Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyHell Modernized ProxyShell Exploit CVE-20...

ProxyVulns

ProxyVulns ProxyLogon Usage: python3 26855.py 1.1.1.1 ProxyOracle url Once a victim clicks this link, evil.com will receive the cookies...

BlackByte blends tried-and-true tradecraft with newly disclosed vulnerabilities to support ongoing attacks

The BlackByte ransomware group continues to leverage tactics, techniques and procedures TTPs that have formed the foundation of its tradecraft since its inception, continuously iterating its use of vulnerable drivers to bypass security protections and deploying a self-propagating, wormable...

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian cybersecurity firm Positive Technologies said it identified over 30 victims spanning government agencies, bank...

Free Decryptor Released for Black Basta and Babuk's Tortilla Ransomware Victims

A decryptor for the Tortilla variant of the Babuk ransomware has been released by Cisco Talos, allowing victims targeted by the malware to regain access to their files. The cybersecurity firm said the threat intelligence it shared with Dutch law enforcement authorities made it possible to arrest...

Major Cybersecurity Agencies Collaborate to Unveil 2022's Most Exploited Vulnerabilities

A four-year-old critical security flaw impacting Fortinet FortiOS SSL has emerged as one of the most routinely and frequently exploited vulnerabilities in 2022. "In 2022, malicious cyber actors exploited older software vulnerabilities more frequently than recently disclosed vulnerabilities and...

The five-day job: A BlackByte ransomware intrusion case study

As ransomware attacks continue to grow in number and sophistication, threat actors can quickly impact business operations if organizations are not well prepared. In a recent investigation by Microsoft Incident Response previously known as Microsoft Detection and Response Team – DART of an...

Microsoft Urges Customers to Secure On-Premises Exchange Servers

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads. "Attackers looking to exploit unpatched Exchange...

FIN7 Cybercrime Syndicate Emerges as a Major Player in Ransomware Landscape

An exhaustive analysis of FIN7 has unmasked the cybercrime syndicate's organizational hierarchy, alongside unraveling its role as an affiliate for mounting ransomware attacks. It has also exposed deeper associations between the group and the larger threat ecosystem comprising the now-defunct...

BackdoorDiplomacy targets the telecom industry in the Middle East

Threat Level Actor Report For a detailed threat advisory, download the pdf file here Summary BackdoorDiplomacy, an advanced persistent threat APT gang with roots in China, is most likely behind a hostile campaign targeting the Middle East. The espionage action, aimed at a Middle Eastern telecom...

Chinese Hackers Target Middle East Telecoms in Latest Cyber Attacks

A malicious campaign targeting the Middle East is likely linked to BackdoorDiplomacy, an advanced persistent threat APT group with ties to China. The espionage activity, directed against a telecom company in the region, is said to have commenced on August 19, 2021 through the successful...

Worok Hackers Abuse Dropbox API to Exfiltrate Data via Backdoor Hidden in Images

A recently discovered cyber espionage group dubbed Worok has been found hiding malware in seemingly innocuous image files, corroborating a crucial link in the threat actor's infection chain. Czech cybersecurity firm Avast said the purpose of the PNG files is to conceal a payload that's used to...

LV Ransomware Exploited ProxyShell to target Jordan

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary LV ransomware as a service has been active since late 2020 The most recent infiltration entailed the compromise of the corporate environment of a Jordan based entity, leveraging the double extortion...

LV Ransomware Exploits ProxyShell in Attack on a Jordan-based Company

Our blog entry provides a look at an attack involving the LV ransomware on a Jordan-based company from an intrusion analysis standpoint...

Two Weeks of Monitoring ProxyNotShell (CVE-2022-41040 & CVE-2022-41082) Threat Activity

The Wordfence Threat Intelligence team has been monitoring exploit attempts targeting two zero-day vulnerabilities in Microsoft Exchange Server tracked as CVE-2022-41040 and CVE-2022-41082, collectively known as ProxyNotShell. These vulnerabilities are actively being exploited in the wild. At the...

Microsoft Exchange Server Vulnerabilities CVE-2022-41040 and CVE-2022-41082

On September 29, Microsoft security researchers announced two new zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082 affecting Microsoft Exchange Server. The vulnerabilities allow remote code execution RCE when used in tandem. It is important to note that both require authenticated acces...

Cyber Attacks Against Middle East Governments Hide Malware in Windows Logo

An espionage-focused threat actor has been observed using a steganographic trick to conceal a previously undocumented backdoor in a Windows logo in its attacks against Middle Eastern governments. Broadcom's Symantec Threat Hunter Team attributed the updated tooling to a hacking group it tracks...

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. The advisory comes from Vietnamese cybersecurity company GTSC, which...

Vulnerabilities found in Microsoft Exchange Sever

GTSC, a Vietnamese security company has found vulnerabilities in Microsoft Exchange Server 1. The vulnerabilities allow a malicious party able to execute a Server-Side Request Forgery and to execute arbitrary code. The vulnerabilities have similarities to the Exchange vulnerability from 2021 call...

CVE-2022-41040 and CVE-2022-41082: Unpatched Zero-Day Vulnerabilities in Microsoft Exchange Server

On Thursday, September 29, a Vietnamese security firm called GTSC published information and IOCs on what they claimed was a pair of unpatched Microsoft Exchange Server vulnerabilities being used in attacks on their customers’ environments dating back to early August 2022. The impact of...