Security News

Microsoft Exchange servers around the world are still getting compromised via the ProxyLogon and three other vulnerabilities patched by Microsoft in early March. A. Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers.

Software giant Microsoft Corp. has launched an investigation to determine whether one of its flagship information-sharing programs sprung a leak that led to the widespread exploitation of Exchange server deployments around the world. According to a bombshell report in the Wall Street Journal, Redmond is looking closely at its Microsoft Active Protections Program to figure out if an anti-malware partner in China leaked proof-of-concept code ahead of the availability of security updates.

Doctoral student Riccardo Paccagnella, master's student Licheng Luo, and assistant professor Christopher Fletcher, all from the University of Illinois at Urbana-Champaign, delved into the way CPU ring interconnects work, and found they can be abused for side-channel attacks. "It is the first attack to exploit contention on the cross-core interconnect of Intel CPUs," Paccagnella told The Register.

The recent cyberattack that forced the Dutch Research Council to take its servers offline and suspend grant allocation processes was caused by the DoppelPaymer ransomware gang. Since NWO does not cooperate with cybercriminals, DoppelPaymer published proof of the stolen internal data on their leak site.

Another human-related error - this time a flaw in a health department website in the state of Bengal, India - has exposed the confidential results of COVID-19 tests as well as personally identifying information for an entire geographic region's population. Test results related to more than 8 million people potentially were exposed before the agency fixed the error, according to a security researcher.

Just as the cybercriminals behind the Clop ransomware operation made public information supposedly stolen from Canadian business jet manufacturer Bombardier, the company confirmed suffering a data breach. In a Thursday statement, the jet maker revealed that an unauthorized party was able to access and steal data by exploiting a vulnerability in "a third-party file-transfer application." While the company did not say which third-party software was compromised, the general characteristics of the incident suggest it was Accellion's FTA service.

The Clop ransomware gang claims to have stolen documents from aerospace giant Bombardier's defense division - and has leaked what appears to be a CAD drawing of one of its military aircraft products, raising fears over what else they've got. Bombardier confirmed its security had been breached, putting out a public statement only minutes after The Register grilled the Canadian business jet maker on the Clop gang's claims.

Chinese state hackers cloned and started using an NSA zero-day exploit almost three years before the Shadow Brokers hacker group publicly leaked it in April 2017. "To our surprise, we found out that this APT31 exploit is in fact a reconstructed version of an Equation Group exploit called 'EpMe'," Check Point said.

A Chinese threat actor known as APT31 likely acquired and cloned one of the Equation Group's exploits three years before the targeted vulnerability was publicly exposed as part of Shadow Brokers' "Lost in Translation" leak, cybersecurity firm Check Point says in a new report. Attributed to APT31, a Chinese hacking group also tracked as Zirconium, the exploit for this vulnerability is the clone of an Equation Group exploit code-named "EpMe," Check Point says.

Brave has patched up its privacy-focused web browser after it was spotted leaking its Tor users' dark-web habits. Onion domains visited by the browser to whatever DNS servers the software was configured to use for non-Tor websites, allowing whoever operates those DNS servers - or anyone who can snoop on the queries in transit - to figure out the kinds of hidden services frequented by an individual user.