Security News

The U.S. Department of the Treasury's Office has announced sanctions against the cryptocurrency exchange Garantex, which has been linked to illegal transactions for Hydra Market. The United States is sanctioning the world's largest darknet market for Russian speakers, Hydra, and the virtual currency exchange Garantex.

Bug hunters that discover and report high-impact security vulnerabilities in on-premises Exchange, SharePoint and Skype for Business may earn as much as $26,000 per eligible submission, Microsoft has announced. The highest awards will go to those who discover vulnerabilities that have the highest potential impact to customer security.

Microsoft has announced that Exchange, SharePoint, and Skype for Business on-premises are now part of the Applications and On-Premises Servers Bounty Program starting today. With the expansion of this bug bounty program, security researchers who find and report vulnerabilities affecting on-premises servers are eligible for awards ranging from $500 up to $26,000.

The ever-evolving banking trojan IcedID is back again with a phishing campaign that uses previously compromised Microsoft Exchange servers to send emails that appear to come from legitimate accounts. The actors behind IcedID - as well as other spearphishers - have previously used phishing emails that "Reuse previously stolen emails to make the lure more convincing," researchers wrote.

A threat actor is exploiting vulnerable on-prem Microsoft Exchange servers and using hijacked email threads to deliver the IceID trojan without triggering email security solutions. The threat actor - believe to be an initial access broker - compromises vulnerable on-prem Microsoft Exchange servers and existing email accounts, then hijacks email threads by replying to them.

Cyber-criminals are using compromised Microsoft Exchange servers to spam out emails designed to infect people's PCs with IcedID,. It popped up last year when crooks hijacked a BP Chargemaster domain to spam out emails to spread IcedID. On Monday, Fortinet's FortiGuard Labs said it observed an email sent to a Ukrainian fuel company with a.zip containing a file that when opened drops IcedID on the PC. Security vendor Intezer also on Monday said it had seen unsecured Microsoft Exchange servers spamming out IcedID emails.

The distribution of the IcedID malware has seen a spike recently due to a new campaign that hijacks existing email conversation threads and injects malicious payloads that are hard to spot.The ongoing IcedID campaign was discovered this month by researchers at Intezer, who have shared their findings with Bleeping Computer prior to publication.

A new email phishing campaign has been spotted leveraging the tactic of conversation hijacking to deliver the IceID info-stealing malware onto infected machines by making use of unpatched and publicly-exposed Microsoft Exchange servers. "The emails use a social engineering technique of conversation hijacking," Israeli company Intezer said in a report shared with The Hacker News.

Microsoft has addressed 71 security flaws, including three critical remote code execution vulnerabilities, in its monthly Patch Tuesday update. Yes, an attacker needs to be authenticated, though Sophos Lab threat researcher Christopher Budd noted: "Given what we've seen recently around attacks against Exchange vulnerabilities, the critical severity rating and the nature of the vulnerability makes this an issue that should be patched as soon as possible."

Microsoft marks March 2022 Patch Tuesday with patches for 71 CVE-numbered vulnerabilities, including three previously unknown "Critical" ones and three "Important" ones that were already public. "If an attacker can lure an affected RDP client to connect to their RDP server, the attacker could trigger code execution on the targeted client," says Dustin Childs, with Trend Micro's Zero Day Initiative.