BlackMatter & Haron: Evil Ransomware Newborns or Rebirths
They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling.
Web Security
Reboot of PunkSpider Tool at DEF CON Stirs Debate
Researchers plan to introduce a revamp of PunkSpider, which helps identify flaws in websites so companies can make their back-end systems more secure, at DEF CON.
Podcast: Why Securing Active Directory Is a Nightmare
Researchers preview work to be presented at Black Hat on how AD “misconfiguration debt” lays out a dizzying array of attack paths, such as in PetitPotam.
No More Ransom Saves Victims Nearly €1 Over 5 Years
No More Ransom is collecting decryptors so ransomware victims don’t have to pay to get their data back and attackers don’t get rich.
Zimbra Server Bugs Could Lead to Email Plundering
Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email.
Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
The unpatched flaws include RCE and authenticated privilege escalation on the client-side: Just the latest woe for the ransomware-walloped MSP.
Podcast: IoT Piranhas Are Swarming Industrial Controls
Enormous botnets of IoT devices are going after decades-old legacy systems that are rife in systems that control crucial infrastructure.
Babuk Ransomware Gang Ransomed, New Forum Stuffed With Porn
A comment spammer flooded Babuk’s new ransomware forum with gay orgy porn GIFs and demanded $5K in bitcoin.
Malware Makers Using ‘Exotic’ Programming Languages
Sprechen Sie Rust? Polyglot malware authors are increasingly using obscure programming languages to evade detection.
Discord CDN and API Abuses Drive Wave of Malware Detections
Targets of Discord malware expand far beyond gamers.