Hackers ‘Abusing’ Microsoft Exchange Server Vulnerabilities: Huntress

Threat researcher Huntress is warning MSPs of on-premise Microsoft Exchange Server ProxyShell vulnerabilities that could be exploited by cybercriminals as early as this weekend.

Huntress has seen 140-plus webshells on Microsoft Exchange Server 2013, 2016, and 2019. The threat researcher said it has uncovered 1,900 plus unpatched boxes in 48 hours.

LockFile Ransomware Encrypting Domains Via Exchange Hack

A new ransomware operator is taking over Windows domains on networks around the world after exploiting a chain of Microsoft Exchange server vulnerabilities called ProxyShell.

The LockFile ransomware gang has taken advantage of the Microsoft Exchange ProxyShell and Windows PetitPotam vulnerabilities to hijack Windows domains and encrypt devices, security researcher Kevin Beaumont reported Saturday.

SolarWinds Hackers’ New Attack Is ‘Another Wake-Up Call’ For Microsoft Partners

The latest SolarWinds hackers’ cybersecurity attack on 140 Microsoft IT resellers and service providers with as many as 14 successfully breached is yet another wake-up call for the beleaguered Microsoft partner community, said partners.

“I wouldn’t want to be an MSP who is just starting to think about cybersecurity now as they might not exist in another year,” said David Stinner, president of US itek, a Buffalo, N.Y.-based MSP that has invested heavily in a multi-layered security stack for its customers over the last several years.

How to pick a VPN for your business

A virtual private network (VPN) offers a host of security and privacy benefits, especially if you’re surfing the web or transacting online over a public Wi-Fi network. A VPN ensures that your online activities are always secure and private. So what factors do you need to consider when selecting a VPN, and how do you pick one? Read on to find out.

The threat of distributed spam distraction

You wouldn’t think that cybercriminals would carry out their nefarious schemes in plain sight — except that they do and you’ve probably already fallen victim to them. Learn all about a scheme called distributed spam distraction (DSD) and how malicious actors are using it to steal valuable information from their victims.

It’s time to rethink your password strategy

In 2003, the National Institute of Standards and Technology (NIST) stated that strong passwords should consist of upper- and lowercase letters, numbers, and symbols. Recently, however, the institute reversed its stance. Find out why and learn what their new recommendations are for creating strong passwords.

A closer look at fileless malware

To avoid detection by anti-malware programs, cybercriminals are increasingly abusing legitimate software tools and programs installed on computers to initiate attacks. They use fileless malware to infiltrate trusted applications and issue executables that blend in with normal network traffic, IT processes, and system administration tasks while leaving fewer footprints.