Detecting and preventing LSASS credential dumping attacks

Obtaining user operating system OS credentials from a targeted device is among threat actors’ primary goals when launching attacks because these credentials serve as a gateway to various objectives they can achieve in their target organization’s environment, such as lateral movement. One techniqu...

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. The advisory comes from Vietnamese cybersecurity company GTSC, which...

Defending Against Scheduled Task Attacks in Windows Environments

Scheduling tasks is one of the most popular attack techniques used by threat actors to establish persistence on a victim’s machine. The Qualys Research Team investigated different ways that attackers could use to conceal scheduled tasks. In this blog, we describe three new techniques to hide and...

Millions of Java Apps Remain Vulnerable to Log4Shell

Four months after the discovery of the zero-day Log4Shell critical flaw, millions of Java applications still remain vulnerable to compromise, researchers have found. Rezilion expected that due to the “massive amount of media coverage” the bug unsurprisingly received, the majority of applications...

Tarrask malware uses scheduled tasks for defense evasion

As Microsoft continues to track the high-priority state-sponsored threat actor HAFNIUM, new activity has been uncovered that leverages unpatched zero-day vulnerabilities as initial vectors. The Microsoft Detection and Response Team DART in collaboration with the Microsoft Threat Intelligence Cent...

Hackers Begin Exploiting Second Log4j Vulnerability as a Third Flaw Emerges

Web infrastructure company Cloudflare on Wednesday revealed that threat actors are actively attempting to exploit a second bug disclosed in the widely used Log4j logging utility, making it imperative that customers move quickly to install the latest version as a barrage of attacks continues to...

Relentless Log4j Attacks Include State Actors, Possible Worm

Call it a “logjam” of threats: Attackers including nation-state actors have already targeted half of all corporate global networks in security companies’ telemetry using at least 70 distinct malware families — and the fallout from the Log4j vulnerability is just beginning. Researchers manning...

How to Reduce Exchange Server Downtime in Case of a Disaster?

Exchange Server downtime may occur at any point in time due to several reasons, such as malware attack, server crash, database corruption, and hardware or software-related issues/incompatibility. However, downtime can impact productivity and lead to data loss that can have severe implications on...

US, EU, UK, NATO blame china for “reckless” Exchange attacks

Do you remember back when the latest urgent update was a vulnerability in Microsoft Exchange? How is that only four months ago? The trigger for the urgent advice in March was the fact that Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchang...

US and Global Allies Accuse China of Massive Microsoft Exchange Attack

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security MSS. ...

APT trends report Q1 2021

For four years, the Global Research and Analysis Team GReAT at Kaspersky has been publishing quarterly summaries of advanced persistent threat APT activity. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in...

FBI accessing computers across US to remove malicious web shells

By Deeba Ahmed FBI is Accessing Computers Across the Us to Prevent Hafnium from Exploiting MS Exchange Server Vulnerabilities - All without telling owners. This is a post from HackRead.com Read the original post: FBI accessing computers across US to remove malicious web shells...

Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures

Introduction On 2 March 2021, Microsoft and Veloxity produced disclosures outlining the discovery of four zero day vulnerabilities affecting multiple versions of Microsoft Exchange Server. Each of the vulnerabilities have been attributed a severity rating from high to critical, however the most...

Exploit for Server-Side Request Forgery in Microsoft

proxylogon Proof-of-concept exploit for CVE-2021-26855 and CV...

Defending Against the Zero Day: Analyzing Attacker Behavior Post-Exploitation of Microsoft Exchange

In recent weeks, there has been quite a lot of reporting on the exploitation of the latest disclosed vulnerabilities in Microsoft’s Exchange Server by an attacker referred to as HAFNIUM. One of the major reasons these latest vulnerabilities are so dangerous and appealing to attackers is that they...

Exploit for Server-Side Request Forgery in Microsoft

!https://github.com/SCS-Labs/Images/raw/main/SCS%20-%20HAFNIU...

ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks

The U.S. Cybersecurity and Infrastructure Security Agency CISA and the Federal Bureau of Investigation FBI on Wednesday issued a joint advisory warning of active exploitation of vulnerabilities in Microsoft Exchange on-premises products by nation-state actors and cybercriminals. "CISA and FBI...

Hafnium Update: Continued Microsoft Exchange Server Exploitation

Update 3/11: The following OSQuery detects active commands being run through webshells observed used by actors on compromised Exchange servers. While systems may have been patched to defend against Hafnium and others, threat actors may have leveraged these vulnerabilities to establish additional...

Microsoft Exchange attacks cause panic as criminals go shell collecting

Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update...

TAU Threat Advisory: Microsoft Exchange Servers Targeted with Four Zero-day Exploits

The following advisory from VMware Threat Analysis Unit TAU is to provide guidance, best practices and capabilities to identify risk, prevent, detect and respond to this emerging threat. Summary On March 2, 2021 Microsoft announced four zero-day vulnerabilities CVE-2021-26855, CVE-2021-26857,...