Security News

A wormable vulnerability in the HTTP Protocol Stack of the Windows IIS server can also be used to attack unpatched Windows 10 and Server systems publicly exposing the WinRM service. Luckily, although it can be abused by threat in remote code execution attacks, the vulnerability ONLY impacts versions 2004 and 20H2 of Windows 10 and Windows Server.

IDrive Cloud Backup has released IDrive Mirror, providing secure, cloud-based full image backups for Windows computers and server operating systems for protection against data loss and dreaded ransomware. IDrive Mirror gives individuals and small businesses the ability to backup unlimited computers and server systems into a single account, allowing for direct data backup and retrieval from the IDrive cloud without any intermediary storage device.

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark web sites operated by the gang, including its DarkSide Leaks blog, ransom collection site, and breach data content delivery network servers, have gone dark and remain inaccessible as of writing.

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft's announcement, Palo Alto Networks reveals in a new report. Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

Popular German cloud hosting and dedicated server provider Hetzner has banned cryptomining on its servers after users have been using their large storage devices to mine Chia. For those not familiar with Chia, instead of mining the cryptocurrency with specialized equipment or graphics cards, it uses a new mining system called Proof of Space and Proof of Time.

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September's gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The credit-card skimmer group is using PHP web shells to gain remote administrative access to the sites under attack to steal credit-card data, rather than using their previously favored JavaScript code, which they simply injected into vulnerable sites to log the information keyed into online checkout sites, according to Malwarebytes Labs' Threat Intelligence Team.

The DarkSide takedown sent shockwaves through other underground forums, many of which deleted all ransomware topics. That's likely a reference to "Deshirfrator," or "Decryptor" in Russian: The tools that typically are as far from free as ransomware attackers can make them.

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and CDN servers due to law enforcement action.

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and DoS servers due to law enforcement action.