Malicious Exchange Server Module Hoovers Up Outlook Credentials

“Owowa” stealthily lurks on IIS servers, waiting to harvest successful logins when an Outlook Web Access (OWA) authentication request is made. Researchers have uncovered a previously unknown malicious IIS module,…

IKEA Hit by Email Reply-Chain Cyberattack

IKEA, king of furniture-in-a-flat-box, warned employees on Friday that an ongoing cyberattack was using internal emails to malspam malicious links in active email threads. As of Friday – as in,…

Attackers Hijack Email Threads Using ProxyLogon/ProxyShell Flaws

Exploiting Microsoft Exchange ProxyLogon & ProxyShell vulnerabilities, attackers are malspamming replies in existing threads and slipping past malicious-email filters. Attackers are gnawing on the ProxyLogon and ProxyShell vulnerabilities in Microsoft…

Hackers Exploit ProxyLogon and ProxyShell Bugs in Phishing Blitz

Hackers Exploit ProxyLogon and ProxyShell Bugs in Phishing Blitz Security researchers have warned attackers are abusing months-old Microsoft Exchange Server flaws to send convincing malware-laden phishing emails within organizations. A team…

Iranian government-backed hackers target critical infrastructure with ransomware, US says

Written by Tim Starks Nov 17, 2021 | CYBERSCOOP U.S., U.K. and Australian cyber agencies on Wednesday accused Iranian government-sponsored hacking groups of exploiting Microsoft and Fortinet vulnerabilities this year…

ProxyShell vulnerabilities exploited in domain-wide ransomware attacks

The ProxyShell vulnerabilities have prompted threat actors to launch domain-wide ransomware attacks against their targets, revealed a new research report from The DFIR Report. The report, published on Monday, explained…

New APT ChamelGang Targets Russian Energy, Aviation Orgs

First appearing in March, the group has been leveraging ProxyShell against targets in 10 countries and employs a variety of malware to steal data from compromised networks. A new APT…

ProxyShell Exchange Exploitation Now Leads To An Increasing Amount Of Cobaltstrike Backdoors

On approximately August 21, 2021, security researchers, cybersecurity leaders, and eventually the CISA, began voicing concerns about the inevitable threat of LockFile ransomware attacks on a wide variety of ill-informed…