Security News

CISA: Hackers exploit critical Bitbucket Server flaw in attacks
2022-09-30 17:01

The Cybersecurity and Infrastructure Security Agency has added three more security flaws to its list of bugs exploited in attacks, including a Bitbucket Server RCE and two Microsoft Exchange zero-days.While Microsoft hasn't yet released security updates to address this pair of actively exploited bugs, it shared mitigation measures requiring customers to add an IIS server blocking rule that would block attack attempts.

Stop us if you've heard this one before: Exchange Server zero-days actively exploited
2022-09-30 03:03

Security researchers have warned a zero-day flaw in Microsoft's Exchange server is being actively exploited. A second flaw, ZDI-CAN-18802, is rated 6.3/10. "Details of the flaws are scanty, with GTSC's post detailing its observations of webshells with Chinese characteristics being dropped onto Exchange servers. Those webshells then"injects malicious DLLs into the memory, drops suspicious files on the attacked servers, and executes these files through the Windows Management Instrumentation Command line.

New malware backdoors VMware ESXi servers to hijack virtual machines
2022-09-29 13:00

Hackers have found a new method to establish persistence on VMware ESXi hypervisors to control vCenter servers and virtual machines for Windows and Linux while avoiding detection.A modified level of trust is not enough for the ESXi system to accept it by default but the attacker also used the '-force' flag to install the malicious VIBs.

MS SQL servers are getting hacked to deliver ransomware to orgs
2022-09-27 09:18

Cybercriminals wielding the FARGO ransomware are targeting Microsoft SQL servers, AhnLab's ASEC analysis team has warned. They haven't pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts.

SQL Server admins warned about Fargo ransomware
2022-09-26 16:00

Organizations are being warned about a wave of attacks targeting Microsoft SQL Server with ransomware known as Fargo, which encrypts files and threatens victims that their data may be published online if they do not pay up. The warning comes in a blog posting from analysts at the AhnLab Security Emergency Response Center, which says that Fargo is one of the most prominent ransomware strains targeting vulnerable SQL Server instances, and was previously also known as Mallox because it used the file extension.

Microsoft SQL servers hacked in TargetCompany ransomware attacks
2022-09-24 15:12

Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.

Hackers Using Malicious OAuth Apps to Take Over Email Servers
2022-09-23 05:14

Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam. The unauthorized access to the cloud tenant permitted the adversary to register a malicious OAuth application and grant it elevated permissions, and eventually modify Exchange Server settings to allow inbound emails from specific IP addresses to be routed through the compromised email server.

Microsoft Exchange servers hacked via OAuth apps for phishing
2022-09-22 17:13

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server."

Hackers Targeting Unpatched Atlassian Confluence Servers to Deploy Crypto Miners
2022-09-22 06:17

A now-patched critical security flaw affecting Atlassian Confluence Server that came to light a few months ago is being actively exploited for illicit cryptocurrency mining on unpatched installations. In one of the infection chains observed by the cybersecurity company, the flaw was leveraged to download and run a shell script on the victim's machine, which, in turn, fetched a second shell script.

TeamTNT hijacking servers to run Bitcoin encryption solvers
2022-09-18 14:07

The recent attacks bear various signatures linked to TeamTNT and rely on tools previously deployed by the gang, indicating that the threat actor is likely making a comeback. The researchers observed three attack types being used in the allegedly new TeamTNT attacks, with the most interesting one being to use the computational power of hijacked servers to run Bitcoin encryption solvers.