Security News
The massive attack on Microsoft Exchange servers in March may have been China harvesting information to train AI systems, according to US government officials and computer-security experts who talked to NPR. The plundering of these Exchange systems was attributed to Chinese government cyber-spies known as Hafnium; Beijing denied any involvement. It's said the crew exploited four zero-days in Redmond's mail software in a chain to hijack the servers and siphon off data.
U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure on July 3, 2021.
U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Institute for Vulnerability Disclosure on July 3, 2021.
American software company Kaseya has issued a security update to patch server-side Kaseya Unitrends zero-day vulnerabilities found by security researchers at the Dutch Institute for Vulnerability Disclosure. Kaseya Unitrends is a cloud-based enterprise backup and recovery solution provided as a stand-alone solution or an add-on for Kaseya's VSA remote management platform.
Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions. Although Microsoft fully patched the ProxyShell bugs by May 2021, they didn't assign CVE IDs for the vulnerabilities until July, preventing some orgs with unpatched servers from discovering that they had vulnerable systems on their networks.
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. Over the weekend, the Cybersecurity & Infrastructure Security Agency issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Security Update.
A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of an attack consisting of three chained Microsoft Exchange vulnerabilities that result in unauthenticated, remote code execution.
By leveraging more than 20 known vulnerabilities in Linux and Windows servers, the HolesWarm cryptominer malware has been able to break into more than 1,000 cloud hosts just since June. The basic cryptominer botnet has been so successful at juggling so many different known vulnerabilities between attacks, researchers at Tencent who first identified HolesWarm refer to the malware as the "King of Vulnerability Exploitation."
Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall until the end of August. They have abused the CVE-2018-13379 Fortinet SSL VPN vulnerability to compromise Internet-exposed U.S. election support systems, with Fortinet warning customers to patch the flaw in August 2019, July 2020, November 2020, and again in April 2021.
Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall installations. Financially motivated and state-sponsored threat actors have been heavily targeting unpatched Fortinet servers over the years.