CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

CVE-2024-39708

An issue was discovered in the Agent in Delinea Privilege Manager formerly Thycotic Privilege Manager before 12.0.1096 on Windows. Sometimes, a non-administrator user can copy a crafted DLL file to a temporary directory used by .NET Shadow Copies such that privilege escalation can occur if the co...

FakeSG campaign, Akira ransomware and AMOS macOS stealer

Introduction The crimeware landscape is diverse. Cybercriminals try to capitalize on their victims in every possible way by distributing various types of malware designed for different platforms. In recent months, we have written private reports on a wide range of topics, such as new cross-platfo...

New BiBi-Windows Wiper Targets Windows Systems in Pro-Hamas Attacks

Cybersecurity researchers have warned about a Windows version of a wiper malware that was previously observed targeting Linux systems in cyber attacks aimed at Israel. Dubbed BiBi-Windows Wiper by BlackBerry, the wiper is the Windows counterpart of BiBi-Linux Wiper, which has been put to use by a...

Velociraptor 0.7.0 Release: Dig Deeper With Enhanced Client Search, Server Improvements and Expanded VQL Library

Carlos Canto contributed to this article. Rapid7 is thrilled to announce version 0.7.0 of Velociraptor is now LIVE and available for download. The focus of this release was on improving user efficiency while also expanding and strengthening the library of VQL plug-ins and artifacts. Let’s take a...

Mallox Ransomware Exploits Weak MS-SQL Servers to Breach Networks

Mallox ransomware activities in 2023 have witnessed a 174% increase when compared to the previous year, new findings from Palo Alto Networks Unit 42 reveal. "Mallox ransomware, like many other ransomware threat actors, follows the double extortion trend: stealing data before encrypting an...

Ukraine Hit with New Golang-based 'SwiftSlicer' Wiper Malware in Latest Cyber Attack

Ukraine has come under a fresh cyber onslaught from Russia that involved the deployment of a previously undocumented Golang-based data wiper dubbed SwiftSlicer. ESET attributed the attack to Sandworm, a nation-state group linked to Military Unit 74455 of the Main Intelligence Directorate of the...

New Ransomware Mimic Emerges in the Wild, Abusing Legitimate Tool for Faster Encryption

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary Mimic is a new ransomware that uses the APIs of a legitimate tool called Everything to encrypt target files and has multiple capabilities such as deleting shadow copies, terminating multiple applications...

Russian Courts Targeted by New CryWiper Data Wiper Malware Posing as Ransomware

A new data wiper malware called CryWiper has been found targeting Russian government agencies, including mayor's offices and courts. "Although it disguises itself as a ransomware and extorts money from the victim for 'decrypting' data, it does not actually encrypt, but purposefully destroys data ...

New Incident Report Reveals How Hive Ransomware Targets Organizations

A recent Hive ransomware attack carried out by an affiliate involved the exploitation of "ProxyShell" vulnerabilities in the Microsoft Exchange Server that were disclosed last year to encrypt an unnamed customer's network. "The actor managed to achieve its malicious goals and encrypt the...

Multi-Ransomwared Victims Have It Coming–Podcast

You hate to blame the victim, but the fact of the matter is that businesses are just asking to get whacked with ransomware multiple times. A recent study of IT leaders from cloud-native network detection and response firm ExtraHop shows that businesses aren’t even aware of the “attack me,” “easy...

RangnarLocker Ransomware hits Critical Infrastructure Compromising 50+ Organizations

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here The Federal Bureau of Investigation FBI has released an alert on Ragnarlocker campaign that has affected nearly 52 organizations encompassing 10 critical infrastructure sectors, including entities in significant manufacturing,...

The Chaos Ransomware Can Be Ravaging

The Qualys Research Team has observed a new version of Chaos ransomware in development. This blog reviews the malware’s updated functionality as well as its ongoing evolution. A ransomware builder called Chaos is still actively under development. The fourth version has recently been observed bein...

Veeam Best Practices regarding CVE-2021-36934

Challenge This article documents Veeam's position on Windows Elevation of Privilege Vulnerability CVE-2021-36934. Specifically regarding the listed mitigation steps involving removal of all shadow copies, and the "Impact of workaround" mentioned in the Workarounds section of CVE-2021-36934...

CVE-2021-36934

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...

CVE-2021-36934

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...

Privilege escalation

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...

Exploit for CVE-2021-36934

Invoke-HiveNightmare PowerShell-based PoC for CVE-2021-36934,...

CVE-2021-36934 Windows Elevation of Privilege

An elevation of privilege vulnerability exists because of overly permissive Access Control Lists ACLs on multiple system files, including the Security Accounts Manager SAM database. An attacker who successfully exploited this vulnerability could run arbitrary code with SYSTEM privileges. An...

Exploit for CVE-2021-36934

ShadowSteal | CVE-2021-36934 Pure Nim implementation for explo...