Patching alone is not enough: Investigate your exposure windows

Credit to Author: Greg Iddon| Date: Thu, 25 Mar 2021 12:12:56 +0000

TL;DR Patching alone is not enough Timebox your exposure windows Search your exposure windows for indicators of compromise, misuse, and persistence Microsoft has published guidance for responders Sophos has also published guidance for responders Follow the Sophos Investigative Framework for observables If you are compromised and need assistance, call our Rapid Response team If you’re [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/FrZdlp1VvoM” height=”1″ width=”1″ alt=””/>

Read more

Black Kingdom ransomware begins appearing on Exchange servers

Credit to Author: Mark Loman| Date: Tue, 23 Mar 2021 22:08:10 +0000

A novel, if not particularly well made, ransomware is spreading to Exchange servers that haven’t been patched against the ProxyLogon exploit<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/ssVNHdak6Bk” height=”1″ width=”1″ alt=””/>

Read more

MTR in Real-Time: Exchange ProxyLogon Edition

Credit to Author: Michael Heller| Date: Wed, 17 Mar 2021 16:32:29 +0000

The recently reported collection of Microsoft Exchange Server zero-day vulnerabilities has rocked the infosec world, impacting tens of thousands of organizations around the world, with some estimates exceeding 100,000 and growing by the day. The exploitations seen in the wild were first attributed to a nation state actor dubbed Hafnium, but the vulnerabilities and attacks [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/GdZsNVuZwSw” height=”1″ width=”1″ alt=””/>

Read more

DearCry ransomware: what it is and how to stop it

Credit to Author: Editor| Date: Fri, 12 Mar 2021 20:10:21 +0000

DearCry is a new ransomware variant that exploits the same vulnerabilities in Micosoft Exchange as Hafnium. It creates encrypted copies of the attacked files and deletes the originals. DearCry’s encryption is based on a public-key cryptosystem. The public encryption key is embedded in the ransomware binary, meaning it does not need to contact the attacker’s [&#8230;]<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/UWPdGbZMKV8″ height=”1″ width=”1″ alt=””/>

Read more

Microsoft Exchange attacks cause panic as criminals go shell collecting

Credit to Author: Pieter Arntz| Date: Tue, 09 Mar 2021 19:59:37 +0000

The ProxyLogon vulnerability in Microsoft Exchange has moved from an Advanced Persistent Threat to every cybercrime’s new toy in record time.

Categories: Malwarebytes news

Tags:

(Read more…)

The post Microsoft Exchange attacks cause panic as criminals go shell collecting appeared first on Malwarebytes Labs.

Read more

Critical updates dominate March, 2021 Patch Tuesday releases

Credit to Author: Andrew Brandt| Date: Tue, 09 Mar 2021 18:01:13 +0000

Fixes urgently required for DNS and Exchange servers, as well as for all desktop Windows machines<img src=”http://feeds.feedburner.com/~r/sophos/dgdY/~4/GCwZEWd0Lbo” height=”1″ width=”1″ alt=””/>

Read more

A week in security (March 1 – 7)

Credit to Author: Malwarebytes Labs| Date: Mon, 08 Mar 2021 13:04:31 +0000

A roundup of cybersecurity news from March 1 – 7, including Ryuk going worm, Exchange servers under attack, stolen VPN data, and more.

Categories: A week in security

Tags:

(Read more…)

The post A week in security (March 1 – 7) appeared first on Malwarebytes Labs.

Read more