IcedID malware, in the hijacked email thread, with the insecure Exchange servers

Cyber-criminals are using compromised Microsoft Exchange servers to spam out emails designed to infect people’s PCs with IcedID. IcedID is bad news because if you’re tricked into running it, it opens a backdoor allowing further malware, such as ransomware, to Read More …

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft Exchange Server to hijack email chains, by malspamming replies to ongoing email threads, researchers say. What’s still under discussion: whether the offensive is delivering SquirrelWaffle, the new email loader Read More …

Iranian Government-Sponsored APT Cyber Actors Exploiting MS Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities

This joint cybersecurity advisory is the result of an analytic effort among the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC) Read More …

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in Read More …

Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

Bugs in the implementation of Microsoft Exchange’s Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. In a new report by Amit Serper, Guardicore’s AVP of Security Research, the researcher reveals how the incorrect implementation Read More …

Conti ransomware now hacking Exchange servers with ProxyShell exploits

The Conti ransomware gang is hacking into Microsoft Exchange servers and breaching corporate networks using recently disclosed ProxyShell vulnerability exploits. ProxyShell is the name of an exploit utilizing three chained Microsoft Exchange vulnerabilities (CVE-2021-34473, CVE-2021-34523, CVE-2021-31207) that allow unauthenticated, remote Read More …

Exchange Servers Under Active Attack via ProxyShell Bugs

Researchers’ Microsoft Exchange server honeypots are being actively exploited via ProxyShell: The name of an attack disclosed at Black Hat last week that chains three vulnerabilities to enable unauthenticated attackers to perform remote code execution (RCE) and snag plaintext passwords. Read More …

UK and White House blame China for Microsoft Exchange Server hack

The UK government has formally laid the blame for the Microsoft Exchange Server cyberattack at the feet of China. On Monday, the government joined others — including the victim company itself, Microsoft — in claiming the cyberattack was the work Read More …