A critical severity vulnerability affecting the Windows Print Spooler Service, dubbed “PrintNightmare”, was treated with emergency patches by Microsoft. The vulnerability, initially believed to allow for escalation of privileges, was later discovered to also allow for remote code execution (RCE) attacks. If combined successfully, the vulnerabilities could allow for complete access to an organization’s infrastructure. Obstacles to fixing the issue were compounded by the accidental public exposure by researchers of a working proof of concept (PoC) for the exploit, which was reportedly cloned before it was removed. This event highlights the crucial role organizations such as Microsoft play in rapid remediation and the importance for researchers and defenders alike to remain diligent when developing PoCs.
Most Recent Flipbooks
Weekly Intelligence Summary 27th August
The well-established “Mozi” peer-to-peer (P2P) botnet has developed new persistence capabilities.
Weekly Intelligence Summary 20th August
A configurable, malicious Traffic Direction System (TDS) has been enabling widespread malware attacks.
Weekly Intelligence Summary 13th August
A years-long reconnaissance campaign against an employee of a US aerospace defense company was discovered and attributed to “TA456”, an Iranian state-backed advanced persistent threat (APT) group.
Weekly Intelligence Summary 6th August
The new “BlackMatter”, “Haron”, and “El_Cometa” ransomware groups, which surfaced in the past three weeks, bear significant similarities to ransomware groups that disappeared last month
Weekly Intelligence Summary 9th July
A vulnerability in Kaseya’s virtual system/server administrator (VSA) software has been exploited to deliver the “REvil” ransomware to multiple managed service providers.
Weekly Intelligence Summary 2nd July 2021
The 14th Five Year Plan (FYP) adopted by the People’s Republic of China (PRC) in March 2021 has laid out key areas of focus for the country that are likely to prompt nation-state cyber espionage.
Weekly Intelligence Summary 25 June
Several Clop members were arrested in association with money laundering, and the officials seized infrastructure the group has used in ransomware attacks globally.
Weekly Intelligence Summary 11 June
The notorious Russia-based ransomware group “REvil” (aka Sodinokibi) has been blamed for the latest high-profile ransomware attack, on the world’s largest meat supplier.
Weekly Intelligence Summary 04 June
The latest work of the notorious Russian state-associated “NOBELIUM” threat group is an email phishing campaign against multiple countries and sectors.
Weekly Intelligence Summary 28 May
US President Joe Biden recently signed an executive order (EO) aimed at strengthening network security for US federal government departments, and agencies and contractors working with them.