PrintNightmare

Jump to latest Follow Reply
Status
Not open for further replies.
MJ Shoer

MJ Shoer

Chief Community Officer
Staff member
May 22, 2020
473
234
59
Portsmouth, New Hampshire
connect.comptia.org
500 750 50 500 50 20 75 30 20 250 75 50 750 75 50 500 50 20 20 20 20 20 10
  • #1
    Please use this thread to discuss the PrintNightmare exploit and what steps you are taking to secure your business as well as your customers.

    For ease of navigation and reference, here are the threat reports and posts that have come in to the Cyber Forum on this exploit:

    CISA Offers New Mitigation for PrintNightmare Bug

    Printnightmare 0-Day Can Be Used to Take Over Windows Domain Controllers

    Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

    PrintNightmare, the zero-day hole in Windows – here’s what to do

    What is everyone doing about PrintNightmare
     
    Dave Alton

    Dave Alton

    Head nerd long before it was cool.
    CompTIA ISAO Executive Steering Committee
    Cybersecurity Trustmark
    Aug 20, 2020
    50
    39
    Simi Valley
    sirinc.com
    50 75 20 30 50 20 20 250 750 50 50 20 20 20 10
  • #2
    MJ,

    Thanks for putting this here. So important for all of us to contribute to the overall security of everyone else. If anyone has any other suggestions would love to hear it.

    Thanks,

    Dave
     
    • Like
    Reactions: MJ Shoer
    Will Thomas

    Will Thomas

    Well-known member
    Aug 4, 2021
    2
    3
    20 50 750 50 20 20 20 10
  • #3
    We are now seeing reports of at least four confirmed cybercriminal gangs leveraging PrintNightmare in the wild:

    This includes
    Magniber ransomware - https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
    Vice Society ransomware - https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
    BazarLoader (which leads to Conti ransomware) -
    https://twitter.com/i/web/status/1421117403644186629
    PurpleFox EK -
    https://twitter.com/i/web/status/1420402020259926016

    Plus FiveHands ransomware who said they are likely to use it - https://intel471.com/blog/ransomware-as-a-service-fivehands-printnightmare-babuk-conti

    We are also monitoring for any mentions of APT groups actively exploiting the PrintNightmare vulnerabilities. There is currently a new wave of ProxyShell exploit attacks, which could in theory be combined with PrintNightmare for local privilege escalation (LPE) to SYSTEM level privileges.
     
    • Like
    Reactions: Grant Smith - TCG
    Status
    Not open for further replies.
    Top Bottom
    Jump to latest Follow Reply
    Jump to latest Follow Reply
    Home
    Forums
    Threat Reports
    My.CompTIA
    Menu