At a glance.
- Double-tapping ransomware.
- Exim mail servers exposed to attack.
- Iran's OilRig deploys Menorah malware against Saudi targets.
- North Korea's Lazarus Group targets Spanish aerospace firm.
- Cybersecurity Awareness Month begins this week.
- LostTrust ransomware is a rebrand of MetaEncryptor.
- Increased surveillance in Russia.
- Killnet claims Royal family DDoS.
- A US Federal Government shutdown averted.
The US Federal Bureau of Investigation (FBI) has issued a Private Industry Notification outlining emerging trends in ransomware attacks, including “multiple ransomware attacks on the same victim in close date proximity and new data destruction tactics in ransomware attacks.” The Bureau notes, “This use of dual ransomware variants resulted in a combination of data encryption, exfiltration, and financial losses from ransom payments. Second ransomware attacks against an already compromised system could significantly harm victim entities.” Ransomware variants involved in these attacks include AvosLocker, Diamond, Hive, Karakurt, LockBit, Quantum, and Royal.
Exim mail servers exposed to attack.
BleepingComputer reports that millions of Exim mail servers are exposed to a zero-day flaw that can allow an unauthenticated attacker to perform remote code execution. According to Trend Micro’s Zero Day Initiative (ZDI), “The specific flaw exists within the smtp service, which listens on TCP port 25 by default. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of a buffer. An attacker can leverage this vulnerability to execute code in the context of the service account.” ZDI notes, “Given the nature of the vulnerability, the only salient mitigation strategy is to restrict interaction with the application.”
BleepingComputer says that more than 3.5 million Exim servers are currently exposed to the Internet.