Collaborate Disseminate
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying t… Continue reading Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday. There is currently no fix available – though they are expected to be releas… Continue reading Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)
An APT group is leveraging a critical vulnerability (CVE-2021-44077) in Zoho ManageEngine ServiceDesk Plus to compromise organizations in a variety of sectors, including defense and tech. “Successful exploitation of the vulnerability allows an at… Continue reading Determined APT is exploiting ManageEngine ServiceDesk Plus vulnerability (CVE-2021-44077)
Suspected spies using similar tools and tactics to a Chinese government-connected hacking group compromised nine organizations in the defense, education, energy and health care industries across the globe beginning in September, according to new research. The hackers were “indiscriminate” in targeting that included parts of the U.S. Defense Department, according to Palo Alto Networks, which published its findings on Sunday with an assist from the National Security Agency’s Cybersecurity Collaboration Center. That center primarily works with defense contractors to collect and share threat information. At least one of the victims was a U.S. organization, Palo Alto Networks said, but didn’t name the nine compromised entities. The company “believes that the actor’s primary goal involved gaining persistent access to the network and the gathering and exfiltration of sensitive documents from the compromised organization.” The research comes on the heels of a Sept. 16 warning from the Department of Homeland Security’s Cybersecurity […]
The post Hackers with Chinese links breach defense, energy targets, including one in US appeared first on CyberScoop.
Continue reading Hackers with Chinese links breach defense, energy targets, including one in US
Trend Micro released a research on the state of Linux security in the first half of 2021. The report gives valuable insight into how Linux operating systems are being targeted as organizations increase their digital footprint in the cloud and the perva… Continue reading Coinminers, web shells and ransomware made up 56% of malware targeting Linux systems in H1 2021
Three so-called “ProxyShell” vulnerabilities are being actively exploited by various attackers to compromise Microsoft Exchange servers around the world, the Cybersecurity and Infrastructure Security Agency (CISA) warned over the weekend. T… Continue reading ProxyShell vulnerabilities actively exploited to deliver web shells and ransomware
The volume of cyber intrusion activity globally jumped 125% in the first half of 2021 compared with the same period last year, according to the Cyber Investigations, Forensics & Response (CIFR) mid-year update from Accenture. Cyber intrusion activ… Continue reading Cyber intrusion activity volume jumped 125% in H1 2021
Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. Through January and February 2021, certain hacki… Continue reading FBI removes web shells from hacked Microsoft Exchange servers
The FBI has used a court order to remove malicious code from hundreds of U.S. computers running the Microsoft Exchange Server email program, Justice Department officials announced Tuesday. The court-ordered removal of the web shells, or scripts used by hackers for persistent access, is one of the most aggressive actions taken yet by U.S. government officials or corporate executives to combat the Exchange Server vulnerabilities since Microsoft announced on March 2 that suspected Chinese spies were exploiting them. The alleged Chinese hackers used the flaws to steal emails from targeted organizations, according to private-sector analysts, but an array of scammers have since exploited the bugs for their own purposes. In the days after Microsoft revealed the vulnerabilities, incident responders estimated that tens of thousands of U.S. organizations running Exchange Server could be exposed to potential hacking. Many of those organizations have removed the web shells, but Justice Department officials said […]
The post With court order, FBI removes hundreds of Exchange Server web shells from US organizations appeared first on CyberScoop.
Cyber attackers are increasingly leveraging web shell malware to get persistent access to compromised networks, the US National Security Agency and the Australian Signals Directorate warn. What are web shells? Web shells are malicious scripts that are … Continue reading Web shell malware continues to evade many security tools