Kaseya Issues Patches for Two New 0-Day Flaws Affecting Unitrends Servers – Tempemail

U.S. technology firm Kaseya has released security patches to address two zero-day vulnerabilities affecting its Unitrends enterprise backup and continuity solution that could result in privilege escalation and authenticated remote code execution. The two weaknesses are part of a trio of vulnerabilities discovered and reported by researchers at the Dutch Continue Reading

Microsoft Exchange Under Attack With ProxyShell Flaws; Over 1900 Servers Hacked! – Tempemail

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of “ProxyShell” Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, Continue Reading

Hackers Actively Searching for Unpatched Microsoft Exchange Servers – Tempemail

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution Continue Reading

Several Malware Families Targeting IIS Web Servers With Malicious Modules – Tempemail

A systematic analysis of attacks against Microsoft’s Internet Information Services (IIS) servers has revealed as many as 14 malware families, 10 of them newly documented, indicating that the Windows-based web server software continues to be a hotbed for natively developed malware for close to eight years. The findings were presented Continue Reading

New APT Hacking Group Targets Microsoft IIS Servers with ASP.NET Exploits – Tempemail

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services (IIS) servers to infiltrate their networks. Israeli cybersecurity firm Sygnia, which identified the Continue Reading

Experts Uncover Several C&C Servers Linked to WellMess Malware – Tempemail

Cybersecurity researchers on Friday unmasked new command-and-control (C2) infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Continue Reading

Chinese Hackers Implant PlugX Variant on Compromised MS Exchange Servers – Tempemail

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan (RAT) on compromised systems. Attributing the intrusions to a threat actor named PKPLUG (aka Mustang Panda Continue Reading

U.S. Pipeline Ransomware Attackers Go Dark After Servers and Bitcoin Are Seized – Tempemail

Just as Colonial Pipeline restored all of its systems to operational status in the wake of a crippling ransomware incident a week ago, DarkSide, the cybercrime syndicate behind the attack, claimed it lost control of its infrastructure, citing a law enforcement seizure. All the dark websites operated by the gang, Continue Reading

New TsuNAME Flaw Could Let Attackers Take Down Authoritative DNS Servers – Tempemail

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System (DNS) resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. The flaw, called ‘TsuNAME,’ was discovered by researchers from SIDN Labs and InternetNZ, which manage the national top-level internet domains ‘.nl’ Continue Reading

ALERT — New 21Nails Exim Bugs Expose Millions of Tempemail Servers to Hacking – Tempemail

The maintainers of Exim have released patches to remediate as many as 21 security vulnerabilities in its software that could enable unauthenticated attackers to achieve complete remote code execution and gain root privileges. Collectively named ’21Nails,’ the flaws include 11 vulnerabilities that require local access to the server and 10 Continue Reading