article thumbnail

New LockFile ransomware gang uses ProxyShell and PetitPotam exploits

Security Affairs

The three vulnerabilities used in ProxyShell attacks are: CVE-2021-34473 – Pre-auth Path Confusion leads to ACL Bypass (Patched in April by KB5001779 ) CVE-2021-34523 – Elevation of Privilege on Exchange PowerShell Backend (Patched in April by KB5001779 ) CVE-2021-31207 – Post-auth Arbitrary-File-Write leads to RCE (Patched in May by KB5003435 ).

article thumbnail

Over 500,000 people were impacted by a ransomware attack that hit Morley

Security Affairs

Business services firm Morley was hit by a ransomware attack that may have exposed data of +500,000 individuals. Business services company Morley was victim of a ransomware attack that may have resulted in a data breach impacting more than 500,000 individuals.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

TinyNuke banking malware targets French organizations

Security Affairs

The TinyNuke malware is back and now was used in attacks aimed at French users working in manufacturing, technology, construction, and business services. “After only observing a handful of TinyNuke campaigns in 2019 and 2020, Proofpoint observed TinyNuke reappear in January 2021 in one campaign distributing around 2,000 emails.

article thumbnail

LockFile Ransomware uses a new intermittent encryption technique

Security Affairs

.” Sophos experts spotted the new technique while analyzing a LockFile sample (SHA-256 hash: bf315c9c064b887ee3276e1342d43637d8c0e067260946db45942f39b970d7ce) that was uploaded to VirusTotal on August 22, 2021. The HTA ransom note used by LockFile closely resembles the one used by LockBit 2.0

article thumbnail

Balikbayan Foxes group spoofs Philippine gov to spread RATs

Security Affairs

The group focuses on Shipping/Logistics, Manufacturing, Business Services, Pharmaceutical, and Energy entities, among others. The threat actors restarted their activity in September 2021, they used phishing messages masqueraded as the Philippines Bureau of Customs CPRS and contained links to a credential harvesting page. .

article thumbnail

Telco service provider giant Syniverse had unauthorized access since 2016

Security Affairs

Syniverse service provider discloses a security breach, threat actors have had access to its databases since 2016 and gained some customers’ credentials. Syniverse is a global company that provides technology and business services for a number of telecommunications companies as well as a variety of other multinational enterprises.

Access 308
article thumbnail

New Leak Shows Business Side of China’s APT Menace

Krebs on Security

In 2021, the Sichuan provincial government named i-SOON as one of “the top 30 information security companies.” i-SOON’s “business services” webpage states that the company’s offerings include public security, anti-fraud, blockchain forensics, enterprise security solutions, and training.