Security News

The Security Service of Ukraine took down a network of cryptocurrency exchanges used to anonymize transactions since the beginning of 2021. "The clandestine cryptocurrency exchanges were in demand because they provided anonymity of transactions and possibility of money laundering," the SBU said.

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. ProxyShell is the name given to a series of vulnerabilities - CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207 - that can be chained for unauthenticated remote code execution, allowing an attacker to take complete control of an Exchange server.

Organizations have been warned that hackers have started scanning the internet for Microsoft Exchange servers affected by a series of vulnerabilities that were disclosed by researchers last week. Orange Tsai, principal researcher at security consulting firm DEVCORE, discovered that Microsoft Exchange servers are affected by three vulnerabilities that can be exploited by unauthenticated attackers for remote code execution.

Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together.

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan on compromised systems. Attributing the intrusions to a threat actor named PKPLUG, Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers.

Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Threat actors used similar tactics to those exposed recently in the Hafnium zero-day attacks - which were recently blamed on China and condemned by the White House - that exploited ProxyLogon vulnerabilities in Microsoft Exchange Servers to gain access to the targeted networks, according to the report.

China has very firmly pushed back against the accusation it paid contractors to attack Microsoft's Exchange Server. The USA, UK, NATO and other nations on Monday named China as the source of the attack.

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security. "In a statement issued by the White House on Monday, the administration said,"with a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.

Mastercard announced it will enhance its card program for cryptocurrency wallets and exchanges, making it simpler for partners to convert cryptocurrency to traditional fiat currency. Working with Evolve Bank & Trust and Paxos Trust Company, the leading blockchain infrastructure and regulated stablecoin issuance platform, and Circle, a global financial technology firm and the principal operator of the USD Coin, a dollar digital currency or stablecoin, Mastercard and its partners will test this new capability to enable more banks and crypto companies to offer a card option to people wanting to spend their digital assets anywhere Mastercard is accepted.

The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes. The United States and several allies have officially pointed the finger at China for the recent hack of Microsoft Exchange server as well as an ongoing series of cyberattacks carried out by contract hackers for personal profit.