Security News

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name. The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

More than a week after Microsoft released a one-click mitigation tool to mitigate cyberattacks targeting on-premises Exchange servers, the company disclosed that patches have been applied to 92% of all internet-facing servers affected by the ProxyLogon vulnerabilities. According to telemetry data from RiskIQ, there are roughly 29,966 instances of Microsoft Exchange servers still exposed to attacks, down from 92,072 on March 10.

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft. Our work continues, but we are seeing strong momentum for on-premises Exchange Server updates: 92% of worldwide Exchange IPs are now patched or mitigated.

Exploit the Exchange bugs to write a booby-trapped web file called a webshell onto a vulnerable server. Although Hafnium attacks were associated with Microsoft Exchange in media coverage, the attacks these crooks were carrying out once they got in were not specific to networks using Exchange.

Derek Manky, Chief of Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, gives insight into the surge in attacks against vulnerable Microsoft Exchange servers over the last week. Weeks after the disclosure around the ProxyLogon group of security bugs, exploitation attempts against unpatched Microsoft Exchange servers have skyrocketed.

Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday. A total of 400,000 Internet-connected Exchange servers were impacted by the ProxyLogon vulnerabilities when Microsoft issued the initial security patches, on March 2, with over 100,000 of them still unpatched one week later, on March 9.

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.

Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers. Over the weekend, security researcher Marcus Hutchins, aka MalwareTechBlog, tweeted that a threat actor was compromising Microsoft Exchange servers via the ProxyLogon vulnerabilities to deploy ransomware.