Tag Archives: StopRansomware

The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware

The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware. It is alleged that as of May 2024, more than 500 organizations worldwide have been affected by Black Basta, including businesses and critical infrastructure in North America, Australia and Europe. 12 of 16 critical infrastructure sectors are affected.

The ransomware was first spotted in April 2022. Initial Access is obtained through phishing or exploitation of the February vulnerability AuthBypass in ConnectWise ScreenConnect (CVE-2024-1709).

Privilege Escalation and Lateral Movement Toolkit: Mimikatz and Vulnerability Exploitation ZeroLogon (CVE-2020-1472), NoPac (CVE-2021-42278, CVE-2021-42287), PrintNightmare (CVE-2021-34527). Patches have been available for years, but organizations have not installed them. 🤷‍♂️ Perhaps they hoped that the perimeter would never be breached. 😏

На русском

This is my personal blog. The opinions expressed here are my own and not of my employer. All product names, logos, and brands are property of their respective owners. All company, product and service names used here for identification purposes only. Use of these names, logos, and brands does not imply endorsement. You can freely use materials of this site, but it would be nice if you place a link on https://avleonov.com and send message about it at me@avleonov.com or contact me any other way.

Alexander V. Leonov

Vulnerability Management and more

Tag Archives: StopRansomware

The Americans have released joint Cybersecurity Advisory (CISA, FBI, HHS, MS-ISAC) against the Black Basta ransomware