-
US indicts Black Kingdom ransomware admin for Microsoft Exchange attacks
A 36-year-old Yemeni national, who is believed to be the developer and primary operator of 'Black Kingdom' ransomware, has been indicted by the United States for conducting 1,500 attacks on Microsoft Exchange servers.
- May 02, 2025
- 10:32 AM
0
-
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs
New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East.
- January 06, 2025
- 09:54 AM
0
-
New Webinar: Choose Your Own Investigation — Browser Attack Edition
Modern attacks have shifted focus to the browser, yet detection tools remain largely blind to the crucial activity happening there.
Join Push Security on February 11th for an interactive "choose-your-own-adventure" webinar on ClickFix, credential phishing, and other in-browser attacks we've observed in the wild.
-
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.
- December 02, 2023
- 01:54 PM
- 0
-
Over 60,000 Exchange servers vulnerable to ProxyNotShell attacks
More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits.
- January 03, 2023
- 03:51 PM
- 1
-
Hackers stole data from US defense org using Impacket, CovalentStealer
The U.S. Government today released an alert about state-backed hackers using a custom CovalentStealer malware and the Impacket framework to steal sensitive data from a U.S. organization in the Defense Industrial Base (DIB) sector.
- October 04, 2022
- 07:08 PM
- 0
-
Microsoft Exchange bug abused to hack building automation systems
A Chinese-speaking threat actor has hacked into the building automation systems (used to control HVAC, fire, and security functions) of several Asian organizations to backdoor their networks and gain access to more secured areas in their networks.
- June 27, 2022
- 11:39 AM
- 0
-
Microsoft Exchange servers hacked to deploy Cuba ransomware
The Cuba ransomware operation is exploiting Microsoft Exchange vulnerabilities to gain initial access to corporate networks and encrypt devices.
- February 24, 2022
- 12:06 PM
- 1
-
Microsoft Exchange servers hacked in internal reply-chain attacks
Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails.
- November 20, 2021
- 12:55 PM
- 4
-
Hacking group used ProxyLogon exploits to breach hotels worldwide
A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies.
- September 23, 2021
- 03:50 PM
- 0
-
The Week in Ransomware - July 23rd 2021 - Kaseya decrypted
This week has quite a bit of news ranging from the USA formally accusing China of the recent ProxyLogon vulnerability and Kaseya mysteriously obtaining the universal decryption key.
- July 23, 2021
- 02:33 PM
- 1
-
GitHub's new policies allow removal of PoC exploits used in attacks
GitHub announced on Friday their updated community guidelines that explain how the company will deal with exploits and malware samples hosted on their service.
- June 05, 2021
- 12:56 PM
- 2
-
FBI nuked web shells from hacked Exchange Servers without telling owners
A court-approved FBI operation was conducted to remove web shells from compromised US-based Microsoft Exchange servers without first notifying the servers' owners.
- April 13, 2021
- 08:57 PM
- 0
-
CISA gives federal agencies 5 days to find hacked Exchange servers
The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days.
- March 31, 2021
- 02:55 PM
- 0
-
Microsoft: 92% of Exchange servers safe from ProxyLogon attacks
Roughly 92% of all Internet-connected on-premises Microsoft Exchange servers affected by the ProxyLogon vulnerabilities are now patched and safe from attacks, Microsoft said on Monday.
- March 23, 2021
- 10:33 AM
- 0
-
Microsoft Exchange servers now targeted by Black Kingdom ransomware
Another ransomware operation known as 'Black Kingdom' is exploiting the Microsoft Exchange Server ProxyLogon vulnerabilities to encrypt servers.
- March 22, 2021
- 09:07 AM
- 0
-
Microsoft Defender adds automatic Exchange ProxyLogon mitigation
Microsoft Defender Antivirus will now protect unpatched on-premises Exchange servers from ongoing attacks by automatically mitigating the actively exploited CVE-2021-26855 vulnerability.
- March 19, 2021
- 07:40 AM
- 0
-
Chile's bank regulator shares IOCs after Microsoft Exchange hack
Chile's Comisión para el Mercado Financiero (CMF) has disclosed that their Microsoft Exchange server was compromised through the recently disclosed ProxyLogon vulnerabilities.
- March 17, 2021
- 11:58 AM
- 0
-
New PoC for Microsoft Exchange bugs puts attacks in reach of anyone
A security researcher has released a new proof-of-concept exploit this weekend that requires slight modification to install web shells on Microsoft Exchange servers vulnerable to the actively exploited ProxyLogon vulnerabilities.
- March 14, 2021
- 03:42 PM
- 0
-
Microsoft Exchange exploits now used by cryptomining malware
The operators of Lemon_Duck, a cryptomining botnet that targets enterprise networks, are now using Microsoft Exchange ProxyLogon exploits in attacks against unpatched servers.
- March 12, 2021
- 01:20 PM
- 0
-
DearCry ransomware attacks Microsoft Exchange with ProxyLogon exploits
Threat actors are now installing a new ransomware called 'DEARCRY' after hacking into Microsoft Exchange servers using the recently disclosed ProxyLogon vulnerabilities.
- March 11, 2021
- 07:39 PM
- 1
0
- 1
- 2
