BleepingComputer reports that Microsoft Exchange servers are being targeted by the Cuba ransomware operation with the zero-day OWASSRF exploit, tracked as CVE-2022-41080, which has also been exploited by the Play ransomware gang to evade ProxyNotShell URL rewrite mitigations.
The Cybersecurity and Infrastrastructure Security Agency has updated its Known Exploited Vulnerabilities Catalog with two more security flaws, including a Microsoft Exchange privilege escalation bug, tracked as CVE-2022-41080, according to BleepingComputer.
Financial organizations in French-speaking African countries are being subjected to attacks by the Bluebottle cybercrime operation, which has been leveraging living-off-the-land attacks and generic malware, reports SiliconAngle.
Colombia- and Ecuador-based organizations are being targeted by the Spanish-speaking threat group Blind Eagle, also known as APT-C-36, which has reemerged with a strengthened toolset and infection chain, The Hacker News reports.
Rackspace has disclosed that some of its customers' Personal Storage Table files with emails, contacts, tasks, and calendar data, have been accessed by the Play ransomware operation during its attack on the multicloud MSP firm's Hosted Exchange email environment last month, according to BleepingComputer.
Security researchers with the Shadowserver Foundation announced that 60,865 Microsoft Exchange servers have not yet been patched to defend against the CVE-2022-41082 remote code execution flaw, reports BleepingComputer.
Play ransomware gang behind Rackspace attack Texas Public Radio reports that the Play ransomware gang has been noted by Rackspace to be the perpetrators of an attack against its Hosted Exchange platform in early December.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.