We value your privacy

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies.

Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

NewApp Digest
search bot

ransomware-as-a-service

Play ransomware exploited Windows logging flaw in zero-day attacks
Winsage
May 7, 2025

Play ransomware exploited Windows logging flaw in zero-day attacks

The Play ransomware gang exploited a critical vulnerability in the Windows Common Log File System, identified as CVE-2025-29824, to execute zero-day attacks, gaining SYSTEM privileges and deploying malware. Microsoft recognized this flaw and issued a patch during last month's Patch Tuesday. The gang targeted sectors including IT and real estate in the U.S., the financial sector in Venezuela, a Spanish software company, and retail in Saudi Arabia. They used the PipeMagic backdoor malware to deploy the CVE-2025-29824 exploit and install ransomware payloads. Symantec's Threat Hunter Team linked these activities to the Play ransomware-as-a-service operation, noting the use of the Grixba infostealer tool. The Play ransomware group, active since at least June 2022, employs double-extortion tactics and has compromised approximately 300 organizations globally as of October 2023. Notable victims include Rackspace, Arnold Clark, the City of Oakland, Dallas County, Antwerp, and Microchip Technology.
Ransomware crews add EDR killers to their arsenal
Tech Optimizer
March 31, 2025

Ransomware crews add EDR killers to their arsenal

Antivirus and endpoint security tools are increasingly challenged by ransomware groups that use sophisticated strategies to disable defenses early in attacks. Cisco Talos reported that in nearly half of the ransomware incidents they handled in 2024, attackers successfully employed "EDR killers" to neutralize endpoint detection and response (EDR) systems, achieving success 48 percent of the time. Tools such as EDRSilencer, EDRSandblast, EDRKillShifter, and Terminator pose significant threats to organizational security. EDRKillShifter exploits vulnerable drivers on Windows machines to terminate EDR products, a tactic observed in operations by rival gangs like Medusa, BianLian, and Play. The primary goal of these tools is to disable EDR protections, allowing attackers to operate undetected, complicating system recovery efforts. Recovery often requires wiping and rebuilding entire networks if robust backups are available. Some EDR killers, like HRSword, are legitimate software tools misused by ransomware actors to disable endpoint protection systems. Attackers have exploited misconfigured systems, particularly EDR products set to audit-only mode, which detect but do not block malicious activity. LockBit has remained the most active ransomware-as-a-service group for the third consecutive year, accounting for 16 percent of claimed attacks in 2024. Newcomer RansomHub secured the second position with 11 percent of posts to leak sites. The effectiveness of law enforcement actions plays a significant role in shaping the ransomware landscape.
Top 10 Best Ransomware Protection Tools
Tech Optimizer
February 23, 2025

Top 10 Best Ransomware Protection Tools

Ransomware is a type of malicious software that encrypts files, making them inaccessible until a ransom is paid, usually in cryptocurrency. Ransom demands can range from a few hundred to several thousand dollars, causing significant disruptions and financial losses. Key examples of ransomware include WannaCry, Petya, CryptoLocker, Ryuk, REvil, and Snake. To protect against ransomware, it is crucial to keep software updated, use anti-virus solutions, be cautious with unknown attachments or links, and regularly back up important data. Effective protection tools include backup solutions, anti-virus software, firewalls, and ransomware-specific solutions. Free protection options include Windows Defender, Malwarebytes Anti-Ransomware, Bitdefender Anti-Ransomware, Avast Anti-Ransomware, and Kaspersky Anti-Ransomware Tool for Business. Ransomware can be categorized into locker ransomware, screen ransomware, and encrypting ransomware.
Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from
Tech Optimizer
February 23, 2025

Week in review: PostgreSQL 0-day exploited in US Treasury hack, top OSINT books to learn from

Researchers from Rapid7 disclosed that the breach of US Treasury workstations by suspected Chinese state-sponsored hackers was facilitated by two zero-day vulnerabilities, including a PostgreSQL flaw (CVE-2025-1094). Exploitation attempts targeting Palo Alto Networks firewalls have surged, focusing on CVE-2025-0108, an authentication bypass vulnerability. Apiiro security researchers introduced PRevent, an open-source tool to detect malicious code in pull requests, and Kunai, an open-source threat hunting tool for Linux, was also introduced. Chester Wisniewski from Sophos discussed the shifting ransomware landscape and quantum decryption threats, while Juliette Hudson from CybaVerse emphasized the importance of asset visibility in cybersecurity. The resurgence of BlackLock ransomware is anticipated in 2025, and XCSSET info-stealing malware has been observed targeting macOS users. Cybersecurity professionals are advised to consider the increasing use of artificial intelligence by malicious actors when making investment decisions for 2025. Various cybersecurity roles are currently available globally, reflecting the growing demand for expertise. New information security products were introduced by companies including 1Password, Fortinet, Pangea, Privacera, and Veeam Software.
Security End-Run: 'AuKill' Shuts Down Windows-Reliant EDR Processes
Winsage
July 17, 2024

Security End-Run: ‘AuKill’ Shuts Down Windows-Reliant EDR Processes

FIN7 developed AuKill, an anti-security tool designed to undermine endpoint security, which has been used by ransomware groups in their attacks. AuKill targets protected processes monitored by EDR solutions using time-travel debugging and Process Explorer drivers, causing crashes in targeted systems. Organizations are advised to strengthen their security solutions with anti-tampering protections to defend against kernel-mode attacks.
Eldorado Ransomware Strikes Windows and Linux Networks
Winsage
July 10, 2024

Eldorado Ransomware Strikes Windows and Linux Networks

Eldorado ransomware is a sophisticated Ransomware-as-a-Service (RaaS) that targets both Windows and Linux operating systems using advanced encryption techniques such as Chacha20 and RSA-OAEP. The malware has the ability to spread through shared networks and infect removable media like USB drives. Affiliates recruited by cyber-criminals through underground forums can customize attacks to specific target networks or organizations. As of June 2024, Eldorado has targeted numerous companies across various industries worldwide. Implementing multi-factor authentication, endpoint detection and response solutions, regular data backups, timely patching, and continuous employee training is crucial to defend against ransomware attacks.
Search