San Francisco: In a big cyber attack, China-based threat actors hacked at least 30,000 organisations across the US, including government and commercial firms, by using Microsoft’s Exchange Server software to enter their networks. The espionage group is known to have exploited four vulnerabilities in Microsoft Exchange Server email software, which provided them access to email…
Qualys, which provides a cloud-based platform for protecting IT and OT workloads, has become the latest firm to be victimized by vulnerabilities in the Accellion FTA file transfer application. Company CISO Ben Carr said Wednesday it had deployed an Accellion FTA server in a segregated DMZ environment, completely separate from systems that host and support…
A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown threat actors hacked the Verified forum in January, Crdclub in February, and Exploit and Maza in March,…
By Raphael Satter, Christopher Bing WASHINGTON (Reuters) – A China-linked cyber-espionage group has been remotely plundering email inboxes using freshly discovered flaws in Microsoft mail server software, the company and outside researchers said on Tuesday – an example of how commonly used programs can be exploited to cast a wide net online. In a blog…
A suspicious wave of attacks resulted in the hack of four cybercrime forums Verified, Crdclub, Exploit, and Maza since January. Since January, a series of mysterious cyberattacks that resulted in the hack of popular Russian-language cybercrime forums. Unknown threat actors hacked the Verified forum in January, Crdclub in February, and Exploit and Maza in March,…
The National Security Agency (NSA) and Cybersecurity and Infrastructure Agency (CISA) released a joint information sheet Thursday that offers guidance on the benefits of using a Protective Domain Name System (PDNS). A PDNS service uses existing DNS protocols and architecture to analyze DNS queries and mitigate threats. It leverages various open source, commercial, and governmental…
At least 30,0000 organizations across the US have been hacked over the last few days through flaws in Microsoft’s Exchange server email software, sources familiar with the matter told KrebsOnSecurity. The “unusually aggressive Chinese cyber espionage unit” that Microsoft calls “Hafnium” is focusing on stealing emails from a range of victims, including companies, small businesses,…
Breach Notification , Cybercrime , Fraud Management & Cybercrime Security Firm Confirms Breach After Clop Ransomware Gang Posts Stolen Customer Data Mathew J. Schwartz (euroinfosec) • March 4, 2021 Leaked Qualys customer information (Source: Clop leaks site) Cybersecurity firm Qualys has confirmed that its systems were breached by attackers who hacked its Accellion…
One of the oldest cybercrime forums Maza (aka Maza Faka) has been reportedly hacked this week, with its user information dumped online. Maza is an exclusive carding and fraud discussion forum for Russian-speaking cybercriminals, which has been around for more than a decade. According to Intel 471, the incident took place on March 3, 2021,…
FireEye and Microsoft on Thursday said they discovered three more malware strains in connection with the SolarWinds supply-chain attack, including a “sophisticated second-stage backdoor,” as the investigation into the sprawling espionage campaign continues to yield fresh clues about the threat actor’s tactics and techniques. Dubbed GoldMax (aka SUNSHUTTLE), GoldFinder, and Sibot, the new set of…
