Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks

Microsoft has published new detailed analysis of Exchange Server vulnerabilities, cybercriminal groups and post-compromise second stage attack malware. In addition, the tech giant offered sound mitigation guidance.

Continue Reading Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks

CISA publishes reports on DearCry ransomware and China Chopper Web Shell malware linked to Exchange Server exploits (updated)

The Cybersecurity and Infrastructure Security Agency (CISA) has published reports on DearCry ransomware and China Chopper Web Shell malware linked to recent Exchange Server exploits. Attackers can use this malware to further compromise on-premise Microsoft Exchange servers and launch other attacks.

Continue Reading CISA publishes reports on DearCry ransomware and China Chopper Web Shell malware linked to Exchange Server exploits (updated)

Cybersecurity experts warn exploits grow ten-fold after Exchange Server zero-day vulnerabilities revealed

Cybersecurity experts are warning exploits against organizations worldwide have grown ten-fold after recent Microsoft Exchange Server zero-day vulnerabilities were revealed.

Continue Reading Cybersecurity experts warn exploits grow ten-fold after Exchange Server zero-day vulnerabilities revealed

Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019. The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.

Continue Reading Microsoft releases emergency patches for Exchange Server RCE vulnerabilities exploited in the wild (Updated)

CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)

The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a 'grave risk' to critical infrastructure, government and private sector organizations.

Continue Reading CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated)