CVE-2022-29499

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Data leakers become data leakees

The Lorenz ransomware group leaked the details of every person who contacted it via its online contact form over the course of the last two years. A security researcher noticed Lorenz's dark web victim blog was leaking backend code, pulled the data from the site, and uploaded to it a public GitHub repository. The data includes names, email addresses, and the subject line entered into the ransomware group's limited online form to request information from Lorenz. A subset of the individuals includ...

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Criminals do love that unpatched VoIP and IoT kit

The Lorenz ransomware gang is exploiting a vulnerability in Mitel VoIP appliances to break corporate networks. Threat hunters with cybersecurity firm Arctic Wolf Labs recently found that Lorenz – a prolific group that has been around since at least early 2021 and lately is primarily targeting SMBs in the US, China, and Mexico – used a vulnerability (CVE-2022-29499) in a MiVoice VoIP appliance from Mitel to get into a victim's network before deploying Microsoft's BitLocker Drive Encryption to...