Vulnerable Microsoft Exchange servers have become the target of cybercriminals. They are installing cryptocurrency mining malware to exploit the processing capacity of compromised systems for making money.
Last month, Microsoft reported on zero-day vulnerabilities in its Exchange server and announced the release of critical security updates to address the issue of vulnerable systems exploitation by malicious actors. According to Sophos cybersecurity researchers, attackers have been attempting to install a Monero cryptominer on Exchange servers by using the Microsoft Exchange Server ProxyLogon exploit.
“Server hardware has much higher performance compared to the performance of a laptop or desktop and that is why it has become so attractive for cryptojacking. The vulnerability enables malicious parties to scan the whole Internet in search of vulnerable machines to roll them into the network. As a result, attackers simply benefit from free money rolling,” comment from Andrew Brandt, Sophos principal threat researcher.
The organizations using Fortigate firewalls on their network that have not applied the 2019 security updates released by Fortinet need to assume that they have been compromised by malicious actors. Nation-state hackers are actively looking for these organizations to commit cyberattacks or conduct espionage campaigns.
The National Cyber Security Center (NCSC) released the critical security alert after Kaspersky reported on the exploitation of a Fortinet VPN vulnerability (CVE-2018-13379) by malicious actors to distribute ransomware. According to Kaspersky, the vulnerabilities in question have been allowing hackers to remotely access usernames and passwords, thereby, they could manually undertake activity on the network.
Not only NCSC but also CISA and FBI have released warnings on active scanning for unpatched CVE-2018-13379 vulnerabilities by Advanced Persistent Threat (APT) nation-state hacking groups to gain access to the network and carry out cyber-espionage campaigns.
Microsoft has issued a warning stating that hackers are actively using the company website contact forms to deliver to employees the IcedID info-stealing banking trojan in email with Google URLs. That is why businesses need to beware of the issue.
Cybercriminals have recently started using the company website ‘contact us’ forms to reach employees receiving contact requests from the public. These forms may be referred to as an open doorway on the internet.
Malicious actors use these forms to send legitimate URLs to employees requiring them to sign in using their Google username and password.
Microsoft reported the attacks to the security teams of Google considering the severity of the threat. Malicious actors are actively using the Google URLs since they allow them to bypass email security filters as well as CAPTCHA challenges. As a result, the system cannot detect whether a contact submission is from a human.
The current versions of Google Chrome as well as other browsers including Microsoft Edge that are based on the Chromium framework are affected by a zero-day remote code execution vulnerability. A researcher has released the working exploit code for the vulnerability on Twitter.
Rajvardhan Agarwal, the security researcher who participated in the Pwn2Own online ethical hacking contest last week, tweeted on Monday a GitHub link to the exploit code.
However, the downstream Chromium-based browsers like Chrome and Edge as well as others are still vulnerable to attacks since the patch in question has not been integrated into their official releases. Google is just going to release a new version of Chrome with security fixes on Tuesday although there is no information regarding the inclusion of the required patches for the bug.
The two security vulnerabilities in the messaging app for Android have been recently addressed by WhatsApp. The vulnerabilities in question might have been used by hackers to remotely execute malicious code as well as exfiltrate sensitive information.
The flaws enabled attackers to commit a “man-in-the-disk” attack thereby manipulating the data being exchanged between the app and the external storage to compromise the app. The devices running Android versions up to Android 9, inclusively, were at risk.
According to the recent information provided by Census Labs researchers, the two vulnerabilities in question enabled hackers to collect TLS cryptographic material for TLS 1.2 and TLS 1.3 sessions remotely.
When having TLS secrets at their hands, malicious actors can commit a man-in-the-middle (MitM) attack to compromise WhatsApp communications, enable remote code execution on the targeted device and extract Noise protocol keys that ensure the end-to-end encryption in user communications.”
Enter your email address to subscribe to Hacken Reseach and receive notifications of new posts by email.