MS Exchange Servers and BlackKingdom ransomware : Per Bleeping Computer,
This weekend security researcher Marcus Hutchins reported seeing a threat actor run a script to compromise all Exchange servers vulnerable to ProxyLogon. It dropped a Black KingDom ransomware note but did not encrypt anything.
However, Michael Gillepsie of ID Ransomware claims he’a seen 30 unique submissions to his system and device encryptions. Also of note is that back in 2020 corporate networks were being targeted via Pulse VPN vulnerabilities and hit with ransomware known as BlackKingdom, and it’s being determined if these are the same. Stay tuned and more importantly – stay vigilant!
This particular Apache product is “a Java-based web framework” for automating open source enterprise resource planning systems or ERP. I’m guessing there’s a lot out there. CVE-2021-26295 can allow for remote code execution by unauthorized parties via unsafe deserialization in the attack. Deserialization exploits do bad things with data integrity.
This vulnerability affects versions before 17.12.06 so upgrade asap. Please! Because we all recall what happened to unpatched Apache Struts vulnerabilities! Cough – Equifax – cough.
Keep Watch: Active exploits against BIG-IP by F5 ongoing. If you aren’t patched, assume compromise. Seriously 😐