Pending new SEC rules reinforce how integral cybersecurity is to modern business operations, and will help close the gap between security teams and those making policy decisions.
Related Posts
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
Critical RCE bug in 92,000 D-Link NAS devices now exploited in attacks
Attackers are now actively targeting over 92,000 end-of-life D-Link Network Attached Storage (NAS) devices exposed online and unpatched against a critical remote code execution (RCE) zero-day flaw. […] Read More
BleepingComputer
GhostSec & Stormous Operators Launched Twin Ransomware Attacks
GhostSec & Stormous Operators Launched Twin Ransomware Attacks
[[{“value”:”
A hacking group has evolved with a new ransomware variant known as GhostLocker 2.0.
This group, in collaboration with the Stormous ransomware operators, has initiated double extortion ransomware attacks targeting various businesses globally.
The joint efforts of GhostSec and Stormous have led to the creation of a new ransomware-as-a-service program named STMX_GhostLocker, offering diverse options for their affiliates.
The collaborative operation affected victims across various business verticals, according to disclosures made by the groups in their Telegram channels.(Source: Cisco Talos)
Global Impact of Ransomware Attacks
The victimology of these attacks spans across multiple countries, including Cuba, Argentina, Poland, China, and many others.
Document
Integrate ANY.RUN in your company for Effective Malware Analysis
Are you from SOC and DFIR teams? – Join With 400,000 independent Researchers
Malware analysis can be fast and simple. Just let us show you the way to:
Interact with malware safely
Set up virtual machine in Linux and all Windows OS versions
Work in a team
Get detailed reports with maximum data
If you want to test all these features now with completely free access to the sandbox: ..
These cybercriminal activities have affected victims in different business sectors, as disclosed by the groups in their Telegram channels.
Talos’ observation in GhostSec’s Telegram channels highlighted the group’s continued attacks on Israel’s Industrial systems, critical infrastructure, and technology companies.(Source: Cisco Talos)
Notably, GhostSec has been actively targeting Israel’s industrial systems and critical infrastructure, with reported attacks on organizations like the Ministry of Defense in Israel.
Using the GhostLocker and StormousX ransomware malware, Talos discovered that the GhostSec and Stormous gangs were collaborating on several double extortion assaults.
Evolution of GhostLocker Ransomware
GhostSec introduced an upgraded version of their ransomware called GhostLocker 2.0, showcasing continuous development efforts with plans for further iterations like GhostLocker V3.
Stmx_GhostLocker member affiliate working model.
The ransom note strategy has evolved to include instructions for victims to secure their encryption ID and engage in negotiations within a specified timeframe to prevent data disclosure.
The ransomware’s capabilities include encryption of files with a “.ghost” extension and communication with a Command and Control (C2) server located in Moscow.
Tools and Techniques Employed
In addition to ransomware attacks, GhostSec has been utilizing tools like the “GhostSec Deep Scan tool” and “GhostPresser” to compromise websites. The Deep Scan toolset enables comprehensive scanning of websites for vulnerabilities and technologies used, while GhostPresser focuses on exploiting WordPress sites through XSS attacks.
These tools demonstrate the group’s sophistication in cyber operations and continuous enhancement of their capabilities.
Stormous and GhostSec have jointly launched the STMX_GhostLocker program on the TOR network, providing services for affiliates to join and disclose victim data.
The program offers different categories of services for affiliates, including paid options and features for individuals looking to sell or publish data. The blog dashboard showcases victim counts and disclosed information, with reported ransom amounts reaching up to USD 500,000.
Cybersecurity Measures
The key solutions to prevent malware execution, block malicious websites and emails, detect malicious activity associated with threats like GhostLocker 2.0, and provide multi-factor authentication for network security.
Cisco Secure Endpoint (formerly AMP for Endpoints) is ideally suited to prevent the execution of the malware
This collaborative effort between GhostSec and Stormous in launching twin ransomware attacks underscores the evolving landscape of cyber threats targeting businesses worldwide.
The use of advanced tools and techniques highlights the need for robust cybersecurity measures to combat such malicious activities effectively.
You can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits, with Perimeter81 malware protection. All are incredibly harmful, can wreak havoc, and damage your network.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post GhostSec & Stormous Operators Launched Twin Ransomware Attacks appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Microsoft Audio Bus Vulnerability Let Attackers Execute Remote Code
Microsoft Audio Bus Vulnerability Let Attackers Execute Remote Code
Cisco Talos’ Vulnerability Research team revealed two significant vulnerabilities in Microsoft products that have been patched by the company over the past two Patch Tuesdays.
These vulnerabilities highlight the importance of timely security updates and the potential risks associated with unpatched systems.
Microsoft High-Definition Audio Bus Driver Denial-of-Service Vulnerability
Discovered by Marcin “Icewall” Noga, CVE-2024-45383 is a vulnerability in the Microsoft HD Audio Bus Driver that could allow an attacker to cause a denial of service.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Free Registration
This driver is crucial for the Windows operating system to communicate with external audio devices, including those integrated into motherboards or connected via HD audio interfaces.
The vulnerability arises from the mishandling of IRP (I/O Request Packet) requests in the driver’s interface.
An attacker can exploit this by sending multiple IRP Complete requests to the driver, leading to a denial of service and forcing the operating system into the “Blue Screen of Death”.
Stale Memory Dereference In Microsoft Pragmatic General Multicast Server
A Cisco Talos researcher discovered a memory corruption vulnerability in the Pragmatic General Multicast server in the Microsoft Windows 10 Kernel.
This vulnerability, CVE-2024-38140, can be triggered by a specially crafted network packet that accesses stale memory structures, resulting in memory corruption.
An attacker can exploit this vulnerability by sending a sequence of malicious packets.
Although Talos independently discovered this issue and reported it to Microsoft, the company had already identified the problem internally prior to the patch release earlier this year.
These vulnerabilities underscore the importance of regular security updates and the potential risks associated with unpatched systems.
Users are advised to ensure their systems are up to date with the latest patches to prevent exploitation of these vulnerabilities.
The swift disclosure and patching of these vulnerabilities demonstrate the collaborative efforts between security researchers and vendors to protect users from potential threats.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try It for Free
The post Microsoft Audio Bus Vulnerability Let Attackers Execute Remote Code appeared first on Cyber Security News.