Researchers Say OMIGOD Vulnerability Can Give Attackers Root PrivilegesThe Mirai botnet is actively exploiting the known vulnerability CVE-2021-38647, which is part of a quarter of vulnerabilities dubbed OMIGOD, in Microsoft's Azure Linux Open Management Infrastructure framework, according to Kevin Beaumont, head of the security operations center for Arcadia Group.

Extortionists Revert to Scareware Tactics to Pressure Victims to Avoid NegotiatorsThe Ragnar Locker ransomware operation has been threatening to dump victims' stolen data if they contact police, private investigators or professional negotiators before paying a ransom. But as one expert notes: "Perhaps the criminals watched too many TV shows, because this isn’t how the real world works."

Why Requiring Victims to Reveal Payments Would Help Blunt Criminal Business Model"Silence is gold." So says ransomware operator Ragnar Locker, as it attempts to compel victims to pay its ransom demand without ever telling anyone - especially not police. But some ransomware-battling experts have been advocating the opposite, including mandatory reporting of all ransom payments.

Group Specializing in Big Game Hunting Has Amassed Millions in Ransom PaymentsSecurity experts say the notorious REvil - aka Sodinokibi - ransomware-as-a-service operation, which went dark in July, appears to be back in business. The group's data leak site and payment portal are back online, and one expert says the group appears to have begun amassing new victims.

The latest edition of the ISMG Security Report features an analysis of data breach trends. Also featured: yet another Microsoft Exchange vulnerability and misconceptions about cybercrime groups.

It’s the largest attack surface in history, and adversaries are taking advantage by launching attacks at an unprecedented volume and velocity. Shashi Prakash of Bolster discusses how to monitor and manage this new and shifting range.