CreatorsPublishersAdvertisers
View more in
Technology

Conti ransomware gang is targeting unpatched Microsoft Exchange servers

By Duncan Riley
siliconangle.com
 3 days ago

Cover picture for the articleThe Conti ransomware gang is actively targeting unpatched Microsoft Corp. Exchange servers through the same exploit used to target servers earlier this year. Discovered and detailed Friday by researchers at Sophos plc, Conti is targeting networks with ProxyShell, an evolution of the ProxyLogon attack method used by the Epsilon Red ransomware gang in May. Conti affiliates have used the tool to gain access to a targeted network and set up a remote web shell.

siliconangle.com

Comments / 0

RELATED LOCAL CHANNELS
State
Texas State
State
Florida State
RELATED PEOPLE
Person
Peter Mackenzie
IN THIS ARTICLE
#Fbi#Ransomware#Microsoft Exchange#Microsoft Corp#Sophos Plc#Proxyshell#Proxylogon#The Epsilon Red#Cobalt Strike#Splashtop#Remote Utilities#Chinese#The Irish Times#Advantech Co Ltd#Voip#Fbi#Amazon Web Services#Amazon Com#Dell Technologies#Thecube Club
YOU MAY ALSO LIKE
NewsBreak
Intel
NewsBreak
Microsoft
NewsBreak
Technology
Related
Public Safetysiliconangle.com

CISA warns ransomware gangs may target companies over Labor Day weekend

The U.S. Department of Homeland Security Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation today published a cybersecurity advisory warning organizations to remain vigilant to ransomware threats. The warning expressly referred to Labor Day, which is Sept. 6 in the U.S. The advisory noted that ransomware attacks...
Public SafetyTechCrunch

Ragnarok ransomware gang shuts down and releases its decryption key

The gang, sometimes referred to as Asnarok, last week replaced all 12 of the victims listed on its dark web portal with a short instruction on how to decrypt files. This was accompanied by the release of a decryptor, which experts at Emsisoft confirmed contains the master decryption key. The security firm, known for assisting ransomware victims with data decryption, has also released a universal decryptor for Ragnarok ransomware.
Softwareinforisktoday.com

'ProxyToken' Bug Put Microsoft Exchange Email at Risk

Researchers have released details of a serious but now patched bug nicknamed "ProxyToken" in Microsoft's Exchange Server. By exploiting the vulnerability, CVE-2021-33766, an attacker could access mailboxes and potentially forward emails they contain to their own account, writes Simon Zuckerbraun of Trend Micro's Zero Day Initiative in a blog post.
Softwareleedaily.com

Microsoft Windows Server 2022 is launching ahead of Windows 11

With regards to Microsoft operating systems, the spotlight is on the upcoming release of Windows 11. However, this isn’t Redmond’s only operating system. Microsoft has begun releasing its next-generation Windows Server 2022 operating systems to mainstream consumers throughout the world. Microsoft Windows Server 2022 is launching ahead of Windows 11, and here are all the breakthroughs.
Public SafetyBank Info Security

Conti Ransomware Threat Rising as Group Gains Affiliates

As the United States heads into a holiday weekend, experts are warning that ransomware-wielding attackers are sure to unleash crypto-locking chaos in the coming days. White House officials say they have no intelligence tied to any specific attack, but they are sounding a cautionary note based on attackers' typical behavior. "Attackers view holidays and weekends - especially holiday weekends - as attractive time frames in which to target potential victims, including small and large businesses," the U.S. Cybersecurity and Infrastructure Security Agency warned this week.
Public SafetyDark Reading

Translated Ransomware Playbook Gives Rare Insight into Gang's Operation

A leak of a purported tutorial from the Conti ransomware gang for turning compromised machines into ransomware beachheads provides a rare look inside the operations of a popular cybercriminal syndicate and highlights the tenuous relationships between groups in the cybercriminal ecosystem. Threat experts at Cisco Talos this week provided a...
Public Safetybleepingcomputer.com

The Week in Ransomware - September 3rd 2021 - Targeting Exchange

Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. The biggest news is the Ragnarok ransomware operation shutting down and releasing a master decryptor...
Public Safetysecurityintelligence.com

Ransomware Gangs Using Data Leak Sites to Recruit New Affiliates

Ransomware gangs have a new technique to recruit affiliates: posting announcements on their own data leaks websites. This provides a look into today’s so-called ransomware-as-a-service (RaaS), in which people can pay to have some of the work automated for them. This shift has come about in large part because two major ransomware forums banned gangs from promoting their RaaS schemes.
Public SafetyDaily Beast

Diabolical Ransomware Gang Calls It Quits

Just as in the Marvel Universe, a ransomware group that goes by the name “Ragnarok” caused catastrophic harm and ended in a snap. Ragnarok, a hacking gang that’s locked victims out of their computers and extorted them since 2019, suddenly appears to have called it quits. The group shared a free tool Thursday that will help previous victims unlock their files and gain access to their computers again, according to security researchers.
SoftwareDark Reading

'ProxyToken' Flaw Heightens Concerns Over Security of Microsoft Exchange Server

A new Microsoft Exchange Server vulnerability disclosed this week by security researchers from Trend Micro's Zero Day Initiative (ZDI) has exacerbated concerns about the technology's vulnerability to a range of dangerous, new attacks. The flaw, which ZDI researchers have dubbed ProxyToken, allows an authenticated attacker to configure email boxes belonging...
Public Safetyhelpnetsecurity.com

Ransomware gangs target organizations during holidays and weekends

Ransomware gangs may take advantage of upcoming holidays and weekends to hit US organizations, the FBI and the CISA have warned. They don’t have any specific threat reporting indicating a cyberattack will occur over the upcoming Labor Day holiday, they said, but they have observed in the past few months an increase in highly impactful ransomware attacks occurring when offices are normally closed.
Internetsiliconangle.com

WhatsApp vulnerability could have lead to user data being exposed

A now patched vulnerability in the Facebook Inc.-owned WhatsApp messaging service could have led to user data being exposed. Discovered by researchers at Check Point Software Technologies Ltd., the vulnerability is described as an “out-of-bounds read-write vulnerability.” While the flaw required complex steps to exploit, it could have allowed an attacker to read sensitive information from WhatsApp memory.
Softwarebleepingcomputer.com

Dive into data with 84% off this Microsoft SQL Server training

From finance to sports, you will find data and analytics in every industry today. For obvious reasons, recruiters are looking for people who know how to handle a database. Microsoft SQL Server is one of the most popular solutions for businesses that need to store and access vast amounts of data.
Softwaremarketresearchtelecast.com

Microsoft Exchange ProxyToken: Backend access bypassing authentication

In April, Microsoft closed another, previously unknown, hole in the Exchange Server. ProxyToken cleverly bypasses the authentication for access to the configuration of an Exchange account. An attacker could use it to redirect incoming mail from an Exchange user to another account. When exploiting the proxy token gap, the attacker...
Technologylifewire.com

Microsoft Warns of Phishing Attack Targeted at Office 365 Users

Microsoft is warning its Office 365 customers of a widespread phishing campaign to steal usernames and passwords. The Microsoft 365 Defender Threat Intelligence Team posted its findings on its Security blog, which details how the attacks are done and advises what people can do to defend themselves. The attack works...
SoftwareThe Hacker News

New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes

Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII). The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and coined "ProxyToken," was discovered by Le Xuan...
NFLsiliconangle.com

Amazon reportedly planning to launch Alexa-powered TVs

Amazon.com Inc. plans to launch a line of Alexa-powered TVs in the U.S. as early as next month, according to a Thursday report in Business Insider. The move would mark the latest expansion of Amazon’s Alexa-powered smart home device portfolio, which represents a core component of its strategy for the consumer technology market.

Comments / 0

Community Policy