Windows “PetitPotam” network attack – how to protect against it

by Paul Ducklin French researcher Gilles Lionel, who goes by @topotam77, recently published proof-of-concept code that attackers could use to take over a Windows network. The hack, which he has dubbed PetitPotam (which is a nod to the endangered Pygmy Hippopotamus, as far as we can tell), involves what’s known as an NTLM relay attack, […]

To Pay or Not to Pay?

By: Greg Hayman, Kaleb Brown, and David Watson Computer Networks for Businesses continue to be under fire. They’re being attacked by old and new Cyber Threats. The question is whether you should protect your network against Cyber Attacks or just deal with it WHEN it happens. Just this week, Our IT Department met with the […]

Kaseya patches VSA vulnerabilities used in REvil ransomware attack

By Lawrence Abrams Kaseya has released a security update for the VSA zero-day vulnerabilities used by the REvil ransomware gang to attack MSPs and their customers. Kaseya VSA is a remote management and monitoring solution commonly used by managed service providers to support their customers. MSPs can deploy VSA on-premise using their servers or utilize […]

Microsoft’s incomplete PrintNightmare patch fails to fix vulnerability

By Lawrence Abrams Researchers have bypassed Microsoft’s emergency patch for the PrintNightmare vulnerability to achieve remote code execution and local privilege escalation with the official fix installed. Last night, Microsoft released an out-of-band KB5004945 security update that was supposed to fix the PrintNightmare vulnerability that researchers disclosed by accident last month. After the update was released, […]

Ransomware: What REALLY happens if you pay the crooks?

By: Paul Ducklin Governments and law enforcement hate it when ransomware victims pay the blackmail demands that almost always follow a ransomware attack, and you can understand why, given that today’s payments fund tomorrow’s cybercriminality. Of course, no one needs to be told that. Paying up hurts in any number of ways, whether you feel […]

Cisco ASA vulnerability actively exploited after exploit released

By Lawrence Abrams This vulnerability can allow an unauthenticated threat actor to send targeted phishing emails or malicious links to a user of a Cisco ASA device to execute JavaScript commands in the user’s browser. “A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or allow […]

Carnival Cruise Ship hit with Cyberattack

by Lisa Vaas This is the fourth time in a bit over a year that Carnival’s admitted to breaches, with two of them being ransomware attacks. Carnival Corp., the world’s largest cruise-ship operator, has sprung another leak: For the second time in a year, attackers have breached email accounts and accessed personal, financial and health […]

Last Week in Ransomware – June 11th 2021 – Under Pressure

By Lawrence Abrams It has been quite the week when it comes to ransomware, with ransoms being paid, ransoms being taken back, and a ransomware gang shutting down. This week’s biggest news was the FBI announcing that they were able to recover the majority of the $4.4 million ransom payment paid by Colonial Pipeline. It is not […]

US recovers most of Colonial Pipeline’s $4.4M ransomware payment

By Lawrence Abrams The US Department of Justice has recovered the majority of the $4.4 million ransom payment paid by Colonial Pipeline to the DarkSide ransomware operation. On May 7th, Colonial Pipeline suffered a DarkSide ransomware attack that forced them to shut down their fuel pipeline operation. This shutdown led to temporary gas shortages on the east […]