Cyble has found communications from LockBit in which the gang claims to have taken more than six terabytes of data from Accenture, and in which they demand $50 million in ransom. LockBit also claims they obtained access from a rogue insider who's still employed by the company. While Cyble notes that LockBit has been advertising for corrupt insiders willing to betray their organizations' trust, the firm thinks that in this case the gang's claims are unlikely to be true.
Lumen's Black Lotus Labs report that the remote access Trojan ReverseRat has turned up in an evolved version being used actively against government and energy sector targets in South Asia. ReverseRat is generally believed to be operated by a threat actor in Pakistan interested in closely tracking events in Afghanistan.
Trend Micro reports it's seen attempts to exploit two vulnerabilities in the company's Apex One security products.
The PrintNightmare Windows vulnerability is proving surprisingly resistant to the fixes that have been applied. Microsoft released a warning at midweek, after addressing the vulnerability in this month's patches, that it remained possible for an attacker to exploit PrintNightmare to gain system-level privileges. To mitigate the risk, users should stop and disable the Print Spooler service.
The Record reports that the gang formerly known as SynAck has released decryption keys for ransomware it used between July 2017 and the early part of this year. SynAck has rebranded as E_Cometa and is retiring its old code to make a fresh run at the ransomware-as-a-service market.