all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Threat Actor Leverages ProxyShell Exploit to Serve Ransomware

Add to bookmarks
Oct. 3, 2022, 5:02 a.m. |

FortiGuard Labs | FortiGuard Center - Threat Signal Report fortiguard.fortinet.com

FortiGuard Labs is aware of a report that a new threat actor, "Tortillas," is leveraging the ProxyShell exploit to deliver ransomware. Based on the traits, the ransomware served by tortillas appears to be a Babuk ransomware variant. ProxyShell consists of three Microsoft Exchange vulnerabilities (CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207) used in a chain that enables the attacker to remotely run malicious code on the targeted system as a result. The security flaws were patched by Microsoft in April and May 2021. …

actor exploit proxyshell ransomware threat threat actor

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - Threat Signal Report

ArcaneDoor Attack (CVE-2024-20353 and CVE-2024-20359) 19 hours ago | fortiguard.fortinet.com
adaptive security advisory april arcanedoor +22
Akira Ransomware Attack (CVE-2023-20269 and CVE-2020-3259) 20 hours ago | fortiguard.fortinet.com
access advisory akira akira ransomware +17
PAN-OS Critical Flaw in GlobalProtect Gateway (CVE-2024-3400) 1 week, 2 days ago | fortiguard.fortinet.com
advisory attack code code injection +27
XZ Utils Supply Chain Attack (CVE-2024-3094) 3 weeks ago | fortiguard.fortinet.com
attack code compression cve +25
Nice Linear eMerge Command Injection Vulnerability (CVE-2019–7256) 4 weeks ago | fortiguard.fortinet.com
access attacker code code execution +25
Jenkins Arbitrary File Read Vulnerability (CVE-2024-23897) 4 weeks, 1 day ago | fortiguard.fortinet.com
access application application developers attackers +31
Kimsuky Malware Attack 4 weeks, 2 days ago | fortiguard.fortinet.com
attack cyber entities espionage +15
JetBrains TeamCity Authentication Bypass Vulnerabilities (CVE-2024-27198, CVE-2024-27199) 1 month, 1 week ago | fortiguard.fortinet.com
attacker authentication authentication bypass bypass +15
ConnectWise ScreenConnect Vulnerabilities (CVE-2024-1708 and CVE-2024-1709) 1 month, 4 weeks ago | fortiguard.fortinet.com
access advisory application attackers +28

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cloud Technical Solutions Engineer, Security

@ Google | Mexico City, CDMX, Mexico
View on infosec-jobs.com

Assoc Eng Equipment Engineering

@ GlobalFoundries | SGP - Woodlands
View on infosec-jobs.com

Staff Security Engineer, Cloud Infrastructure

@ Flexport | Bellevue, WA; San Francisco, CA
View on infosec-jobs.com

Software Engineer III, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy

@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs