Security News

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "Convincing personas" to buy space on legitimate websites for running the malicious ads, Tag Barnakle is "Able to bypass this initial hurdle completely by going straight for the jugular - mass compromise of ad serving infrastructure," said Confiant security researcher Eliya Stein in a Monday write-up.

Microsoft Edge's update server is suffering a worldwide outage preventing users from updating to the newly released version 90 of the web browser. In tests conducted by BleepingComputer just now, the update server still has problems, as shown below.

U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States. "The effort by the FBI, as described in the Justice Department press release, amounts to the FBI gaining access to private servers. Just that should be a full stop that the action is not ok. While I understand the good intention - the FBI wants to remove the backdoor - this sets a dangerous precedent where law enforcement is given broad permission to access private servers."

Jack Wallen shows you how to add an SSH tarpit to Ubuntu Server with the help of endlessh. Essentially, a tarpit will run on the standard SSH port and, when a hacker attempts to break through that port, they'll wind up stuck in an endless loop.

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw in attacks late last year.

As we explained in a recent Serious Security article on Naked Security, a crook who can upload a file into a Windows server directory where web data is stored doesn't merely get a chance to pollute your web server with fake content, as bad as that would be on its own. Despite several weeks of urgent warnings, not least from Naked Security, there are still plenty of unpatched servers out there just waiting to get pwned.

Federal authorities in the U.S. have swooped in to eliminate malicious backdoor code planted by attackers on vulnerable Microsoft Exchange servers across the country. This latest effort eliminated the remaining web shells of one specific hacking group, which would have given it persistent access to Exchange servers in the U.S. had they remained.

Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access email accounts and place web shells for continued access.

FBI agents executed a court-authorized cyber operation to delete malicious web shells from hundreds of previously hacked Microsoft Exchange servers in the United States, unbeknownst to their owners, the U.S. Department of Justice said Tuesday. After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers.

The FBI deleted web shells installed by criminals on hundreds of Microsoft Exchange servers across the United States, it was revealed on Tuesday. "Although many infected system owners successfully removed the web shells from thousands of computers, others appeared unable to do so, and hundreds of such web shells persisted unmitigated," the Justice Department noted in an announcement.