Cybersecurity Help: The flaw (CWE-284) exists due to an IDOR issue. A threat actor could send a specially crafted request with the post ID to delete arbitrary posts.
UK NCSC experts: It’s the CVE-2020-16952. It can be exploited when a user uploads a specially crafted application package to an affected version of SharePoint.
The Group’s Finance Ministers and Central Bank Governors sound the alarm on the malware growing threat and call upon all countries to effectively implement the FATF standards.
The lure is a supposed change of IP, that requires a confirmation of the account. This passes through a fake page. The objective is to steal credentials.
Bleeping Computer: The aim is to lure victims into enabling Excel macros. Threat actors also continue using signed campaigns for distributing the malware.
Microsoft cybersecurity experts: The malware doesn’t encrypt the files. It blocks access to device by displaying a screen with the ransom note that appears over every other window.
Kaspersky cybersecurity experts: To evade detection, it host its communications with the C2 on public cloud services and hides the main malware with steganography.
CISA-MS-ISAC cyber security experts: Roughly 16,000 alerts related to the malware and significant increase in state-local governments targeted by the malware with phishing.
It’s not clear if the source are cybercrime or cyberwarfare actors, but systems have been restored. Maritime sector and companies are in the crosshairs.
ESET cybersecurity experts: The targets are primarily government entities. The APT, until now undetected, exploits the XDDown malware and spear phishing.