Cybersecurity Attacks Archives - Page 3 of 40

Zerobot botnet exploits 21 vulnerabilities to breach targets

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / By Frank Crast / December 11, 2022 / CVE-2022-01388, CVE-2022-22965, Fortinet, Spring4Shell, WebSocket, Zerobot

Security researchers have spotted a unique botnet dubbed Zerobot exploiting 21 IoT, network and other vulnerabilities, such as F5 BIG-IP, D-Link, Zyxel, Spring4Shell and other flaws.

Rackspace suffers from security incident involving Hosted Exchange services

Cybersecurity Attacks, Data Breach, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / December 4, 2022 / Exchange, Microsoft, Office365, ProxyNotShell, Rackspace, Zeroday

Cloud computing services company Rackspace has reported a security incident involving Hosted Exchange services.

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

Authentication, Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Identity & Access Management / By Frank Crast / November 22, 2022 / AitM, Azure, credentials, Microsoft, pass-the-cookie, phishing

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

Cybersecurity Attacks, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / November 12, 2022 / CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-30333, CVE-2022-37042, Exploit, Vulnerabilities, ZCS, Zimbra, Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Top CVEs targeted by PRC state-sponsored cyber actors

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / October 8, 2022 / Apache, BIG-IP, CVE-2019-11510, CVE-2019-19781, CVE-2020-5902, CVE-2021-1497, CVE-2021-20090, CVE-2021-22005, CVE-2021-22205, CVE-2021-26084, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-36260, CVE-2021-40539, CVE-2021-41773, CVE-2021-42237, CVE-2021-44228, CVE-2022-1388, CVE-2022-24112, CVE-2022-26134, Exchange, log4Shell, ProxyLogon

The FBI, NSA and CISA coauthored a joint Cybersecurity Advisory detailing how People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit common, publicly known vulnerabilities used since 2020 to “actively target U.S. and allied networks.”

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / By Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 1, 2022 / Atlassian, CVE-2022-36804, CVE-2022-41040, CVE-2022-41082, Exchange, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam

Access Control, Authentication, Cloud Security, Cybersecurity Attacks, Messaging Security / By Frank Crast / September 25, 2022 / AAD, Cloud, MFA, Microsoft, Oauth

Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.

Cybercriminal group TeamTNT leaks DockerHub credentials

Authentication, Cybersecurity Attacks, Malware / By Frank Crast / September 12, 2022 / Container, Docker, DockerHub, TeamTNT

Researchers from Trend Micro have discovered cybercriminal group TeamTNT leaking credentials from two of their attacker-controlled accounts via exposed Docker REST APIs.

Mirai variant MooBot botnet targets multiple D-Link flaws

Cybersecurity Attacks, Malware, Network Security, Vulnerabilities & Exploits / By Frank Crast / September 11, 2022 / botnet, CVE-2015-2051, CVE-2018-6530, CVE-2022-26258, CVE-2022-28958, Cybersecurity Threat Center, D-Link, Mirai, MooBot

Security researchers from Palo Alto Networks Unit 42 have discovered a Mirai botnet variant dubbed “MooBot” that targets multiple D-Link flaws and exposed networking devices running Linux.