• RUSSIA-UKRAINE UPDATES:

    We are providing free access to all our threat reports and related discussions for this and other widespread threats as a service to the industry and any impacted organizations. Access our Active Exploits Discussion/Recommendations forum. All related threat reports and discussion items will be posted to these threads.

    We all need to work together to help businesses better understand the threat landscape and prepare for attacks, current and future.

PrintNightmare

Jump to latest Follow Reply
Status
Not open for further replies.
MJ Shoer

MJ Shoer

Chief Community Officer
Staff member
May 22, 2020
471
231
58
Portsmouth, New Hampshire
connect.comptia.org
500 750 50 500 50 20 75 30 20 250 75 50 750 75 50 500 50 20 20 20 20 20 10
  • #1
    Please use this thread to discuss the PrintNightmare exploit and what steps you are taking to secure your business as well as your customers.

    For ease of navigation and reference, here are the threat reports and posts that have come in to the Cyber Forum on this exploit:

    CISA Offers New Mitigation for PrintNightmare Bug

    Printnightmare 0-Day Can Be Used to Take Over Windows Domain Controllers

    Researchers Leak PoC Exploit for a Critical Windows RCE Vulnerability

    PrintNightmare, the zero-day hole in Windows – here’s what to do

    What is everyone doing about PrintNightmare
     
    Will Thomas

    Will Thomas

    Well-known member
    Aug 4, 2021
    2
    3
    20 50 750 50 20 20 20 10
  • #3
    We are now seeing reports of at least four confirmed cybercriminal gangs leveraging PrintNightmare in the wild:

    This includes
    Magniber ransomware - https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
    Vice Society ransomware - https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
    BazarLoader (which leads to Conti ransomware) -
    https://twitter.com/i/web/status/1421117403644186629
    PurpleFox EK -
    https://twitter.com/i/web/status/1420402020259926016

    Plus FiveHands ransomware who said they are likely to use it - https://intel471.com/blog/ransomware-as-a-service-fivehands-printnightmare-babuk-conti

    We are also monitoring for any mentions of APT groups actively exploiting the PrintNightmare vulnerabilities. There is currently a new wave of ProxyShell exploit attacks, which could in theory be combined with PrintNightmare for local privilege escalation (LPE) to SYSTEM level privileges.
     
    • Like
    Reactions: Grant Smith - TCG
    Status
    Not open for further replies.
    Top Bottom
    Jump to latest Follow Reply
    Jump to latest Follow Reply
    Home
    Forums
    Threat Reports
    TruSTAR Login
    My.CompTIA
    Menu