Advertise

Attacks/Breaches

8/28/2020
11:00 AM

Steve Zurier
Slideshows

Connect Directly

1 Comment
Comment Now

Ransomware Red Flags: 7 Signs You're About to Get Hit

Caught off guard by a ransomware attack? Security experts say the warning signs were there all along.

6 of 8

Security Tools Are Being Used in Environments They Weren't Assigned To

Once attackers have admin rights, they will try to disable security software using applications created to assist with the forced removal of software, such as Process Hacker, IObit Uninstaller, GMER, and PC Hunter. These types of tools are legitimate, but if a specific tool is showing up on a system for which it's not assigned, then something is wrong.

Any detection of Mimikatz (used in NotPetya) should get investigated, Sophos' Mackenzie adds. If no one on your security team confirms using it, that's a red flag because Mimikatz has become one of the most commonly used hacking tools for credential theft.

Image Source: Adobe Stock: Maksim Kabakov

6 of 8

Comment |

Email This |

Print |

RSS

Comments

Newest First | Oldest First | Threaded View

[close this box]

100%

David-Balaban,
User Rank: Author
9/11/2020 | 3:29:11 AM

Backups no longer enough

Earlier, during a ransomware attack, organizations could remove the virus and restore files from the backup. The ransomware authors' tactics have now changed. They first steal all files that they can, and then encrypt everything. Later, if you don't want to pay the ransom, they threaten to publish your confidential files. In addition to backups, you need now to also take care of encrypting important info, both data at rest and data in transit.

Reply | Post Message | Messages List | Start a Board

Editors' Choice

FluBot Malware's Rapid Spread May Soon Hit US Phones

Kelly Sheridan, Staff Editor, Dark Reading, 4/28/2021

7 Modern-Day Cybersecurity Realities

Steve Zurier, Contributing Writer, 4/30/2021

How to Secure Employees' Home Wi-Fi Networks

Bert Kashyap, CEO and Co-Founder at SecureW2, 4/28/2021

Live Events

Webinars

Dark Reading June 24 Virtual Event a free, all-day online conference. LEARN MORE

Finding & Stopping Enterprise Data Breaches - June 24 - Dark Reading Virtual Event

More Informa Tech Live Events

White Papers

Hidden Costs of Endpoint Security

The Definitive Buyer's Guide for Managed Threat Detection and Response Services

Tech Insights: Detecting and Preventing Insider Data Leaks

Brand Protection During a Global Pandemic

Powering Digital Transformation

More White Papers

Cartoon Contest

Write a Caption, Win an Amazon Gift Card! Click Here

Latest Comment: Earthling...PLEASE help me! The wormhole is about to close and I do not understand... - At least 8 characters—the more characters, the ...

Cartoon Archive

Current Issue

2021 Top Enterprise IT Trends

We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises are Developing Secure Applications

Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprises

0 comments

The Malware Threat Landscape

0 comments

How Data Breaches Affect the Enterprise (2020)

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2021-31755
PUBLISHED: 2021-05-07

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setmac allows attackers to execute arbitrary code on the system via a crafted post request.

CVE-2021-31756
PUBLISHED: 2021-05-07

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /gofrom/setwanType allows attackers to execute arbitrary code on the system via a crafted post request. This occurs when input vector controlled by malicious attack get copie...

CVE-2021-31757
PUBLISHED: 2021-05-07

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setVLAN allows attackers to execute arbitrary code on the system via a crafted post request.

CVE-2021-31758
PUBLISHED: 2021-05-07

An issue was discovered on Tenda AC11 devices with firmware through 02.03.01.104_CN. A stack buffer overflow vulnerability in /goform/setportList allows attackers to execute arbitrary code on the system via a crafted post request.

CVE-2021-31458
PUBLISHED: 2021-05-07

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 10.1.1.37576. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handlin...

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]