CVE-2022-26809 can allow attackers to compromise networks without user intervention, making it the most dangerous vulnerability fixed by Microsoft's April 12 Patch Tuesday update.
CVE-2022-26809 can allow attackers to compromise networks without user intervention, making it the most dangerous vulnerability fixed by Microsoft's April 12 Patch Tuesday update.
The Patch Tuesday focus for April: Windows and Exchange (again) computerworld.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from computerworld.com Daily Mail and Mail on Sunday newspapers.
The Ryuk scourge has a new trick in its arsenal: Self-replication via SMB shares and port scanning.
A new version of the Ryuk ransomware is capable of worm-like self-propagation within a local network, researchers have found.
The variant first emerged in Windows-focused campaigns earlier in 2021, according to the French National Agency for the Security of Information Systems (ANSSI). The agency said that it achieves self-replication by scanning for network shares, and then copying a unique version of the ransomware executable (with the file name rep.exe or lan.exe) to each of them as they’re found.
“Ryuk looks for network shares on the victim IT infrastructure. To do so, some private IP ranges are scanned: 10.0.0.0/8; 172.16.0.0/16; and 192.168.0.0/16,” according to a recent ANSSI report. “Once launched, it will thus spread itself on every reachable machine on which Windows Remote Procedure Call accesses are possible.”