News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

SSRF attacks on Microsoft Exchange Server
SSRF attacks on Microsoft Exchange Server

In an analysis, Bitdefender warns of a series of ProxyNotShell/OWASSRF attacks targeting on-premise Microsoft Exchange installations. The attack often even ends in taking over the server. A technical guide from Bitdefender offers help. The attacks observed since the end of November 2022, especially in the USA, served different purposes. Server-Side Request Forgery (SSRF) attacks enable opportunistic attacks via a vulnerable server on another server and can lead to the complete takeover of a Microsoft Exchange server, for example. Vulnerabilities in such high-level architectures are rarely found. If available, they can only be used in productive systems...

Read more

Spam wave: Fake Turkey and Syria appeals for donations
Bitdefender_News

While there is a large participation and many aid campaigns for the earthquake victims in Turkey and Syria worldwide, cyber gangsters try to steal the money with fake appeals for donations. This is how private individuals and companies recognize the scammers. As Bitdefender reports, cybercriminal free riders are trying to quickly capitalize on the earthquake disaster in Turkey and Syria. The Antispam Lab has discovered scam emails in which a supposed Ukrainian charity is asking for donations. Fake fundraisers The alleged Vladimir Foundation is currently spreading its fraudulent fundraisers in South Korea (49%), Vietnam (19%), the USA and India (7% each), Denmark (3%), Ireland...

Read more

2023: Enterprises must optimize their IT defenses
2023: Enterprises must optimize their IT defenses

Cyber ​​criminals never stand still. They constantly improve their methods and intensify their attacks on available targets. In 2023, companies will once again be faced with the task of further optimizing their IT defenses. When it comes to cyber insurance, a good defense is also expected or there is no policy. 2022 was not a quiet year for IT security either. Hackers have crossed new borders: Organized criminals attacked governments, like Conti in the Costa Rica case. The Lapsus$ group attacked well-known players in the digital economy such as Microsoft, Nvidia, Uber, Globant and others. Hacker collectives developed sophisticated, powerful tools for…

Read more

Free MegaCortex ransomware decryption tool
Free MegaCortex ransomware decryption tool

A decryption tool co-developed by Bitdefender is now available to victims of the MegaCortex ransomware family. Those affected can use this free tool to make encrypted data from all MegaCortex versions available again. As early as October 2021, Europol had reported the arrest of twelve people as a result of an international action against actors who had used ransomware of the Dharma, MegaCortex and LockerGoga types. The victims of the attacks are believed to have included over 1.800 victims in 71 countries. The damage caused was estimated at over 100 million US dollars. Many of the victims kept encrypted data and waited a long time…

Read more

Study: What companies expect from MDR

Managed Detection and Response is a big topic for companies because there are no specialists available for evaluating EDR, XDR & Co. A study shows what companies expect from MDR providers - bundled in a specification for IT security service providers. In view of increasingly complex threats, IT security teams in companies of all sizes will sooner or later be overwhelmed with ensuring the security of data, applications and processes. But what help do they need? What is the requirement profile of a Managed Detection and Response (MDR) service provider? And how does an IT security service and its external security experts improve the security situation in companies? This…

Read more

Bitdefender decryptor against RanHassan ransomware
Bitdefender_News

Victims of the RanHassan ransomware can now decrypt their data again using a universal Bitdefender decryptor. Bitdefender now provides 22 decryptors. The ability to decrypt data yourself is the best way to thwart ransomware attacks. Bitdefender's continued development of one of the industry's most comprehensive ransomware decryption programs has saved many companies from having to pay ransoms - estimated at around $XNUMX billion in total. Bitdefender's top decryption tools include tools for victims of Gandcrab attacks, as well as a universal decryptor against REvil ransomware….

Read more

Cost-benefit analysis of IT security 

IT security has a problem: it doesn't make any profits. For many it is still too expensive. However, the benefits of cyber defense can be demonstrated by a cost-benefit analysis with an IT security platform. There are five factors that can do this. Without a doubt, cyber defense causes additional costs beyond the pure license price. Because security software is not only to be obtained and installed quickly. Overtime that takes up time resources can never be ruled out. Its benefits often only become apparent when IT teams are willing and able to work with it. Security must be resource intensive….

Read more

Microsoft OneDrive: Cryptojacking campaign via DLL sideloading
Microsoft OneDrive: Cryptojacking campaign via DLL sideloading

Bitdefender experts warn of a cryptojacking campaign via a DLL sideloading vulnerability in Microsoft OneDrive. Bitdefender has already detected 700 attacked Microsoft OneDrive instances in May and June 2022. Germany is one of the hardest hit. Cryptojacking is a growing danger: hackers use the resources of infected PCs or mobile devices to use their resources for their own cryptomining. In May and June 2022, Bitdefender detected a global attack campaign in which cyber criminals exploit known DLL sideloading vulnerabilities in Microsoft OneDrive to install cryptomining malware on victims' systems. In principle, they could...

Read more

Update: EZVIZ cameras with vulnerabilities
B2B Cyber ​​Security ShortNews

Bitdefender recently published and described the vulnerabilities in 10 million EZVIZ cameras and called for the firmware to be updated. EZVIZ itself comments on this and thanks for the cooperation with Bitdefender and requests the customers to update via push notifications. BitDefender has diagnosed three security vulnerabilities in five product models of EZVIZ cameras and described them in detail. To fix the vulnerabilities (CVE-2022-2471, CVE-2022-2472) on the products and one on the cloud platform, EZVIZ has released an updated firmware. Since September 14, 2022, the public safety notice has been available on the company website at EZVIZ....

Read more

Study: Increased corporate espionage discovered
Study: Increased corporate espionage discovered

Bitdefender has published a study detailing sophisticated corporate espionage against a US technology company. The attack took place over several months and focused on data exfiltration. An extensive network of several hundred IP addresses (most of them from China) were used for the attack. As part of the study, Bitdefender concludes that this type of attack is likely to increase and advises companies in industry, energy, finance, defense and other critical sectors to be on high alert. Spy campaign on Bitdefender partners…

Read more