article thumbnail

Microsoft Patches ‘Wormable’ Flaw in Windows XP, 7 and Windows 2003

Krebs on Security

Microsoft today is taking the unusual step of releasing security updates for unsupported but still widely-used Windows operating systems like XP and Windows 2003 , citing the discovery of a “wormable” flaw that the company says could be used to fuel a fast-moving malware threat like the WannaCry ransomware attacks of 2017.

Malware 266
article thumbnail

Report: No ‘Eternal Blue’ Exploit Found in Baltimore City Ransomware

Krebs on Security

have been held hostage by a ransomware strain known as “ Robbinhood.” On May 25, The New York Times cited unnamed security experts briefed on the attack who blamed the ransomware’s spread on the Eternal Blue exploit, which was linked to the global WannaCry ransomware outbreak in May 2017.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

Evolution and rise of the Avaddon Ransomware-as-a-Service

Security Affairs

The Avaddon ransomware operators updated their malware after security researchers released a public decryptor in February 2021. The Avaddon ransomware family first appeared in the threat landscape in February 2020, and its authors started offering it with a Ransomware-as-a-Service (RaaS) model in June, 2020.

article thumbnail

Nokoyawa ransomware attacks with Windows zero-day

SecureList

While the majority of zero-days that we’ve discovered in the past were used by APTs, this particular zero-day was used by a sophisticated cybercrime group that carries out ransomware attacks. Using the CVE-2023-28252 zero-day, this group attempted to deploy the Nokoyawa ransomware as a final payload. com qooqle[.]top top vsexec[.]com

article thumbnail

Windows CLFS and five exploits used by ransomware operators

SecureList

In April 2023, we published a blog post about a zero-day exploit we discovered in ransomware attacks that was patched as CVE-2023-28252 after we promptly reported it to Microsoft. The next five parts will cover the actual root causes and exploitation of five vulnerabilities that were used in ransomware attacks throughout the year.

article thumbnail

Lockbit Ransomware targets England Merseyrail

CyberSecurity Insiders

Highly placed sources say that the attack could have been launched by Lockbit ransomware gang that might have entered the computer network through a compromised email. Serco and Abellio in a joint venture are operating Merseyrail and were handed over the contract of 25 years in 2003 that expires in 2028.

article thumbnail

Russia Sends Cybersecurity CEO to Jail for 14 Years

Krebs on Security

In 2003, Sachkov founded Group-IB , a cybersecurity and digital forensics company that quickly earned a reputation for exposing and disrupting large-scale cybercrime operations, including quite a few that were based in Russia and stealing from Russian companies and citizens. Ilya Sachkov. Image: Group-IB.com. election.