News for October 5, 2022

Microsoft ProxyNotShell Mitigations Revised (Update)
by Artie Kaye

The work around that Microsoft released for use with the zero-day flaws in Exchange Server have been discovered to be easily circumvented.  The company has released updated methods to employ to prevent the exploitation.  Please follow the Microsoft link below.

Avast Release Decryptor For Specific Ransomware
by Artie Kaye

A flaw found within the encryption process has allowed researchers at Avast to develop a means of decrypting certain variants of the MafiaWare666 ransomware.  The variants include jcrypt, brutusptcrypt, bmcrypt, cyberone, rip lmao, and l33ch.  As this is not a full crack of the code, this is not a guaranteed solution, and as such, backup any files that are encrypted before attempting to use this tool.  The decryptor is available gratis on the website linked below.

RatMilad Spyware Targeting Android Devices
by Artie Kaye

Discovered being spread to devices in the Middle East, this spyware is designed to access, record, and exfiltrate information.  It is propagated through impersonating legitimate programs, like Text Me, which is used to access social media with just a phone number.  The links to download the spyware are not found on app stores, but through Whatsapp.  While this is currently targeting people outside the US, it is important to take notice of spyware, especially on phones.  The programs run undetected on devices and can track many things the user doesn’t want tracked.  When seeking to add programs to your phone, always get them from trusted sources.  Double check that it is the appropriate application and developer to keep yourself safe.