Security News

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

Microsoft has discovered web shells deployed by Black Kingdom operators on approximately 1,500 Exchange servers vulnerable to ProxyLogon attacks. More than 30 Black Kingdom submissions coming directly from impacted mail servers have been added to ransomware identification site ID Ransomware starting on March 18.

Two Polish government websites were hacked Wednesday and used briefly to spread false information about a non-existent radioactive threat, in what a Polish government official said had the hallmarks of a Russian cyberattack. The National Atomic Energy Agency and Health Ministry websites briefly carried claims of a supposed nuclear waste leak coming from neighboring Lithuania and threatening Poland.

It happened in July 2020, when many prominent blue-badged Twitter accounts suddenly starting sending out scammy cryptocoin messages. "Feeling greatful , doubling all payments made to my Bitcoin address," said one message, urging people to pay out $1000 now, with a $2000 payback to follow later.

Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. Last month, researchers from the Sakura Samurai hacking group had partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities.

CISA officials said that, so far, there is no evidence of US federal civilian agencies compromised during ongoing attacks targeting Microsoft Exchange servers. "At this point in time, there are no federal civilian agencies that are confirmed to be compromised by this campaign," Eric Goldstein, CISA executive assistant director for cybersecurity, said in a testimony before the Homeland Security Subcommittee.

Unpatched network-attached storage devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. All NAS devices with QNAP firmware released before August 2020 are currently vulnerable to these attacks.

At least 30,000 organizations across the United States - including a significant number of small businesses, towns, cities and local governments - have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

In what's a case of hackers getting hacked, a prominent underground online criminal forum by the name of Maza has been compromised by unknown attackers, making it the fourth forum to have been breached since the start of the year. The intrusion is said to have occurred on March 3, with information about the forum members - including usernames, email addresses, and hashed passwords - publicly disclosed on a breach notification page put up by the attackers, stating "Your data has been leaked" and "This forum has been hacked."

The Maza cybercrime forum was hacked and member data leaked in the latest of a series of attacks targeting mostly Russian-speaking hacker forums. Last night, BleepingComputer was contacted by a newly registered Twitter user who stated that the Maza forum was hacked and member data was leaked.