their respective customers. The attackers abused a variety of benign components, such as certutil.exe, Microsoft […]

Read More »

This week, REvil ransomware operators exploited a bug in Kaseya VSA software and then requested a lump sum of $50 million for a universal decryption key for all victims of the Kaseya attack. To put that in context, last year, all ransomware extortion payments were calculated at $350 million in cryptocurrency. Insurance carriers are paying […]

Read More »

To respond effectively to an incident, it is essential to understand the big picture: how, when, and why an incident occurred. This is critical because the moment you begin containing a threat, it may set off alarm bells for adversaries, triggering them to accelerate an attack or stealthily change techniques. Responding to a threat without […]

Read More »

Executive Summary A remote code execution vulnerability is being dubbed ‘PrintNightmare’ (CVE-2021-34527 and CVE-2021-1675). The vulnerabilities are present in the Windows Spooler Service present on all Windows versions. Microsoft has released two patches to address these vulnerabilities (an Out-of_Band update on July 1 as well as the July 13th monthly update). Exploit code is readily […]

Read More »

Reddit, the centralized community platform founded in 2005, is a massive social media platform, ranked as the 18th-most-visited website in the world and 7th most-visited website in the U.S. The site enjoys 52 million daily active users, and like most other areas of special interest, the cybersecurity community has taken the platform to heart. There […]

Read More »

The Good A transatlantic cybercrime operation was busted last week by Spanish Guardia Civil. Sixteen suspects in eight different locations throughout Spain were arrested on charges of laundering funds stolen through banking trojans made by Brazilian cybercrime groups. These groups developed and rented the banking trojans known as Mekotio and Grandoreiro, very capable pieces of […]

Read More »

Extended Detection and Response (XDR) has become a prominent topic amongst security vendors and analysts in recent months. The promise of improved threat detections across a broader range of interconnected hardware and software solutions feels a lot like the early days of SIEM as it expanded beyond simple log management capabilities. Like with most legacy […]

Read More »

A guest post by Kyle Pagelow from Tetra Defense In this post, we describe how our Incident Response team discovered and thwarted a threat actor stealing credit card data by exploiting a zero day RCE (remote code execution) vulnerability in NCR’s Aloha Point of Sale software, widely used in the catering and restaurant industries. Our […]

Read More »

Threat actors have come to recognize the reality that today’s organizations operate fleets of devices encompassing all the major OS vendors – Apple, Microsoft, Google and many flavors of Linux – and are adapting accordingly. Threats that can be compiled on one platform but produce executables targeting many are a productivity boon to criminals, who […]

Read More »

Microsoft Assigns CVE to PrintNightmare but No CVSS Score The zero-day vulnerability known as PrintNightmare now has an official CVE listing, but Microsoft is still investigating the severity of the bug. The public disclosure of the flaw came about in a comedy of errors this week. A Chinese research team at QiAnXin announced exploit code for a similar remote […]

Read More »