BleepingComputer reports that Microsoft Exchange servers are being targeted by the Cuba ransomware operation with the zero-day OWASSRF exploit, tracked as CVE-2022-41080, which has also been exploited by the Play ransomware gang to evade ProxyNotShell URL rewrite mitigations.
Threat operation DEV-0671 has been leveraging the flaw since at least Nov. 17 to compromise Exchange servers with Cuba ransomware payloads, according to a Microsoft report, which comes after CrowdStrike researchers discovered the vulnerability being exploited in the network of cloud computing provider Rackspace.
Federal organizations have already been urged by the Cybersecurity and Infrastructure Security Agency to remediate the vulnerability by the end of the month.
More than 100 attacks around the world have already been conducted by the Cuba ransomware operation, which has earned over $60 million as of August, an FBI and CISA report revealed.
Cuba ransomware was reported by the FBI in late 2021 to have impacted at least 49 U.S. critical infrastructure organizations.
Vulnerabilities impacting cloud analytics and business intelligence software Qlik Sense have been exploited to facilitate the deployment of CACTUS ransomware in a new campaign, The Hacker News reports.
Staples cyberattack disrupts online orders BleepingComputer reports that outages at American office supply retail chain that disrupted online orders were confirmed to have been caused by a cyberattack.
Cyber Resilience in the Ransomware and Wiper Era New Strategies for CISOs to Protect
The changing face of ransomware, and how to respond
Unveiling the Hidden Threat: Hybrid Attackers Leveraging Identities to Execute Ransomware
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news