New Lemon Duck variants exploiting Microsoft Exchange Server

Credit to Author: rajeshnataraj| Date: Fri, 07 May 2021 12:30:35 +0000

In March, Microsoft published a set of critical fixes to Exchange Server following the discovery of  ProxyLogon–an exploit that was stolen or leaked from researchers within hours of its disclosure to Microsoft. The exploit is now widely available to cybercriminals, and unpatched and vulnerable Microsoft Exchange Servers continue to attract many threat actors to install cryptocurrency-miners, [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/f5mbGzsxNSo” height=”1″ width=”1″ alt=””/>

Read more

FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box

Credit to Author: Malwarebytes Labs| Date: Wed, 14 Apr 2021 16:36:30 +0000

The FBI has accessed hundreds of compromised Exchange servers and deleted web shells placed there by attackers, without asking their admins.

Categories: Hacking

Tags:

(Read more…)

The post FBI shuts down malware on hundreds of Exchange servers, opens Pandora’s box appeared first on Malwarebytes Labs.

Read more

Black Kingdom ransomware begins appearing on Exchange servers

Credit to Author: Mark Loman| Date: Tue, 23 Mar 2021 22:08:10 +0000

A novel, if not particularly well made, ransomware is spreading to Exchange servers that haven’t been patched against the ProxyLogon exploit<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ssVNHdak6Bk” height=”1″ width=”1″ alt=””/>

Read more

ProxyLogon PoCs trigger a game of whack-a-mole

Credit to Author: Pieter Arntz| Date: Tue, 16 Mar 2021 18:15:04 +0000

Microsoft and others are trying to keep working ProxyLogon PoCs out of the hands of cybercriminals and script-kiddies.

Categories: Exploits and vulnerabilities

Tags:

(Read more…)

The post ProxyLogon PoCs trigger a game of whack-a-mole appeared first on Malwarebytes Labs.

Read more

Ransomware is targeting vulnerable Microsoft Exchange servers

Credit to Author: Malwarebytes Labs| Date: Fri, 12 Mar 2021 19:35:26 +0000

Attacks using the ProxyLogon Microsoft Exchange vulnerability have taken a new twist: DearCry ransomware.

Categories: Ransomware

Tags:

(Read more…)

The post Ransomware is targeting vulnerable Microsoft Exchange servers appeared first on Malwarebytes Labs.

Read more