Proprietary Holes and Windows TCO
-
Silicon Angle ☛ LockBit malware group still at large, now using Citrix Bleed tactics
The malware group behind the LockBit ransomware attacks has gotten even more sophisticated. Australian cybersecurity officials, the FBI and the Cybersecurity and Infrastructure Security Agency on Tuesday jointly released a security advisory on how the group is exploiting the CitrixBleed vulnerability.
-
Hacker News ☛ LockBit Ransomware Exploiting Critical Citrix Bleed Vulnerability to Break In
Multiple threat actors, including LockBit ransomware affiliates, are actively exploiting a recently disclosed critical security flaw in Citrix NetScaler application delivery control (ADC) and Gateway appliances to obtain initial access to target environments.
-
Silicon Angle ☛ Researchers find vulnerabilities in major laptop makers’ backdoored Windows Hello implementations
Researchers have discovered vulnerabilities in several laptop makers’ implementations of backdoored Windows Hello, the biometric login feature built into Windows. The researchers, who work at cybersecurity company Blackwing Intelligence, detailed their findings in a Tuesday blog post.
-
Silicon Angle ☛ CyberLink targeted in supply chain attack by infamous Lazarus hacking group [Ed: Microsoft is masquerading as security whilst adding back doors to its own things]
Researchers at Abusive Monopolist Microsoft Threat Intelligence have revealed details of a supply chain attack by a North Korean-based threat actor using a malicious variant of an application developed by CyberLink Corp., a Taiwanese software company that develops multimedia software products.
-
Trail Of Bits ☛ ETW internals for security research and forensics
Why has Event Tracing for backdoored Windows (ETW) become so pivotal for endpoint detection and response (EDR) solutions in backdoored Windows 10 and 11?
-
Security Week ☛ 185,000 Individuals Impacted by MOVEit Hack at Car Parts Giant AutoZone
Car parts giant AutoZone says nearly 185,000 individuals were impacted by a data breach caused by the MOVEit hack.
-
Security Week ☛ Kansas Officials Blame 5-Week Disruption of Court System on ‘Sophisticated Foreign Cyberattack’
Cybercriminals hacked into the Kansas court system, stole sensitive data and threatened to post it on the dark web in a ransomware attack that has hobbled access to records.
-
Security Week ☛ Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability
Administrators are urged to patch the recent CitrixBleed NetScaler vulnerability as LockBit starts exploiting it.
-
USB Worm Unleashed By Russian State Hackers Spreads Worldwide
A group of Russian-state hackers known for almost exclusively targeting Ukranian entities has branched out in recent months either accidentally or purposely by allowing USB-based espionage malware to infect a variety of organizations in other countries. The group -- known by many names, including Gamaredon, Primitive Bear, ACTINIUM, Armageddon, and Shuckworm -- has been active since at least 2014 and has been attributed to Russia's Federal Security Service by the Security Service of Ukraine. Most Kremlin-backed groups take pains to fly under the radar; Gamaredon doesn't care to. Its espionage-motivated campaigns targeting large numbers of Ukrainian organizations are easy to detect and tie back to the Russian government. The campaigns typically revolve around malware that aims to obtain as much information from targets as possible.