U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hive ransomware ports its encryptor to Rust programming language

The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features. The Hive ransomware operation has developed a Rust version of their encryptor and added new features to prevent curious from snooping on the victim’s ransom negotiations. According to BleepingComputer, which focused on Linux VMware ESXi encryptor, the Hive ransomware […]

Reynolds ransomware uses BYOVD to disable security before encryption ransomware

The Hive ransomware gang ported its encryptor to the Rust programming language and implemented new features.

The Hive ransomware operation has developed a Rust version of their encryptor and added new features to prevent curious from snooping on the victim’s ransom negotiations.

According to BleepingComputer, which focused on Linux VMware ESXi encryptor, the Hive ransomware operators have updated their encryptor by introducing features that were implemented in the past by the BlackCat/ALPHV ransomware operation.

The BlackCat ransomware gang, unlike other ransomware operations, removed Tor negotiation URLs from their encryptor to prevent third parties from accessing the negotiation page and interfering in the communication between the victims and the gang. The URL in the BlackCat’s approach is passed as a command-line argument when the encryptor is executed.

In previous infections of Hive ransomware, victims were asked to connect to the negotiation page by using login credentials assigned to them and that were previously stored in the encryptor executable. This was to store credentials represented a weakness in the negotiation process.

The Rust version of the Hive Linux encryptor, version v5, was spotted by the Group-IB security researcher rivitna, who highlighted that is has a 0 detection rate. The researchers also noticed that Hive ransomware operation has ported builds (Windows, Linux, ESXi) to Rust using the same sources.

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, ransomware)

[adrotate banner=”5″]

[adrotate banner=”13″]