Microsoft Exchange attacks cause panic as criminals go shell collecting

Credit to Author: Pieter Arntz| Date: Tue, 09 Mar 2021 19:59:37 +0000

The ProxyLogon vulnerability in Microsoft Exchange has moved from an Advanced Persistent Threat to every cybercrime’s new toy in record time.

Categories: Malwarebytes news


(Read more…)

The post Microsoft Exchange attacks cause panic as criminals go shell collecting appeared first on Malwarebytes Labs.

Read more

A Basic Timeline of the Exchange Mass-Hack

Credit to Author: BrianKrebs| Date: Mon, 08 Mar 2021 16:05:32 +0000

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

Read more

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

Credit to Author: BrianKrebs| Date: Fri, 05 Mar 2021 21:07:07 +0000

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

Read more

VMware Flaw a Vector in SolarWinds Breach?

Credit to Author: BrianKrebs| Date: Fri, 18 Dec 2020 18:33:13 +0000

U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks.

Read more