#CVEexploits

Akira ransomware is encrypting victims again following pure extortion fling

by

October 22, 2024 at 11:36AM Akira ransomware is returning to traditional encryption tactics after a hiatus from double extortion. Researchers note a shift towards operational efficiency and tactical adaptability, suspecting the development of a new encryptor. Akira targets vulnerabilities, particularly on ESXi and Linux systems, leveraging compromised credentials and phishing techniques to exploit networks. ### … Read more

Examining Water Sigbin’s Infection Routine Leading to an XMRig Cryptominer

by

June 28, 2024 at 01:26AM Water Sigbin utilizes DLL reflective and process injection to deploy the PureCrypter loader and XMRIG crypto miner, exploiting vulnerabilities in Oracle WebLogic servers. Fileless execution via PowerShell scripts enables evasion of disk-based detection, while .Net Reactor protection ensures code obfuscation. The threat actor employs multiple advanced tactics, emphasizing the need … Read more