Cisco Talos cybersecurity experts: The attacker, a single actor, deploys a variety of malware, such as DcRAT and QuasarRAT, via diplomatic and humanitarian lures.
Cybersecurity, disable the Windows Print Spooler service on servers not used for printing. The US CISA: An attacker could exploit the critical PrintNightmare zero-day vulnerability to take control of an affected system
Disable the Windows Print Spooler service on servers not used for printing! This is the last advice spread by the US Cybersecurity and Infrastructure Security Agency (CISA) on the critical PrintNightmare zero-day vulnerability. According to the researchers, an attacker can exploit this flaw to take control of an affected system. According to Microsoft, any authenticated user can remotely connect to a domain controllers print spooler service, and request an update on new print jobs. Also, users can tell the domain controller to send the notification to the system with unconstrained delegation. These actions test the connection and expose the domain controller computer account credential.