New cryptojacking botnet uses SMB exploit to spread to Windows systems

Posted by & filed under Ειδοποιήσεις.

A new cryptojacking botnet is spreading across compromised networks via multiple methods that include the EternalBlue exploit for Windows Server Message Block (SMB) communication protocol. The attacker’s goal is to mine for Monero (XMR) cryptocurrency and enslave as many systems as possible for this task for increased profit. Complex campaign Researchers at Cisco Talos named… Read more »

PoC exploits released for F5 BIG-IP vulnerabilities, Patch Now!

Posted by & filed under Ειδοποιήσεις.

Two days after patches for critical F5 BIG-IP vulnerability were released, security researchers have started publicly posting proof-of-concept (PoC) exploits show how easy it is to exploit these devices. F5 customers using BIG-IP devices and solutions include governments, Fortune 500 firms, banks, Internet services providers, and many consumer brands, including Microsoft, Oracle, and Facebook. On Friday, F5… Read more »

Attackers increasingly exploit Microsoft Exchange servers

Posted by & filed under Ειδοποιήσεις.

Microsoft’s Defender ATP Research Team today issued guidance on how to defend against attacks targeting Exchange servers by blocking malicious activity identified with the help of behavior-based detection. The Microsoft researchers based their analysis on multiple campaigns of Exchange attacks investigated during early April which showed how the malicious actors deploying web shells on on-premises… Read more »

Millions of Linux Servers Under Worm Attack Via Exim Flaw

Posted by & filed under Ειδοποιήσεις.

A widespread campaign is exploiting a vulnerability in the Exim mail transport agent (MTA) to gain remote command-execution on victims’ Linux systems. Researchers say that currently more than 3.5 million servers are at risk from the attacks, which are using a wormable exploit. Specifically under attack is a flaw in Exim-based mail servers, which run… Read more »

Phishing Campaign using malicious documents pretending to be from XEROX Color Multi-function Machine

Posted by & filed under Ειδοποιήσεις.

National CSIRT-CY would like to inform the general public about a new Phishing campaign which sends emails containing a WORD document file where it pretends to be a scanned document by XEROX Color Multifunction machine. The sender’s e-mail is: scanner@xerox-multifuctional.com with an IP address 91.121.181.22. If you have received the following email, please DO NOT… Read more »