Windows TCO (Security Calamities)
-
Data Breaches ☛ It took an HHS complaint, but three years later, some Ventura Orthopedic patients are finally being notified of a ransomware attack
Over the next few years, there was no real progress or resolution that DataBreaches could detect. DataBreaches would occasionally get an inquiry from HHS asking if there were any updates and if we still had all the data we had offered to HHS when we filed the complaint. Things started to move, however slowly, in an April 2023 conference call with HHS, during which their investigator asked DataBreaches if we would be willing to reach out to Ventura to offer them a copy of the data. DataBreaches firmly (and somewhat impolitely) declined, stating that DataBreaches had reached out multiple times to Ventura to no avail and their consultant had ghosted DataBreaches. If Ventura wanted help from DataBreaches, they would have to pick up the phone and ask for it.
-
Security Week ☛ Iranian Cyber Spies Use ‘LionTail’ Malware in Latest Attacks
As part of the framework, Check Point found that Scarred Manticore deploys the passive backdoor LionTail on Windows servers, to execute commands via HTTP requests and run payloads attackers send to URLs specified in the malware’s configuration.
-
Check Point Software Technologies Ltd ☛ Unraveling the Scarred Manticore Saga: A Riveting Epic of High-Stakes Espionage Unfolding in the Heart of the Middle East
The LIONTAIL framework, the latest in their arsenal, utilizes custom loaders and memory-resident shellcode payloads. Its DLL implant cleverly exploits undocumented functionalities of the HTTP.sys driver, allowing Scarred Manticore to blend malicious activities seamlessly into legitimate network traffic.