Zero-day payload found in Lazarus social-engineering campaign. Ransomware in Electronuclear admin systems. Russo-US relations. – The CyberWire

In an update to the Lazarus Group’s campaign against researchers, BleepingComputer reports that firm ENKI has found MHTML files that Lazarus used to carry an Explorer as a payload.

Brazil’s Electrobras, according to Reuters, has disclosed that its nuclear power subsidiary Electonuclear has sustained a ransomware . The is said to have affected only systems; control systems were unaffected.

Kryptos Logic says it’s found that TrickBot is deploying a new reconnaissance module,”Masrv,” which uses the Masscan open-source tool, “an unreferenced Anchor C2 communication function and a list of hardcoded IPs which have previously been associated with Anchor and Bazar.”

Barracuda Networks yesterday released a report on automated attacks on applications, a problem the security firm sees as a growing one.

The version of Chrome Google released yesterday includes a fix for a vulnerability being actively exploited in the wild, ZDNet reports. In other patching news, SolarWinds has, according to CyberScoop, released fixes for the two vulnerabilities Trustwave reported this week. SolarWinds advises users to apply the patches quickly.

Both Emsisoft and StormShield have disclosed breaches.

Bravo, Bitdefender, who’ve released a decryptor for Fonix ransomware. The gang is thought to have shuttered its operation late last month, but there may still be recovering victims out there.

The US Secretary of State and his Russian counterpart talked yesterday. Secretary Blinken told them inter alia to knock off stuff like the SolarWinds mischief; Foreign Minister Lavrov probably said they didn’t do nuthin’.


Leave a Reply