Category: Security Center

Welcome to the next episode of the Xopero Security Center. This time we are taking a closer look into the Z0Miner malware case – a new threat against unpatched ElasticSearch and Jenkins servers. MS Exchange servers are under attack too. Remember the four new zero-day vulnerabilities discovered a few weeks ago? They have got a fancy name now – ProxyLogon exploits – and very effective [DearCry] ransomware which is targeting vulnerable devices. What’s next? There is also a novel phishing attack that uses fake Google reCAPTCHA to swipe Microsoft 365 credentials. There were also some problems with the GitHub logging mechanism. Details can be found below.

Microsoft is pressing customers to install emergency patches as soon as possible. So far, there is only one highly skilled hacker group actively exploiting the vulnerabilities – named Hafnium – but the situation could change at any time. The best protection against this attack will be applying new patches now, not tomorrow or one week from today. More information about MS Exchange zero-days can be found below.

After multiple proof-of-concept exploit scripts of VMware RCE new bug were published on GitHub, hackers started mass scanning for vulnerable Internet-exposed servers. The company patched the critical vulnerability already, but thousands of unpatched vCenter servers are still reachable over the Internet. This is a serious problem. It does look like this is the last moment for a safe update. More information about vCenter vulnerability can be found below.

MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.

A novel supply chain attack, called dependency confusion or a substitution attack, takes advantage of the open ecosystem that many businesses use as part of their app development process. And given that business apps have become increasingly important, any threat to the app development supply chain could potentially have huge implications. Found this short intro interesting? Then click and read the whole new episode of the Xopero Security Center.

Researchers have warned of two VMware ESXi hypervisor flaws which allow ransomware groups encrypt virtual hard drives. Hackers have been launching attacks since October 2020. There is more technical details below.

Baron Samedit is the newest major vulnerability impacting a large number of the Linux ecosystems. The bug is not a new development – it has been hiding in plain sight for nearly ten years. That’s quite a long time, fortunately, it has been patched already. More information will provide the article below.

FreakOut is a new botnet observed by specialists from CheckPoint. It targets Linux systems running vulnerable versions of the TerraMaster OS for network-attached storage servers, web apps and services using the Zend Framework, and the Liferay Portal CMS. The largest number of hits was discovered in the USA and, to a lesser extent, European countries such as Germany and The Netherlands. More information can be found below…

SolarWinds data breach every week returns like a boomerang – this time with SolarLeaks [.]net website, whose owners claim to be selling the stolen data from Microsoft, Cisco, FireEye, and SolarWinds. And it seems there were the same attackers who abused one of Mimecast’s certificates to access M365 accounts… And it’s not the end of Microsoft’s problems described today…

What more? Capcom, game manufacturer and publisher (i.e. Resident Evil, Street Fighter) released a new update for their ransomware attack and data breach investigation. The incident was worse than initially thought…

The massive SolarWinds breach still arouses discussions and controversy. Now it turns out that Microsoft source code was exposed. In the first article, we wonder what does it mean for users and organizations. What more? Babuk Locker – new year, new ransomware, PayPal smishing, and new victim identification technique.