HPE says hackers breached Aruba Central using stolen access key
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
Telnyx is the latest VoIP provider hit with DDoS attacks
NUCLEUS:13 TCP security bugs impact critical healthcare devices
The new Microsoft Store is now rolling out to Windows 10 PCs
Windows 10 App Installer abused in BazarLoader malware attacks
BotenaGo botnet targets millions of IoT devices with 33 exploits
How to fix the Windows 0x0000007c network printing error
Qualys BrowserCheck
Junkware Removal Tool
How to remove the PBlock+ adware browser extension
Remove the Toksearches.xyz Search Redirect
Remove the Smashapps.net Search Redirect
Remove the Smashappsearch.com Search Redirect
Remove Security Tool and SecurityTool (Uninstall Guide)
How to remove Antivirus 2009 (Uninstall Instructions)
How to Remove WinFixer / Virtumonde / Msevents / Trojan.vundo
How to remove Google Redirects or the TDSS, TDL3, or Alureon rootkit using TDSSKiller
Locky Ransomware Information, Help Guide, and FAQ
CryptoLocker Ransomware Information Guide and FAQ
CryptorBit and HowDecrypt Information Guide and FAQ
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
How to make the Start menu full screen in Windows 10
How to install the Microsoft Visual C++ 2015 Runtime
How to open an elevated PowerShell Admin prompt in Windows 10
How to Translate a Web Page in Google Chrome
How to start Windows in Safe Mode
How to remove a Trojan, Virus, Worm, or other Malware
How to show hidden files in Windows 7
How to see hidden files in Windows
IT Certification Courses
Gear + Gadgets
The Magniber ransomware gang is now using two Internet Explorer vulnerabilities and malicious advertisements to infect users and encrypt their devices.
The two Internet Explorer vulnerabilities are tracked as CVE-2021-26411 and CVE-2021-40444, with both having a CVSS v3 severity score of 8.8.
The first one, CVE-2021-26411, was fixed in March 2021 and is a memory corruption flaw triggered by viewing a specially crafted website.
The second flaw, CVE-2021-40444, is a remote code execution in IE’s rendering engine triggered by the opening of a malicious document.
Attackers exploited CVE-2021-40444 as a zero-day before Microsoft fixed it in September 2021.
The Magniber gang is known for its use of vulnerabilities to breach systems and deploy their ransomware.
In August, Magniber was observed exploiting ‘PrintNightmare’ vulnerabilities to breach Windows servers, which took Microsoft a while to address due to their impact on printing.
The most recent Magniber activity focuses on exploiting Internet Explorer vulnerabilities using malvertising that pushes exploit kits, as confirmed by Tencent Security researchers who identified “fresh” payloads.
One possible explanation for this shift is that Microsoft has largely fixed the ‘PrintNightmare’ vulnerabilities over the past four months and was heavily covered by the media, pushing admins to deploy security updates.
Another reason why Magniber may have turned to Internet Explorer flaws is that they are relatively easy to trigger, relying solely upon stimulating the recipient’s curiosity to open a file or webpage.
It may seem strange to target an old unpopular browser like Internet Explorer. However, StatCounter shows that 1.15% of the global page views are still from IE.
While this is a low percentage, StatCounter tracks over 10 billion page views per month, which equates to 115,000,000 pages views by users of Internet Explorer.
Furthermore, it is much harder to target Firefox and Chromium-based browsers, such as Google Chrome and Microsoft Edge, as they utilize an auto-update mechanism that quickly protects users from known vulnerabilities.
Magniber started in 2017 as the successor to the Cerber ransomware, and initially, it only infected users from South Korea.
The group then widened their targeting scope and began infecting Chinese (including Taiwan and Hong Kong), Singaporean, and Malaysian systems as well.
This scope has solidified, and today, Magniber is a nuisance almost exclusively for Asian companies and organizations.
Since its launch, the Magniber ransomware has been under very active development, and its payload has been completely rewritten three times.
At this time, it remains uncracked, so there’s no decryptor to help you restore any files that have been encrypted with this strain.
Finally, Magniber isn’t following the trend of file-stealing and double-extortion, so the damage of their attacks is limited to file encryption.
As such, taking regular backups on secured, isolated systems is a very effective way to deal with this particular threat.
Hacking group also used an IE zero-day against security researchers
Microsoft Exchange ProxyShell exploits used to deploy Babuk ransomware
Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks
Sitecore XP RCE flaw patched last month now actively exploited
Over 30,000 GitLab servers still unpatched against critical bug
Not a member yet? Register Now
Microsoft urges Exchange admins to patch bug exploited in the wild
Microsoft November 2021 Patch Tuesday fixes 6 zero-days, 55 flaws
To receive periodic updates and news from BleepingComputer, please use the form below.
Terms of Use Privacy PolicyEthics Statement
Copyright @ 2003 – 2021 Bleeping Computer® LLC – All Rights Reserved
Not a member yet? Register Now
Read our posting guidelinese to learn what content is prohibited.


You May Also Like

Google, Apple fined by Italian authority for aggressive data collection

Hackers exploit Microsoft MSHTML bug to steal Google, Instagram credsApple sues spyware-maker…

FBI: State hackers exploiting new Zoho zero-day since October

Microsoft warns of easy Windows domain takeover via Active Directory bugsUK govt…

Amazon is shutting down web ranking site Alexa.com

ALPHV BlackCat – This year’s most sophisticated ransomwareSonicWall ‘strongly urges’ customers to…

Sitecore XP RCE flaw patched last month now actively exploited

State hackers breach defense, energy, healthcare orgs worldwideMediaMarkt hit by Hive ransomware,…