Security News

State-sponsored hackers affiliated with North Korea have been behind a slew of attacks on cryptocurrency exchanges over the past three years, new evidence has revealed. Attributing the attack with "Medium-high" likelihood to the Lazarus Group, researchers from Israeli cybersecurity firm ClearSky said the campaign, dubbed "CryptoCore," targeted crypto exchanges in Israel, Japan, Europe, and the U.S., resulting in the theft of millions of dollars worth of virtual currencies.

The Microsoft Exchange admin portal is currently inaccessible from some browsers after Microsoft forgot to renew the SSL certificate for the website. Starting at 8 AM EST today, Microsoft Exchange admins who attempted to access the admin portal at admin.

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft's announcement, Palo Alto Networks reveals in a new report. Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks. Although research director Rob Rachwald did not elaborate when The Register asked for more detail on its findings, a released report reckoned "Scans began within 15 minutes after Common Vulnerabilities and Exposures announcements were released between January and March."

Crypto.com describes itself as the world's fastest-growing crypto app with over 10 million users across 90+ countries. The network slowdown kept recurring throughout the week, including today and has led to issues such as massive delays in purchases being reflected in the users' accounts.

The Redmond-based firm's Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software. Those who recall the slew of Exchange Server fixes in March and April may experience a sense of deja vu: May brings still more Exchange Server fixes, for Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9.

Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.

The past four months have exposed two high-profile attacks, which both had pundits declaring them the "Worst-ever" and "Unprecedented." They shared other similarities - both attacked businesses rather than individuals, and affected tens of thousands of organizations. The second hack was against Microsoft Exchange servers and had a more familiar trajectory: Attackers found a series of zero-day vulnerabilities that could be chained together to break into any Exchange servers that were internet-accessible - and steal all the emails and files stored on them.

Cryptocurrency trading platform Hotbit has shut down all services for at least a week after a cyberattack that down several of its services on Thursday evening. Hotbit assured its roughly 2 million registered users from over 210 countries that their cryptocurrency assets were "Safe and secure."

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. "These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.