At Camel Secure we want you to be informed. That is why we present you this summary with the most important news in cybersecurity of the week
CRITICAL VULNERABILITY IN F5 BIG-IP IS EXPLOITED BY ATTACKERS
The flaw in the remote code of the F5 Network BIG-IP platform, for which the company released a security patch on March 10, is being exploited by attackers, different cybersecurity media reported this week.
On March 18, an online PoC reported the exploitation in the wild using the reverse engineering of the Java patch in BIG-IP, since then a massive number of scans have been detected.
The vulnerability, tracked as CVE-2021-22986, and rated 9.8 out of 10 (very critical) is a remote command flaw in BIG- IP, used for network traffic security management.
F5 indicated that an unauthorized attacker can gain access to the bIG-IP administrative interface and own IP addresses and execute arbitrary system commands, create or delete files, and disable services.
BLACK KINGDOM RANSOMWARE EXPLODES VULNERABILITIES FROM MICROSOFT EXCHANGE
The ransomware operation known as Black Kingdom is exploiting vulnerabilities in Microsoft Exchange Server Proxy Logon to encrypt servers, MalwareTechBlog indicated last weekend, information that was replicated by different cybersecurity media set.
Based on records of different honeypots, MalwareTech verified that despite the existence of patches for the flaw, threat actors have not given up exploring the vulnerability. They do this by running a PowerShell script that downloads a ransomware executable file (yuuuuu44 [.] Com) and then sends it to other computers on the network.
The security firm ID Ransomware also warned of the threat from Black Kingdom that has already encrypted several devices since March 18.
So far, victims have been registered in the United States, Canada, Austria, Switzerland, Russia, France, Israel, United Kingdom, Italy, Germany, Greece, Australia and Croatia.
Some of the ransom notes of this ransomware demand up to 10,000 Bitcoins. Since that date, at least one ransom payment has been made.
Black Kingdom is the second ransomware that targets Microsoft Exchange Proxy Logon vulnerabilities. The first was the DearCry ransomware, earlier in the month.
REVIL DEMANDS 50 MILLION DOLLARS FOR RANSOMWARE ATTACK
The largest ransomware demand in history was seen last week when Revil demanded from PC manufacturer ACER a total of $ 50 million in ransom for a ransomware attack (Revil / Sodinokibi).
The attack was known after the leak of the negotiations carried out by ReEvil, after a break in the temporary dialogue between the parties, indicated some cybersecurity media.
The affected company said in a statement that "there is an ongoing investigation and for security reasons, we cannot comment on the details," but neither did it confirm that the reported attack was actually perpetrated.
