Sergiu Gatlan reports:
The Lorenz ransomware gang now uses a critical vulnerability in Mitel MiVoice VOIP appliances to breach enterprises, using their phone systems for initial access to their corporate networks.
Arctic Wolf Labs security researchers spotted this new tactic after observing a significant overlap with Tactics, Techniques, and Procedures (TTPs) tied to ransomware attacks exploiting the CVE-2022-29499 bug for initial access, as Crowdstrike reported in June.
Read more at BleepingComputer.