Zero-day payload found in Lazarus social-engineering campaign. Ransomware in Electronuclear admin systems. Russo-US relations.
In an update to the Lazarus Group’s social engineering campaign against vulnerability researchers, BleepingComputer reports that security firm ENKI has found MHTML files that Lazarus used to carry an Internet Explorer zero day as a payload.
Brazil’s Electrobras, according to Reuters, has disclosed that its nuclear power subsidiary Electonuclear has sustained a ransomware attack. The incident is said to have affected only business systems; control systems were unaffected.
Kryptos Logic says it’s found that TrickBot is deploying a new reconnaissance module,”Masrv,” which uses the Masscan open-source tool, “an unreferenced Anchor C2 communication function and a list of hardcoded IPs which have previously been associated with Anchor and Bazar.”
Barracuda Networks yesterday released a report on automated attacks on web applications, a problem the security firm sees as a growing one.
The version of Chrome Google released yesterday includes a fix for a vulnerability being actively exploited in the wild, ZDNet reports. In other patching news, SolarWinds has, according to CyberScoop, released fixes for the two vulnerabilities Trustwave reported this week. SolarWinds advises users to apply the patches quickly.
Both Emsisoft and StormShield have disclosed data breaches.
Bravo, Bitdefender, who’ve released a decryptor for Fonix ransomware. The gang is thought to have shuttered its operation late last month, but there may still be recovering victims out there.
The US Secretary of State and his Russian counterpart talked yesterday. Secretary Blinken told them inter alia to knock off stuff like the SolarWinds mischief; Foreign Minister Lavrov probably said they didn’t do nuthin’.
Gloss