Microsoft disables Windows App Installer's ms-appinstaller after the URI scheme was used to spread malware; Microsoft disabled and re-enabled the scheme in 2022
While I was there this was used to deliver malware and had no basic security thought put into it, so they disabled the feature. — After I left they reenabled it, it got misused for malware again (su...
The FBI led an effort to dismantle the Qakbot botnet, which ransomware gangs used as an infection vector for years, on August 25 after infiltrating its network
It was live on 700k endpoints (!) which should give you an idea of the scale of cybersecurity woes at many orgs (it's still really, really bad out there). X: Nick Carr / @itsreallynick : payments.txt ...
Microsoft identifies a destructive malware operation targeting Ukrainian organizations; the malware looks like ransomware but lacks a ransom recovery mechanism
European Union simulated a cyber attack on a fictitious Finnish power company Vilius Petkauskas / cybernews.com : Belarus state hackers suspected behind Ukraine cyberattack Grugq / grugq's domain : Uk...
FireEye releases a free tool that audits networks to determine whether certain techniques, known to be employed by SolarWinds hackers, were used
Focusing on UNC2452 TTPs Lily Hay Newman / Wired : The SolarWinds Hackers Used Tactics Other Groups Will Copy Zeljka Zorz / Help Net Security : Malwarebytes was breached by the SolarWinds attackers Al...