Security News

A new ransomware called 'Hog' encrypts users' devices and only decrypts them if they join the developer's Discord server. This week, security researcher MalwareHunterTeam found an in-development decryptor for the Hog Ransomware that requires victims to join their Discord server to decrypt their files.

"CISA has determined that this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies and requires emergency action," reads the March 3 alert. "With organizations migrating to Microsoft Office 365 en masse over the last few years, it's easy to forget that on-premises Exchange servers are still in service," Saryu Nayyar, CEO, Gurucul, said via email.

The Department of Homeland Security's cybersecurity unit has ordered federal agencies to urgently update or disconnect Microsoft Exchange on-premises products on their networks. CISA "Strongly" recommended federal agencies to examine their networks to detect malicious activity related to zero-day attacks targeting Exchange servers.

Security researchers warn that multiple cyber-espionage groups are targeting the recently addressed zero-day vulnerabilities in Microsoft Exchange Server and say that more than 300 web shells have been identified on the compromised servers. Managed detection and response solutions provider Huntress says it has already observed more than 200 compromised Exchange Servers that received payloads within the "C:inetpubwwwrootaspnet clientsystem web" directory, and claims to have identified more than 350 web shells to date.

InVue introduces RAC Lock - a simple, scalable, and secure solution for data centers in need of visibility and control to their server racks. For data centers securing personal and business data, implementing robust protocols for both cyber and physical security is paramount, but not without its challenges.

Multiple state-sponsored hacking groups are actively exploiting critical Exchange bugs Microsoft patched Tuesday via emergency out-of-band security updates. Advanced persistent threat groups are currently using "At least" the CVE-2021-26855 Microsoft Exchange Server vulnerability as part of ongoing attacks to achieve remote code execution without authentication on unpatched on-premises Exchange servers.

Our team has been tirelessly working several intrusions since January involving multiple 0-day exploits in Microsoft Exchange. If you use on-prem Microsoft Exchange Servers, you might want to assume you've been hit and start checking and then updating.

Microsoft this week announced Secured-core Server and Edge Secured-core, two solutions aimed at improving the security of servers and connected devices. Initially announced in 2019, Secured-core is the result of a partnership between Microsoft and hardware manufacturers, and its goal is to add a security layer that combines identity, virtualization, operating system, hardware and firmware protection capabilities.

Microsoft says Beijing-backed hackers are exploiting four zero-day vulnerabilities in Exchange Server to steal data from US-based defense contractors, law firms, and infectious disease researchers. Gain access to an Exchange Server either using stolen passwords or by using zero-day vulnerabilities, and disguise themselves as a legitimate user.

Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers. In all, Microsoft said the attacker chained four zero-days into a malware cocktail targeting its Exchange Server product.