Ransomware operators are actively exploiting vulnerabilities in Windows Print Spooler, Cisco Talos says. Magniber and Vice Society are using the vulnerability to compromise victims and spread laterally across a victim’s network to deploy file-encrypting payloads on targeted systems. The attacks are said to have taken place since at least July 13 in South Korea. The attackers are believed to have used a malicious library associated with the PrintNightmare flaw to pivot to multiple systems across the environment and extract credentials from the victim.
Source: https://thehackernews.com/2021/08/ransomware-gangs-exploiting-windows.html