Cookie Consent by Free Privacy Policy Generator 📌 Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

🏠 Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeiträge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden Überblick über die wichtigsten Aspekte der IT-Sicherheit in einer sich ständig verändernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch übersetzen, erst Englisch auswählen dann wieder Deutsch!

Google Android Playstore Download Button für Team IT Security



📚 Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw


💡 Newskategorie: Hacking
🔗 Quelle: blackhatethicalhacking.com

Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw

Premium Content

Patreon

Subscribe to Patreon to watch this episode.

Reading Time: 3 Minutes

Microsoft says Cuba ransomware threat actors are hacking Microsoft Exchange servers unpatched against a critical server-side request forgery (SSRF) vulnerability also exploited in Play ransomware attacks.

 

Cloud computing provider Rackspace recently confirmed that Play ransomware used a zero-day exploit dubbed OWASSRF targeting this bug (CVE-2022-41080) to compromise unpatched Microsoft Exchange servers on its network after bypassing ProxyNotShell URL rewrite mitigations.

According to Microsoft, the Play ransomware gang has abused this security flaw since late November 2022. The company advises customers to prioritize CVE-2022-41080 patching to block potential attacks.

Redmond says that this SSRF vulnerability has also been exploited since at least November 17th by another threat group it tracks as DEV-0671 to hack Exchange servers and deploy Cuba ransomware payloads.

Microsoft shared this info in a January update to a private threat analytics report seen by BleepingComputer and available to customers with Microsoft 365 Defender, Microsoft Defender for Endpoint Plan 2, or Microsoft Defender for Business subscriptions.

While Microsoft released security updates to address this SSRF Exchange vulnerability on November 8th and has provided some of its customers with info that ransomware gangs are using the flaw, the advisory is yet to be updated to warn that it’s being exploited in the wild.

See Also: So you want to be a hacker?
Complete Offensive Security and Ethical Hacking Course

Patch your Exchange servers against OWASSRF attacks

 

The OWASSRF exploit spotted by CrowdStrike security researchers on Rackspaces’s network was also shared online together with some of Play ransomware’s other malicious tools.

This will make it easier for other cybercriminals to adapt Play ransomware’s tooling for their own purposes or create their own custom CVE-2022-41080 exploits, adding to the urgency of patching the vulnerability as soon as possible.

On Tuesday, Cybersecurity and Infrastructure Security Agency (CISA) also ordered Federal Civilian Executive Branch Agencies (FCEB) agencies to patch their systems against this bug by January 31st and strongly urged all organizations to secure their Exchange servers to thwart exploitation attempts.

Organizations with on-premises Microsoft Exchange servers on their networks should deploy the latest Exchange security updates immediately (with November 2022 as the minimum patch level) or disable Outlook Web Access (OWA) until they can apply CVE-2022-41080 patches.

Cuba ransomware behind more than 100 attacks worldwide

 

The FBI and CISA revealed in a joint security advisory issued last month that the Cuba ransomware gang has raked in more than $60 million in ransoms as of August 2022 after breaching over 100 victims worldwide.

Although this paints a bleak picture, samples submitted by victims to the ID-Ransomware platform analysis show that the gang is not very active, proving that even a somewhat inactive ransomware operation can have a huge impact.

 

Cuba ransomware ID-Ransomware sample submissions
Cuba ransomware sample submissions (ID-Ransomware)

 

Another FBI advisory from December 2021 warned that the ransomware group had compromised at least 49 organizations from U.S. critical infrastructure sectors.

In both advisories, the FBI strongly urged reporting Cuba ransomware attacks to local FBI field offices and asked victims to share related information with their local FBI Cyber Squad to help identify the ransomware gang’s members and the cybercriminals they’re working with.

While not as prolific as Cuba ransomware and although first spotted a lot more recently, in June 2022, Play ransomware has been quite active and has already hit dozens of victims worldwide, including Rackspace, the German H-Hotels hotel chain, the Belgium city of Antwerp, and Argentina’s Judiciary of Córdoba.

Are u a security researcher? Or a company that writes articles or write ups about Cyber Security, Offensive Security (related to information security in general) that match with our specific audience and is worth sharing?

If you want to express your idea in an article contact us here for a quote: [email protected]

Source: bleepingcomputer.com

Source Link

Merch
The post Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw first appeared on Black Hat Ethical Hacking. ...



📌 Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw


📈 93.1 Punkte

📌 Microsoft: Cuba ransomware hacking Exchange servers via OWASSRF flaw


📈 93.1 Punkte

📌 Cuba Ransomware gang hacking Microsoft Exchange Servers


📈 48.2 Punkte

📌 Microsoft Exchange: Neue OWASSRF-Exploit-Methode (ProxyNotShel) durch Play-Ransomware


📈 45.1 Punkte

📌 OWASSRF – New Exploit Let Attacker Execute Remote Code on Microsoft Exchange Server


📈 40.65 Punkte

📌 Exchange OWASSRF Exploited for Remote Code Execution, (Thu, Dec 22nd)


📈 38.72 Punkte

📌 Hive Ransomware Affiliate Attacking Microsoft Exchange Servers vulnerable to ProxyShell Flaw


📈 30.08 Punkte

📌 Microsoft Exchange attacks: Now Microsoft rushes out a patch for these unsupported Exchange servers, too


📈 28.38 Punkte

📌 Microsoft Exchange hack: Why so many enterprises still run their own Exchange servers


📈 26.46 Punkte

📌 Cuba ransomware group used Microsoft developer accounts to sign malicious drivers


📈 25.65 Punkte

📌 Microsoft Exchange Servers Still Open to Actively Exploited Flaw


📈 25.62 Punkte

📌 Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers


📈 25.62 Punkte

📌 Microsoft Exchange flaw CVE-2024-21410 could impact up to 97,000 servers


📈 25.62 Punkte

📌 Multiple Cyberspy Groups Target Microsoft Exchange Servers via Zero-Day Flaws


📈 25.39 Punkte

📌 Microsoft Exchange servers hacked via OAuth apps for phishing


📈 25.39 Punkte

📌 Cyberattackers Compromise Microsoft Exchange Servers via Malicious OAuth Apps


📈 25.39 Punkte

📌 Microsoft: BlackCat Ransomware Group Targets Vulnerable Microsoft Exchange Servers


📈 24.76 Punkte

📌 Multiple nation-state groups are hacking Microsoft Exchange servers


📈 24.48 Punkte

📌 Multiple Nation-state Groups Are Hacking Microsoft Exchange Servers – Awareness Expert Reaction


📈 24.48 Punkte

📌 Cuba Ransomware partners with Hancitor for spam-fueled attacks


📈 23.72 Punkte

📌 Cuba ransomware returns to extorting victims with updated encryptor


📈 23.72 Punkte

📌 Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques


📈 23.72 Punkte

📌 McAfee ATR Threat Report: A Quick Primer on Cuba Ransomware


📈 23.72 Punkte

📌 McAfee Defender’s Blog: Cuba Ransomware Campaign


📈 23.72 Punkte

📌 Hacker uses new RAT malware in Cuba Ransomware attacks


📈 23.72 Punkte

📌 Hackers Behind Cuba Ransomware Attacks Using New RAT Malware


📈 23.72 Punkte

📌 Cuba-Ransomware: Das FBI soll Montenegro helfen - Tarnkappe.info


📈 23.72 Punkte

📌 Cuba-Ransomware: Das FBI soll Montenegro helfen


📈 23.72 Punkte

📌 Cuba ransomware affiliate targets Ukrainian govt agencies


📈 23.72 Punkte

📌 Connecting the Bots – Hancitor fuels Cuba Ransomware Operations


📈 23.72 Punkte

📌 Cuba Ransomware and Its Partnership With Hancitor


📈 23.72 Punkte

📌 The strange link between Industrial Spy and the Cuba ransomware operation


📈 23.72 Punkte

📌 Experts spotted a new variant of the Cuba Ransomware with optimized infection techniques


📈 23.72 Punkte

📌 Cuba ransomware affiliate targets Ukraine, CERT-UA warns


📈 23.72 Punkte











matomo