The Black Basta ransomware riddle. [Research Saturday]

CyberWire Daily

N2K Networks, Inc.

Daily News, Tech News, News, Technology

4.6 • 1K Ratings

🗓️ 27 July 2024

⏱️ 16 minutes

🔗️ Recording | iTunes | RSS

🧾️ Download transcript

Summary

Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript

Click on a timestamp to play from that location

0:00.0	You're listening to the CyberWire Network, powered by N2K.
0:07.0	This episode is brought to you by Shopify.
0:12.0	Looking to start a side hustle or become your own boss.
0:15.0	Do it with Shopify.
0:16.0	Whether you're selling succulents or stilettoes,
0:18.0	Shopify has the industry leading tools to help you create,
0:21.0	control and grow your own business.
0:23.0	So get serious about selling and get Shopify today.
0:25.8	Sign up for a one pound per month trial period
0:28.2	at shopify.coly slash special offer,
0:31.0	or lower case.
0:32.1	That's Shopify dot code eK slash special offer, or lower case. That's Shopify.
0:32.8	K. K. slash special offer. Hello everyone and welcome to the CyberWire's research Saturday.
0:46.0	I'm Dave Bitner and this is our weekly conversation with researchers and analysts
0:51.0	tracking down the threats and vulnerabilities,
0:53.5	solving some of the hard problems and protecting ourselves
0:56.8	in a rapidly evolving cyberspace.
0:59.4	Thanks for joining us. one of the newer ransomware groups but they've been around since 2022.
1:18.3	We're, they're operated by a group that we call Cardinal.
1:22.1	And that does mean that they're kind of one of the elder states now in the Ransomware
1:27.6	universe.
1:28.6	That's Dick O'Brien, principal intelligence analyst with Symantec's Threathunter team.
	...

Please login to see the full transcript.

Previous episode | Next episode

Disclaimer: The podcast and artwork embedded on this page are from N2K Networks, Inc., and are the property of its owner and not affiliated with or endorsed by Tapesearch.

Generated transcripts are the property of N2K Networks, Inc. and are distributed freely under the Fair Use doctrine. Transcripts generated by Tapesearch are not guaranteed to be accurate.