Xopero Blog

Z0Miner malware / DearCry ransomware and ProxyLogon exploits / reCAPTCHA phishing

Welcome to the next episode of the Xopero Security Center. This time we are taking a closer look into the Z0Miner malware case – a new threat against unpatched ElasticSearch and Jenkins servers. MS Exchange servers are under attack too. Remember the four new zero-day vulnerabilities discovered a few weeks ago? They have got a fancy name now – ProxyLogon exploits – and very effective [DearCry] ransomware which is targeting vulnerable devices. What’s next? There is also a novel phishing attack that uses fake Google reCAPTCHA to swipe Microsoft 365 credentials. There were also some problems with the GitHub logging mechanism. Details can be found below.

Read more

Microsoft 365 security – anti-malware protection

Malware is the most common threat that can compromise your Microsoft 365 security system. Do you know that each year there are approximately 10 billions malware attacks? Malware is a very broad concept including such treats as viruses, trojans, rootkits, worms, spyware, and other malicious software. What are the effects of such threats? Well, data breach/loss and related costs (which are astronomical, by the way), reputation loss, downtime, legal penalties and much more… In this article I will talk about the Microsoft 365 security in terms of anti-malware protection inside Microsoft 365 services.

Read more

MS Exchange got emergency patches for four critical zero-day flaws

Microsoft is pressing customers to install emergency patches as soon as possible. So far, there is only one highly skilled hacker group actively exploiting the vulnerabilities – named Hafnium – but the situation could change at any time. The best protection against this attack will be applying new patches now, not tomorrow or one week from today. More information about MS Exchange zero-days can be found below.

Read more

OneDrive Backup – risks, good practices and keeping your business data secure

Being able to transfer data between users easily, is key in running a successful business. So any program that allows you to do it can give you an advantage. One of such program is OneDrive for Business provided by Microsoft. If it’s so widely used, should you consider backup OneDrive for business? OneDrive for Business is a cloud service allowing your users to store data, synced, and access it from any device they log on to. This service offers great opportunities to improve your teams’ productivity. Allowing users to share files and collaborate on them in real time. But all those pros, unfortunately, can be neglected if someone outside your company gains access to the user account. In this article, we will take a closer look at the risks involved in using OneDrive for business in your company, and how you can increase protection against those risks with a proper third-party solution for OneDrive data protection. 

Read more

Critical RCE flaw in VMware vCenter – fixed, so update now

After multiple proof-of-concept exploit scripts of VMware RCE new bug were published on GitHub, hackers started mass scanning for vulnerable Internet-exposed servers. The company patched the critical vulnerability already, but thousands of unpatched vCenter servers are still reachable over the Internet. This is a serious problem. It does look like this is the last moment for a safe update. More information about vCenter vulnerability can be found below.

Read more

Masslogger comeback – a new and powerful variant steals Outlook and Chrome credentials

MassLogger malware has come back in a new variant which is much more powerful than the old spyware that has attacked the Windows platform for years. (Brand)New and better? Yes. We are dealing with a Trojan horse that tries to steal usernames and passwords from Microsoft Outlook, the Thunderbird email client, and password managers built into Google Chrome, Mozilla Firefox, Microsoft Edge and other browsers. Have you got any suspicious-looking email? Better never open it. Want to find out more about MassLogger? Check the article below for more information.

Read more

Bitbucket down – why backup Bitbucket?

Bitbucket is considered a proven, secure Git repository management solution used by millions of companies worldwide. However, as in most services, there are moments of Bitbucket down. You might be lucky to not see for yourself what Bitbucket down means, but trust me – some other companies already experienced service outages or other problems, and more will. If you don’t want to join a group of users affected by Bitbucket problems, you might want to consider bringing in an additional layer of security in the form of a proper backup. In this article, we will talk about why you need one, and generally about why you should protect your Bitbucket repositories.

Read more

Dependency Confusion – a new cyberattack method takes advantage of open ecosystems

A novel supply chain attack, called dependency confusion or a substitution attack, takes advantage of the open ecosystem that many businesses use as part of their app development process. And given that business apps have become increasingly important, any threat to the app development supply chain could potentially have huge implications. Found this short intro interesting? Then click and read the whole new episode of the Xopero Security Center.

Read more