Security News

Attackers began scanning for vulnerabilities just five minutes after Microsoft announced there were four zero-days in Exchange Server, according to Palo Alto Networks. Although research director Rob Rachwald did not elaborate when The Register asked for more detail on its findings, a released report reckoned "Scans began within 15 minutes after Common Vulnerabilities and Exposures announcements were released between January and March."

Crypto.com describes itself as the world's fastest-growing crypto app with over 10 million users across 90+ countries. The network slowdown kept recurring throughout the week, including today and has led to issues such as massive delays in purchases being reflected in the users' accounts.

The Redmond-based firm's Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software. Those who recall the slew of Exchange Server fixes in March and April may experience a sense of deja vu: May brings still more Exchange Server fixes, for Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9.

Technical documentation and proof-of-concept exploit code is available for a high-severity vulnerability in Microsoft Exchange Server that could let remote attackers execute code on unpatched machines. A technical write-up is available since April 26 from security researcher Nguyen Jang, who released in the past a short-lived PoC exploit for ProxyLogon vulnerabilities.

The past four months have exposed two high-profile attacks, which both had pundits declaring them the "Worst-ever" and "Unprecedented." They shared other similarities - both attacked businesses rather than individuals, and affected tens of thousands of organizations. The second hack was against Microsoft Exchange servers and had a more familiar trajectory: Attackers found a series of zero-day vulnerabilities that could be chained together to break into any Exchange servers that were internet-accessible - and steal all the emails and files stored on them.

Cryptocurrency trading platform Hotbit has shut down all services for at least a week after a cyberattack that down several of its services on Thursday evening. Hotbit assured its roughly 2 million registered users from over 210 countries that their cryptocurrency assets were "Safe and secure."

Threat actors are impersonating Chase Bank in two phishing attacks that can slip past Microsoft Exchange security protections in an aim to steal credentials from victims - by spoofing real-life customer scenarios. "These email attacks employed a gamut of techniques to get past traditional email security filters and pass the eye tests of unsuspecting end users," Kumar wrote.

If you're running Microsoft Exchange anywhere in your organisation and you're not extremely concerned about the threat from Hafnium, you haven't been paying attention this year. The Hafnium name refers to both the allegedly Chinese government-linked group which has emerged as the main driver behind a wave of attacks aimed at exploiting zero day vulnerabilities in multiple versions of Exchange, as well as the exploits and malware they are using to gain free rein over your systems.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.