Security News

Scans for Vulnerable Exchange Servers Started 5 Minutes After Disclosure of Flaws
2021-05-20 09:26

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft's announcement, Palo Alto Networks reveals in a new report. Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

Hetzner cloud server provider bans cryptocurrency mining
2021-05-19 21:31

Popular German cloud hosting and dedicated server provider Hetzner has banned cryptomining on its servers after users have been using their large storage devices to mine Chia. For those not familiar with Chia, instead of mining the cryptocurrency with specialized equipment or graphics cards, it uses a new mining system called Proof of Space and Proof of Time.

Magecart Goes Server-Side in Latest Tactics Changeup
2021-05-17 21:46

Magecart Group 12, known for skimming payment information from online shoppers, was fingered for last September's gonzo attack on more than 2,000 e-Commerce sites, and now researchers have issued a report explaining how they did it, detailing a new technical approach. The credit-card skimmer group is using PHP web shells to gain remote administrative access to the sites under attack to steal credit-card data, rather than using their previously favored JavaScript code, which they simply injected into vulnerable sites to log the information keyed into online checkout sites, according to Malwarebytes Labs' Threat Intelligence Team.

DarkSide Ransomware Suffers ‘Oh, Crap!’ Server Shutdowns
2021-05-14 16:05

The DarkSide takedown sent shockwaves through other underground forums, many of which deleted all ransomware topics. That's likely a reference to "Deshirfrator," or "Decryptor" in Russian: The tools that typically are as far from free as ransomware attackers can make them.

DarkSide Ransomware Gang Quits After Servers, Bitcoin Stash Seized
2021-05-14 15:44

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

DarkSide ransomware servers reportedly seized, operation shuts down
2021-05-14 14:37

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and CDN servers due to law enforcement action.

DarkSide ransomware servers reportedly seized, REvil restricts targets
2021-05-14 14:37

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and DoS servers due to law enforcement action.

QNAP warns of eCh0raix ransomware attacks, Roon Server zero-day
2021-05-14 12:49

QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage devices. "The eCh0raix ransomware has been reported to affect QNAP NAS devices," the company said.

Microsoft's new project ports Linux eBPF to Windows 10, Server
2021-05-12 15:09

Microsoft has launched a new open-source project that aims to add to Windows the benefits of eBPF, a technology first implemented in Linux that allows attaching programs in both kernel and user applications. Microsoft's effort builds on the work of the eBPF community by adding a compatibility layer that turns existing eBPF open-source projects into submodules that can work on top of Windows 10 and Windows Server 2016 and later.

Microsoft emits more fixes for Exchange Server plus patches for remote-code exec holes in HTTP stack, Visual Studio
2021-05-11 19:08

The Redmond-based firm's Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software. Those who recall the slew of Exchange Server fixes in March and April may experience a sense of deja vu: May brings still more Exchange Server fixes, for Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9.