ESET Research<p><a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESETresearch</span></a> discovered previously unknown links between the <a href="https://infosec.exchange/tags/RansomHub" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RansomHub</span></a>, <a href="https://infosec.exchange/tags/Medusa" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Medusa</span></a>, <a href="https://infosec.exchange/tags/BianLian" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BianLian</span></a>, and <a href="https://infosec.exchange/tags/Play" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Play</span></a> ransomware gangs, and leveraged <a href="https://infosec.exchange/tags/EDRKillShifter" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>EDRKillShifter</span></a> to learn more about RansomHub’s affiliates. @SCrow357 <a href="https://www.welivesecurity.com/en/eset-research/shifting-sands-ransomhub-edrkillshifter/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">welivesecurity.com/en/eset-res</span><span class="invisible">earch/shifting-sands-ransomhub-edrkillshifter/</span></a> <br>RansomHub emerged in February 2024 and in just three months reached the top of the ransomware ladder, recruiting affiliates from disrupted <a href="https://infosec.exchange/tags/LockBit" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LockBit</span></a> and <a href="https://infosec.exchange/tags/BlackCat" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>BlackCat</span></a>. Since then, it dominated the ransomware world, showing similar growth as LockBit once did. <br>Previously linked to North Korea-aligned group <a href="https://infosec.exchange/tags/Andariel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Andariel</span></a>, Play strictly denies operating as <a href="https://infosec.exchange/tags/RaaS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RaaS</span></a>. We found its members utilized RansomHub’s EDR killer EDRKillShifter, multiple times during their intrusions, meaning some members likely became RansomHub affiliates. <br>BianLian focuses on extortion-only attacks and does not publicly recruit new affiliates. Its access to EDRKillShifter suggests a similar approach as Play – having trusted members, who are not limited to working only with them.<br>Medusa, same as RansomHub, is a typical RaaS gang, actively recruiting new affiliates. Since it is common knowledge that affiliates of such RaaS groups often work for multiple operators, this connection is to be expected. <br>Our blogpost also emphasizes the growing threat of EDR killers. We observed an increase in the number of such tools, while the set of abused drivers remains quite small. Gangs such as RansomHub and <a href="https://infosec.exchange/tags/Embargo" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Embargo</span></a> offer their killers as part of the affiliate program.<br>IoCs available on our GitHub: <a href="https://github.com/eset/malware-ioc/tree/master/ransomhub" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">github.com/eset/malware-ioc/tr</span><span class="invisible">ee/master/ransomhub</span></a></p>
Viimatised otsingud
Pole viimatisi otsinguid
Otsimisvalikud
Saadaval vaid kui sisse logitud.
est.social on üks paljudest sõltumatutest Mastodoni serveritest, mida saab fediversumis osalemiseks kasutada.
est.social on mõeldud Eestis üldkasutatavaks Mastodoni serveriks.
est.social is meant to be a general use Mastodon server for Estonia.
Administraator:
Serveri statistika:
90aktiivsed kasutajad
est.social: Teave · Profiilikataloog · Isikuandmete kaitse
Mastodon: Teave · Tõmba äpp · Kiirklahvid · Lähtekood · v4.3.6+est
#ESETresearch
0 postitusega · 0 osalejaga · 0 postitust täna
ESET Research<p><a href="https://infosec.exchange/tags/ESETresearch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ESETresearch</span></a> has discovered a zero day exploit abusing <a href="https://infosec.exchange/tags/CVE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CVE</span></a>-2025-24983 vulnerability in the Windows kernel 🪟 to elevate privileges (<a href="https://infosec.exchange/tags/LPE" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>LPE</span></a>). First seen in the wild in March 2023, the exploit was deployed through <a href="https://infosec.exchange/tags/PipeMagic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>PipeMagic</span></a> backdoor on the compromised machines.</p><p>The exploit targets Windows 8.1 and Server 2012 R2. The vulnerability affects OSes released before Windows 10 build 1809, including still supported Windows Server 2016. It does not affect more recent Windows OSes such as Windows 11.</p><p>The vulnerability is a use after free in Win32k driver. In a certain scenario achieved using the <a href="https://infosec.exchange/tags/WaitForInputIdle" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>WaitForInputIdle</span></a> API, the <a href="https://infosec.exchange/tags/W32PROCESS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>W32PROCESS</span></a> structure gets dereferenced one more time than it should, causing UAF. To reach the vulnerability, a race condition must be won.</p><p>The patches were released today. Microsoft advisory with security update details is available here: <br><a href="https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-24983" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">msrc.microsoft.com/update-guid</span><span class="invisible">e/vulnerability/CVE-2025-24983</span></a></p>
AvastaLaiv lõimed
Mastodon on parim viis olemaks kursis sellega, mis toimub.
Jälgi ükskõik keda kogu fediversumist ja näe kõike ajalises järjestuses. Ei mingeid algoritme, reklaame või klikipüüdjaid segamas.
Loo kontoLogi sisseLohista & aseta üleslaadimiseks