Category: Microsoft Exchange

Agenda Ransomware targets VMware servers

A recent emergence in the cyber threat landscape has revealed the presence of a new variant of ransomware known as Agenda Ransomware, which has swiftly made its mark by targeting VMware ESXi servers worldwide. This variant, suspected to be a recent addition to the malware arsenal, has been active since 2022, causing concerns among cybersecurity experts.

Previously recognized under monikers such as Qilin or Water Galura, this particular strain of file-encrypting malware has primarily set its sights on servers operating within critical sectors like manufacturing, healthcare, and education. The impact has been felt notably in countries such as Canada, Argentina, the United States, Australia, Columbia, Indonesia, and India.

Findings from a study conducted by Trend Micro shed light on the modus operandi of this malicious software. It exploits Remote Monitoring and Management Tools like Cobalt Strike to infiltrate target systems. Once inside, it meticulously analyzes the infected device before deploying its ransomware payload, particularly focusing on VMware vCenter and ESXi servers.

Security analysts emphasize the critical importance for organizations to remain vigilant in the face of such threats. Key measures include closely monitoring administrative privileges, maintaining up-to-date software patches, conducting regular system scans, and educating employees about emerging cybersecurity risks. Additionally, maintaining secure backup data and implementing proactive measures against social engineering attacks are strongly advised.

It’s imperative to dispel the misconception that malware attacks are confined solely to Windows environments. The reality is that virtual and Linux environments are equally susceptible, as evidenced by the activities of Agenda Ransomware.

Over 17,000 Microsoft Exchange Servers in Germany are vulnerable to Cyber Attacks

According to a statement released by German Federal Office for Information Security (BSI) over 12% of approximately 45,000 Microsoft Exchange Servers are deemed vulnerable to cyber attacks. The BSI has sounded the alarm, attributing this vulnerability to the use of outdated software and hardware lacking support for the past 8-10 years.

The root cause of this vulnerability trend lies in the absence of software security updates for these servers, many of which are nearing obsolescence. While the responsibility lies with software companies to issue security patches, the onus also falls on individuals and organizations to deploy these updates within their environments. While auto-updates offer a convenient solution, some administrators opt for manual updating procedures due to security concerns.

The post Agenda Ransomware Targeting VMware and 17k Microsoft Exchange servers vulnerable to cyber attacks appeared first on Cybersecurity Insiders.

Zacks Investment is the first firm that has hit the headlines of Google regarding data compromise and sources add that a single hack that took place between 2021 and 2022 result in the leak of information belonging to 820,000 customers.

The company made an official announcement on this note and added that its security staff found the digital invasion on December 28th of 2022 and details such as phone numbers, addresses names, email addresses and passwords stored on an older database and those using Elite Products could have been affected.

Second is the news related to renowned game developer Riot Games. A cyber attack that appears to be a ransomware attack conducted through social engineering tactics has reportedly made hackers steal the source code of the game developer. And the gaming firm assured that information related to players was not compromised in the incident.

Third is the news that belongs to a Canadian car spare parts manufacturer named Exco Technologies. The company stated that the attack led to the disruption of production in three of its production facilities and assured that the digital attack did not disrupt the shipments that are being served to customers.

FanDuel is the company that has hit the news headlines of Google and so has bagged the fourth position on this list. The company that is into the business of online gambling and fantasy sports has confirmed that names and mail addresses of some or most of its customers could have been accessed by hackers because of a vulnerability in its MailChimp servers. Employee credentials were first stolen before the incident, after which the attack to steal contact details of customers took place.

Fifth is the news that belongs to Hollywood singer Taylor Swift as Ticketmaster has issued an apology to the female singer during the US Senate hearing for failing to protect its servers from being bombarded with fake web traffic during the star’s Eras Tour, resulting in unnecessary chaos.

Live Nation the owner of the Ticketmaster apologized for the digital blunder and assured to prevent all such incidents in the future by taking appropriate security measures.

Security researchers from BitDefender Labs have issued a warning that hackers can start exploiting the vulnerabilities visible on Server-Side Request Forgeries(SSRF) witnessed in Microsoft Exchange Servers. In such attacks, hackers sends request from one vulnerable to other server and get access to information that is not directly accessible to them.

The technology giant has announced that it issued fixes to two of the exploit chains, i.e. ProxyNotShell and OWASSRF in December last year and is urging customers of its Exchange Servers to stay updated.

 

The post Cyber Attack news headlines trending on Google appeared first on Cybersecurity Insiders.