Microsoft Build Engine Abused for Fileless Malware Delivery
Described as the build platform for Microsoft and Visual Studio, MSBuild has a feature that allows developers to specify for code to be executed in memory, and adversaries have abused this in a new campaign for the fileless delivery of their malicious payloads. The attacks, which were ongoing last week, likely started in April. As…
Pentagon Reconsidering Huge JEDI Cloud-computing Contract
“We are going to have to assess where we are in regards to the ongoing litigation and determine what the best path forward is for the department,” deputy Pentagon press secretary Jamal Brown said, citing remarks by Deputy Defense Secretary Kathleen Hicks at a public forum late last month. Hicks said then that she could…
FBI Agents Secretly Deleted Web Shells From Hacked Microsoft Exchange Servers
After a wave of major in-the-wild zero-day attacks against Exchange Server installations that occurred globally in January, savvy organizations scrambled to lock down vulnerable Microsoft email servers and remove web shells that were installed by attackers. In early attacks observed by Microsoft, attackers were able to exploit a series of vulnerabilities to access on-premises Exchange…
Microsoft Defender Antivirus Now Protects Users Against Ongoing Exchange Attacks
Microsoft has released patches, detailed guidance, and a one-click mitigation tool to ensure that Exchange Server users are protected against attacks. The tech giant has now taken another step to protect customers who haven’t managed to install the available patches but who have Defender deployed on vulnerable servers. The Exchange vulnerabilities are tracked as CVE-2021-26855,…
Over 80,000 Exchange Servers Still Affected by Actively Exploited Vulnerabilities
The bugs were publicly disclosed on March 2, when the Redmond-based tech giant announced not only patches for them, but also the fact that a Chinese threat actor had been actively exploiting them in attacks. Within days, security researchers revealed that multiple adversaries were quick to pick up exploits for the Exchange bugs, but also…
Microsoft Reports ‘DearCry’ Ransomware Targeting Exchange Servers
Attackers have begun to utilize the recently patched Microsoft Exchange Server vulnerabilities to deploy ransomware onto compromised servers, Microsoft reports. The news emerged late last night. Phillip Misner, a member of Microsoft’s security research team, tweeted about the new ransomware family tracked as Ransom:Win32/DoejoCrypt.A and nicknamed “DearCry,” which is using the Microsoft Exchange vulnerabilities to…
Multiple Attack Groups Exploited Microsoft Exchange Flaws Prior to the Patches
Multiple attack groups are exploiting the critical Microsoft Exchange Server vulnerabilities patched last week – and the growing wave of global activity began before Microsoft released emergency fixes on March 2. Security firms including Red Canary and FireEye are now tracking the exploit activity in clusters and anticipate the number of clusters will grow over…
Microsoft Adopted an ‘Aggressive’ Strategy for Sharing SolarWinds Attack Intel
In the wake of a widespread cyberattack, enterprise IT providers can play a key role in how businesses learn about and mitigate the security threat. That role has evolved as attacks grow more complex – and it presents a tricky challenge when a provider must keep businesses informed of an attack that has infiltrated its…
Google Discloses Details of Remote Code Execution Vulnerability in Windows
The flaw, tracked as CVE-2021-24093, was patched by Microsoft on February 9 with its Patch Tuesday updates. Dominik Röttsches of Google and Mateusz Jurczyk of Google Project Zero have been credited for reporting the issue to Microsoft. A CVSS score of 8.8 has been assigned to the vulnerability, but Microsoft has rated it critical for…
New ‘LazyScripter’ Hacking Group Targets Airlines
Initially identified in December 2020, the threat actor is targeting IATA and airlines, with the most recent attacks employing a phishing lure mimicking the newly introduced IATA ONE ID (Contactless Passenger Processing tool). Dated 2018, one of the earliest attacks attributed to the adversary, which Malwarebytes refers to as LazyScripter, was aimed at individuals looking…
