Black Kingdom Ransomware Hunting Unpatched Microsoft Exchange Servers

Exchange Server Post-Compromise Attack Activity Shared by Microsoft | IT Security News 29. March 2021 In the context of ongoing Exchange Server attacks, Microsoft has shared information detailing post-compromise activity which has infected vulnerable targets with ransomware and a botnet. When Microsoft released a fix for Exchange Server zero-days on March 2nd, organizations around the…

A new Android Trojan codenamed FlyTrap has hit at least 140 countries since March 2021 and has spread to over 10,000 victims through social media hijacking, third-party app stores, and sideloaded applications. Zimperium’s zLabs mobile threat research teams recently found several previously undetected applications using Zimperium’s z9 malware engine and on-device detection. Following their forensic…

Source: Defense.gov US nuclear weapons contractor Sol Oriens has suffered a cyberattack allegedly at the hands of the REvil ransomware gang, which claims to be auctioning data stolen during the attack. Sol Oriens describes itself as helping the “Department of Defense and Department of Energy Organizations, Aerospace Contractors, and Technology Firms carry out complex programs.”…

By The FBI, Cyber Division and the Vermont Intelligence Center – September 1, 2021 Summary  Ransomware attacks targeting the Food and Agriculture sector disrupt operations, cause financial loss, and negatively impact the food supply chain. Ransomware may impact businesses across the sector, from small farms to large producers, processors and manufacturers, and markets and restaurants.  Food…

Governance & Risk Management , Patch Management Alert Urges Organizations to Patch as Vulnerabilities Are Exploited Doug Olenick (DougOlenick) • August 27, 2021     Four months after Microsoft released the first security update for three vulnerabilities in several versions of its on-premises Exchange Server software – collectively called ProxyShell – the company has issued…

Cybersecurity analysts Lloyd Macrohon and Rodel Mendrez have recently inspected a new piece of malware that they’ve encountered during a breach investigation. Dubbed “Pingback”, the malware uses ICMP (Internet Control Message Protocol) tunneling for its backdoor communications and operates with various modes to escalate the chances of a successful attack. Pingback (“oci.dll“) achieves its purpose…