Experts from the FBI, the US Department of Homeland Security (DHS CISA), the Australian Cybersecurity Center (ACSC), and the UK National Cybersecurity Center (NCSC) have published joint security advisories that list the most attacked and most popular vulnerabilities among criminals in 2020 and 2021. Based on data collected by the US government, most of the… Continue reading Experts published a list of the most attacked vulnerabilities in 2020-2021
Tag: ProxyLogon
Microsoft reported about activity of the LemonDuck malware
Microsoft researchers have published a detailed analysis of the LemonDuck mining malware and reported that cross-platform malware continues to improve. LemonDuck is capable of attacking Windows and Linux, exploits old vulnerabilities and uses various distribution mechanisms to improve the effectiveness of its campaigns. LemonDuck activity was first discovered in China in May 2019. Later, in… Continue reading Microsoft reported about activity of the LemonDuck malware
US and UK accused China for attacks on Microsoft Exchange servers
The United States and a coalition of its allies, including the EU, Britain and NATO, have formally accused China and its authorities of a large-scale hacking campaign to break into Microsoft Exchange servers. Let me remind you that these attacks have been going on since the beginning of 2021 and are targeted tens of thousands… Continue reading US and UK accused China for attacks on Microsoft Exchange servers
Epsilon Red ransomware threatens Microsoft Exchange servers
Sophos experts have discovered the Epsilon Red ransomware that exploits vulnerabilities in Microsoft Exchange servers to attack other machines on the network. Experts write that the malware is based on many different scripts, and Epsilon Red operators use a commercial remote access utility in attacks. Epsilon Red was discovered last week while investigating an attack… Continue reading Epsilon Red ransomware threatens Microsoft Exchange servers
GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
Prometei botnet attacks vulnerable Microsoft Exchange servers
Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. Researchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail… Continue reading Prometei botnet attacks vulnerable Microsoft Exchange servers
FBI removed web shells from vulnerable Microsoft Exchange servers without informing owners
The US Department of Justice reported that a court in early April granted the FBI special powers and the bureau removed web shells previously installed by hackers on vulnerable Exchange servers in the United States. The FBI also had the power to remove other malware (without notification of the server owners). The FBI did not… Continue reading FBI removed web shells from vulnerable Microsoft Exchange servers without informing owners
Hackers attack Microsoft Exchange servers on behalf of Brian Krebs
The well-known information security expert, journalist and author of the KrebsOnSecurity blog has repeatedly become a target for attacks and mockery of hackers. Now hackers are attack Microsoft Exchange servers with Proxylogon vulnerabilities on behalf of Brian Krebs. The fact is that Krebs is famous for his investigations and revelations, and over the long years… Continue reading Hackers attack Microsoft Exchange servers on behalf of Brian Krebs
Microsoft Introduces One-Click ProxyLogon Fix Tool
Microsoft developers have released a tool called EOMT (Exchange On-premises Mitigation Tool) designed to install updates on Microsoft Exchange servers and one-click ProxyLogon vulnerabilities fix. The utility is already available for download on the company’s GitHub. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail server, which the… Continue reading Microsoft Introduces One-Click ProxyLogon Fix Tool
GitHub removed ProxyLogon exploit and has been criticized
The administration of the GitHub service has removed a real working exploit for the ProxyLogon vulnerabilities in Microsoft Exchange, though information security specialists have sharply criticized GitHub. Yesterday we wrote that an independent information security researcher from Vietnam published on GitHub the first real PoC exploit for a serious set of ProxyLogon vulnerabilities recently discovered… Continue reading GitHub removed ProxyLogon exploit and has been criticized