Microsoft’s Defender ATP Research Team today issued guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection.

The Microsoft researchers based their analysis on multiple campaigns of Exchange attacks investigated during early April which showed how the malicious actors deploying web shells on on-premises Exchange servers.

Read more »

The Russian cybercrime group known as Evil Corp has added a new ransomware to its arsenal called WastedLocker. This ransomware is used in targeted attacks against the enterprise.

The Evil Corp gang, also known by CrowdStrike as Indrik Spider, started as affiliates for the ZeuS botnet. Over time, they formed into a group that focused on distributing the banking trojan and downloader called Dridex via phishing emails.

As their attacks evolved, the group created a ransomware called BitPaymer which was delivered via the Dridex malware in targeted attacks against corporate networks.

In a new report by NCC Group’s Fox-IT security research team, researchers explain that after the indictment of Evil Corp members, Igor Olegovich Turashev and Maksim Viktorovich Yakubets, the hacking group began restructuring their tactics. Read more »

Researchers reported on Monday that hackers are now exploiting Google’s Analytics service to stealthily pilfer credit card information from infected e-commerce sites.

According to several independent reports from PerimeterXKaspersky, and Sansec, threat actors are now injecting data-stealing code on the compromised websites in combination with tracking code generated by Google Analytics for their own account, letting them exfiltrate payment information entered by users even in conditions where content security policies are enforced for maximum web security.

“Attackers injected malicious code into sites, which collected all the data entered by users and then sent it via Analytics,” Kaspersky said in a report published yesterday. “As a result, the attackers could access the stolen data in their Google Analytics account.”

Read more »

Cisco today released security updates to address two high severity vulnerabilities found in the Cisco Webex Meetings Desktop App for Windows and macOS that could allow unprivileged attackers to run programs and code on vulnerable machines.

Cisco Webex Meetings is an online meeting and video conferencing software that makes it easy to schedule and join meetings. The platform also provides presentation, screen sharing, and recording capabilities.

The two vulnerabilities are tracked as CVE-2020-3263 and CVE-2020-3342, and they affect Cisco Webex Meetings Desktop App releases earlier than 39.5.12 and lockdown versions of Cisco Webex Meetings Desktop App for Mac earlier than 39.5.11, respectively.

Read more »

In a series of data breach notifications, IT services giant Cognizant has stated that unencrypted data was most likely accessed and stolen during an April Maze Ransomware attack.

Cognizant is one of the largest IT managed services company in the world with close to 300,000 employees and over $15 billion in revenue.

As a managed service provider (MSP), Cognizant remotely manages many of its clients to fix issues, install patches, and monitor their security.

On April 17th, Cognizant began emailing their clients to warn them that they were under attack by the Maze Ransomware so that they could disconnect themselves from Cognizant and protect themselves from possibly being affected.

Read more »