Microsoft researchers have published a detailed analysis of the LemonDuck mining malware and reported that cross-platform malware continues to improve. LemonDuck is capable of attacking Windows and Linux, exploits old vulnerabilities and uses various distribution mechanisms to improve the effectiveness of its campaigns. LemonDuck activity was first discovered in China in May 2019. Later, in… Continue reading Microsoft reported about activity of the LemonDuck malware
Tag: EternalBlue
Prometei botnet attacks vulnerable Microsoft Exchange servers
Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. Researchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail… Continue reading Prometei botnet attacks vulnerable Microsoft Exchange servers
Prometei botnet uses SMB for distribution
Cisco Talos has discovered a new botnet, Prometei, which was active since March 2020 and focused on mining the Monero (XMR) cryptocurrency. The researchers note that the Prometei botnet intensively uses the SMB protocol for distribution. The malware mainly attacks users from the USA, Brazil, Pakistan, China, Mexico and Chile. During four months of activity,… Continue reading Prometei botnet uses SMB for distribution
Lucifer malware uses many exploits, is engaged in mining and DDoS attacks
Palo Alto Networks experts have prepared a report on Lucifer malware, which uses many exploits and, according to experts, “wreaks havoc” on Windows hosts. It is noted that the authors of the malware themselves named their brainchild Satan DDoS, but information security experts call it Lucifer to distinguish it from the Satan cryptographer. The Lucifer… Continue reading Lucifer malware uses many exploits, is engaged in mining and DDoS attacks
Microsoft recommends Exchange administrators to disable SMBv1
Microsoft strongly recommends administrators disable the SMBv1 protocol on Exchange servers to protect against threats that exploit its vulnerabilities. Let me remind you that Microsoft has been implementing a systematic refusal to use the outdated SMBv1 for a long time. So, since 2016, the company has advised administrators to withdraw from SMBv1 support since this… Continue reading Microsoft recommends Exchange administrators to disable SMBv1