Windows TCO Leftovers
-
[Repeat] Tom's Hardware ☛ 'ShrinkLocker' ransomware uses BitLocker against you — encryption-craving malware has already been used against governments
ShrinkLocker uses VBScript, an old Windows programming script set to deprecate starting with Windows 11 24H2, to identify the specific Windows OS used by the host PC. A malicious script then runs through BitLocker setup specific to the operating system, and enables BitLocker accordingly on any PC running Vista or Windows Server 2008 or newer. If the OS is too old, ShrinkLocker deletes itself without a trace.
-
The Register UK ☛ Mystery criminals backdoor courtroom recording software
Mitigating the threat, tracked as CVE-2024-4978 (8.7), is a little more technical than simply upgrading to a secured version. Given that the backdoor allowed attackers full access to infected systems, and as a result could have established persistence, Rapid7 analysts say a full re-imaging job is required.
-
Cyble Inc ☛ Courtroom Recording Platform Abused To Deliver Backdoor Implant - The Cyber Express
Based on the open-source intelligence, Rapid7 determined that the binary fffmpeg.exe is associated with the GateDoor and Rustdoor malware family. These malwares perform malicious actions such as collecting information, downloading additional files, and executing commands.
-
Cyble Inc ☛ Association Of California School Administrators Confirms Attack
An unknown ransomware actor has compromised the personally identifiable data of more than 50,000 Californian school administrators, their association told Maine’s Attorney General in a breach notice.
The Association of California School Administrators (ACSA), the largest association for school leaders in the United States, said it spotted the data breach in September 2023, when an unauthorized actor accessed and potentially exfiltrated sensitive data.
-
[Repeat] Security Week ☛ JAVS Courtroom Audio-Visual Software Installer Serves Backdoor
The cybersecurity firm recommends that users update to JAVS Viewer version 8.3.8, which no longer contains the malicious code.
Rapid7 also underlines that users need to re-imagine their computers to ensure that the backdoor has been removed, as simply updating the Viewer does not clean the system, and to reset the credentials for all accounts they were logged into on the infected machines.