Qilin ransomware claims attack at Lee Enterprises, leaks stolen data - Related to it, 14, –, killing, it's

Microsoft confirms it's killing off Skype in May, after 14 years

Microsoft has confirmed that the Skype video call and messaging service will be shut down in May, 14 years after replacing the Windows Live Messenger.

A reader contacted BleepingComputer, and shared that , the firm will ask people to switch to Teams Free, with all their contacts, call logs, and messages automatically migrated once they log into their accounts.

If they do not want to switch to Teams, they can export their data, including chat history and images shared in messages.

"Starting in May 2025, Skype will no longer be available. By logging in to Microsoft Teams with your Skype account, your chats and contacts will appear in the app so you can pick up where you left off," a splash screen displayed when launching Skype will explain.

BleepingComputer also confirmed that these same strings exist in the preview version of Skype for Mac.

Mentions of Teams switch in Skype Preview (BleepingComputer).

Microsoft confirmed today that the service will go offline on May 5th. Skype clients will have just over 60 days to export their accounts or log into and migrate to the free Teams app for consumers.

"Over the coming days, we will roll out the ability for Skype users to sign into Teams (free) on any supported device using their Skype credentials—starting today with those who are part of both the Teams and Skype Insider programs," Jeff Teper, president of Microsoft 365 Collaborative Apps & Platforms, said on Friday.

"During the transition period, Teams people can call and chat with Skype people and Skype people can do the same with Teams people. Skype will remain available until May 5, 2025, giving people time to explore Teams and decide on the option that works best for them."

​With Skype's shutdown, Microsoft will stop offering paid Skype attributes, including Skype Credit and voice-calling, which allow individuals to make and receive domestic and international calls.

"With Teams, people have access to many of the same core aspects they use in Skype, such as one-on-one calls and group calls, messaging, and file sharing," Teper added. "Additionally, Teams offers enhanced aspects like hosting meetings, managing calendars, and building and joining communities for free."

Skype was first released in August 2003 by a team of Swedish, Danish, and Estonian developers. Two years later, in September 2005, eBay bought it for $[website] billion. Microsoft acquired the telecommunications app in May 2011 for $[website] billion and used it to replace its Windows Live Messenger platform.

As the firm revealed in February 2023, when it unveiled an AI-powered Bing integration for the messaging service, more than 36 million people used Skype daily to connect via phone calls and chats.

Last year, Redmond unveiled plans to discontinue the Paint 3D graphics app after eight years and remove the Cortana voice assistant and the WordPad basic text editor with the Windows 11 24H2 upgrade.

Eight years ago, in July 2017, Microsoft also expressed it would remove the classic Windows Paint app. However, following an outpouring of negative user feedback regarding its deprecation, it decided against killing it off entirely and instead made it available via the Microsoft Store.

In today's rapidly evolving digital landscape, weak identity security isn't just a flaw—it's a major risk that can expose your business to breaches an......

Microsoft on Thursday unmasked four of the individuals that it expressed were behind an Azure Abuse Enterprise scheme that involves leveraging unauthorized......

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It's l......

RDP: a Double-Edged Sword for IT Teams – Essential Yet Exploitable

Remote Desktop Protocol (RDP) is an amazing technology developed by Microsoft that lets you access and control another computer over a network. It's like having your office computer with you wherever you go. For businesses, this means IT staff can manage systems remotely, and employees can work from home or anywhere, making RDP a true game-changer in today's work environment.

But here's the catch: because RDP is accessible over the internet, it's also a prime target for unethical hackers. If someone gains unauthorized access, they could potentially take over your system. That's why it's so critical to secure RDP properly.

Why IT Teams Depend on RDP, Despite the Risks.

More than 50 percent of Kaseya's small and medium-sized businesses (SMBs) and Managed Service Providers (MSPs) clients use RDP for daily operations due to its efficiency and flexibility:

Reduces Costs and Downtime – IT teams can resolve technical issues remotely, eliminating travel expenses and delays.

– IT teams can resolve technical issues remotely, eliminating travel expenses and delays. Supports Business Continuity – Employees and administrators can securely access firm systems from any location.

– Employees and administrators can securely access firm systems from any location. Enables Scalable IT Management – MSPs can oversee multiple client networks from a single interface.

Despite its benefits, RDP's widespread use makes it an attractive attack vector, requiring constant vigilance to secure properly.

New Concerns: The Rise of Port 1098 Scans.

Typically, RDP communicates over port 3389. However, recent security reports - like one from the Shadowserver Foundation in December 2024 - have highlighted a worrying trend. Hackers are now scanning port 1098, an alternative route that many aren't as familiar with, to find vulnerable RDP systems.

To put this into perspective, honeypot sensors have observed up to 740,000 different IP addresses scanning for RDP services every day, with a significant number of these scans coming from a single country. Attackers use these scans to locate systems that may be misconfigured, weak, or unprotected, and then they can try to force their way in by guessing passwords or exploiting other weaknesses.

For businesses, especially SMBs and MSPs, this means a higher risk of serious issues like data breaches, ransomware infections, or unexpected downtime.

Microsoft is aware of these risks and regularly releases updates to fix security vulnerabilities. In December 2024, for example, Microsoft addressed nine major vulnerabilities related to Windows Remote Desktop Services. These fixes targeted a range of issues identified by security experts, ensuring that known weaknesses couldn't be easily exploited.

Then, in January's enhancement, two additional critical vulnerabilities (labeled CVE-2025-21309 and CVE-2025-21297) were patched. Both of these vulnerabilities, if left unaddressed, could allow attackers to remotely execute harmful code on a system without the need for passwords.

How Kaseya's vPenTest Proactively Helps Secure RDP & More.

RDP exposed to the internet is more often a misconfiguration than an intended configuration. In the last 28,729 external network pentests we have performed, we were able to find 368 instances of RDP exposed to the public internet. On internal networks we have found 490 instances of Bluekeep.

For organizations looking for a proactive method to protect their external and internal networks, tools like vPenTest are invaluable. vPenTest offers:

Automated Network Pentesting: The platform will perform both external and internal network pentests. IT Professionals are now able to perform the same attacks as an attacker against the networks they manage to proactively protect them and test security controls.

The platform will perform both external and internal network pentests. IT Professionals are now able to perform the same attacks as an attacker against the networks they manage to proactively protect them and test security controls. Multi-Tenant: The platform is purpose built for the multi-functional IT Team juggling multiple tasks. IT Professionals are able to manage all pentest engagements for multiple companies within the platform.

The platform is purpose built for the multi-functional IT Team juggling multiple tasks. IT Professionals are able to manage all pentest engagements for multiple companies within the platform. Detailed Reporting and Dashboard: vPenTest will generate a set of reports including an Executive Summary and a very detailed Technical research. The platform also has a dashboard for each assessment so IT Professionals can quickly review findings, recommendations and affected systems.

For the first time in tech history, IT Professionals are now able to execute a real network pentest against the organizations they manage at scale and on a more frequent basis.

For organizations looking for an extra layer of protection, tools like Datto Endpoint Detection and Response (EDR) are invaluable. Datto EDR offers:

Real-Time Threat Detection: It monitors RDP traffic for unusual behavior—like unexpected access attempts or strange port usage—and raises alerts if something seems off.

It monitors RDP traffic for unusual behavior—like unexpected access attempts or strange port usage—and raises alerts if something seems off. Automated Responses: When suspicious activity is detected, the system can automatically block or isolate the threat, stopping potential breaches in their tracks.

When suspicious activity is detected, the system can automatically block or isolate the threat, stopping potential breaches in their tracks. Detailed Reporting: Comprehensive logs and reports help administrators understand what happened during an incident, so they can strengthen their defenses for the future.

This means that with Datto EDR, businesses can enjoy the benefits of RDP while keeping their systems safer from modern threats.

Here are some straightforward tips to help secure your RDP setup:

Timely Patching: Always install updates as soon as they're available. Vendors frequently release patches to address new vulnerabilities.

Always install updates as soon as they're available. Vendors frequently release patches to address new vulnerabilities. Limit Exposure: Restrict RDP access to trusted personnel only and consider changing the default port (3389) to something less predictable.

Restrict RDP access to trusted personnel only and consider changing the default port (3389) to something less predictable. Use Multi-Factor Authentication: Adding extra steps for verification (like MFA and Network Level Authentication) makes it much harder for attackers to gain access.

Adding extra steps for verification (like MFA and Network Level Authentication) makes it much harder for attackers to gain access. Enforce Strong Passwords: Ensure that passwords are complex and meet a minimum length requirement to help thwart brute-force attacks.

By taking these steps, you can significantly reduce the risk of your RDP services becoming an entry point for cyberattacks.

RDP Isn't Going Away—But Security Needs to Improve.

RDP is an essential tool that has transformed how businesses operate, enabling remote work and efficient system management. However, as with any powerful tool, it comes with its own set of risks. With attackers now exploring new avenues like port 1098 and continuously finding ways to exploit vulnerabilities, it's crucial to stay on top of security updates and best practices.

By keeping your systems patched, limiting access, using multi-factor authentication, and employing advanced security solutions like Datto EDR, you can enjoy the flexibility of RDP without compromising your organization's security.

Law enforcement agencies from 19 countries have arrested 25 suspects linked to a criminal ring that was distributing child sexual abuse material (CSAM......

Die Verschlüsselung mit DES gilt seit Langem, bereits länger als zwei Dekaden, als unsicher. Nun macht Microsoft Nägel mit Köpfen: Die DES-Verschlüsse......

The threat actor known as Sticky Werewolf has been linked to targeted attacks primarily in Russia and Belarus with the aim of delivering the Lumma Ste......

Qilin ransomware claims attack at Lee Enterprises, leaks stolen data

The Qilin ransomware gang has claimed responsibility for the attack at Lee Enterprises that disrupted operations on February 3, leaking samples of data they claim was stolen from the business.

The threat actors have now threatened to leak all the allegedly stolen data on March 5, 2025, unless a ransom demand is paid.

Lee Enterprises is a US-based media enterprise that owns and operates over 77 daily newspapers, 350 publications, digital media platforms, and marketing services. The enterprise's primary focus is local news and advertising, with its digital audience reaches tens of millions monthly.

In a filing with the [website] Securities and Exchange Commission (SEC) earlier this month, the corporation disclosed that it had suffered a cyberattack on February 3, 2025, causing significant operational disruptions.

BleepingComputer learned that the outage caused significant problems, such as losing access to internal systems and cloud storage, and corporate VPNs not working.

A week later, Lee Enterprises submitted a new filing with the SEC that specified that the hackers "encrypted critical applications and exfiltrated certain files," indicating they got hit by ransomware.

Today, Qilin ransomware added Lee Enterprises to its dark web extortion site, sharing samples of the allegedly stolen data, including government ID scans, non-disclosure agreements, financial spreadsheets, contracts/agreements, and other confidential documents allegedly stolen from the firm.

Qilin ransomware threatens Lee Enterprises with data leak.

The ransomware actors claimed to have stolen 120,000 files totaling 350GB in size and threatened to release it all on March 5.

BleepingComputer contacted Lee Enterprises to learn if the stolen data belonged to them, but a comment wasn't immediately available.

Qilin is not one of the most prolific ransomware gangs but has come a long way since it launched in August 2022 under the name "Agenda."

Over the years that followed, the cybercriminals claimed hundreds of victims, with some notable cases including automotive giant Yangfeng, Australia's Court Services Victoria, and several major NHS hospitals in London.

In terms of its technical evolution, Qilin introduced a Linux (VMware ESXi) variant in December 2023, started deploying a custom Chrome credentials stealer in August 2024, and introduced a Rust-based data locker with stronger encryption and more effective evasion last October.

Last year, Microsoft 'Scattered Spider' hacker collective had begun to use Qilin ransomware in attacks.

One of the most notorious providers of abuse-friendly “bulletproof” web hosting for cybercriminals has started routing its operations through networks......

Cisco has confirmed that a Chinese threat actor known as Salt Typhoon gained access by likely abusing a known security flaw tracked as CVE-2018-0171, ......

Microsoft has confirmed that the Skype video call and messaging service will be shut down in May, 14 years after replacing the Windows Live Messenger.......