Exploit for Vulnerabilities ProxyNotShell Appeared on the Network

Experts warned that an exploit for two high-profile vulnerabilities in Microsoft Exchange, which are collectively called ProxyNotShell, has appeared in the public domain. Vulnerabilities have been used by hackers before, but now there may be more attacks. Initially, ProxyNotShell problems (CVE-2022-41040 and CVE-2022-41082) were discovered in September by analysts from the Vietnamese company GTSC. Let… Continue reading Exploit for Vulnerabilities ProxyNotShell Appeared on the Network

MSIL/Microsoft.Bing.A Detection (BingWallpaperApp.exe) — Why Does It Appear?

ESET started detecting the BingWallpaperApp.exe as a potentially unwanted program

A lot of users on different forums complain about MSIL/Microsoft.Bing.A detection in ESET antivirus. This detection points to BingWallpaperApp.exe file – the benevolent file which belongs to Windows and is issued by Microsoft. But how could that happen – a 100% legit element marked as malicious? Let’s have a look at that story. What is… Continue reading MSIL/Microsoft.Bing.A Detection (BingWallpaperApp.exe) — Why Does It Appear?

Emotet Botnet Resumed Activity after Five Months of Inactivity

The Emotet botnet resumed activity and began sending out malicious spam again after a five-month break, during which the malware practically “lay low.” So far, Emotet is not delivering additional payloads to the infected devices of victims, so it is not yet possible to say exactly what this malicious campaign will lead to. Let me… Continue reading Emotet Botnet Resumed Activity after Five Months of Inactivity

Raspberry Robin Worm Operators Now Trade Access

Microsoft researchers reported that the operators of the hack group, which they track under the ID DEV-0950, used the Clop ransomware to encrypt the network of a victim previously infected with the Raspberry Robin worm. Let me remind you that the first Raspberry Robin malware was found by analysts from Red Canary. In the spring… Continue reading Raspberry Robin Worm Operators Now Trade Access

Microsoft Links Hacker Group Vice Society to Several Ransomware Campaigns

Microsoft experts have published a report on the hacker group Vice Society (aka DEV-0832), which uses ransomware to attack the educational sector in the US and other countries around the world. According to experts, the attackers are switching between using BlackCat, QuantumLocker, Zeppelin ransomware and another variant of Zeppelin, which is used under the “brand”… Continue reading Microsoft Links Hacker Group Vice Society to Several Ransomware Campaigns

Weak Block Cipher in Microsoft Office 365 Leads to Message Content Disclosure

WithSecure (formerly F-Secure Business) researchers claim that the content of encrypted messages sent through Microsoft Office 365 can be partially or completely disclosed due to the use of a weak block cipher. Although the experts received a bug bounty for their discovery, no fix for this problem is expected, and Microsoft has stated that they… Continue reading Weak Block Cipher in Microsoft Office 365 Leads to Message Content Disclosure

Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It

Although Microsoft still hasn’t fixed the ProxyNotShell vulnerabilities found in Exchange last month, the company is now investigating a report of a new 0-day bug that is being used to compromise Exchange servers. Hackers are exploiting this bug to deploy the LockBit ransomware. Let me remind you that we also wrote that ProxyToken Vulnerability Allows… Continue reading Another 0-Day Bug Was Found in Microsoft Exchange, and LockBit Ransomware Operators Are Exploiting It

Hundreds of Microsoft SQL Servers Infected with Maggie Backdoor

Security researchers have discovered a new malware that targets Microsoft SQL servers. The backdoor is dubbed Maggie, has already infected hundreds of machines around the world. The greatest distribution of malware is observed in South Korea, India, Vietnam, China, Russia, Thailand, Germany and the USA. Let me remind you that we also wrote that Fargo… Continue reading Hundreds of Microsoft SQL Servers Infected with Maggie Backdoor