Updated on 2022-12-29
Play ransomware
Fortinet researchers have a technical breakdown of the new Play ransomware operation. Read more: Ransomware Roundup – Play Ransomware
Updated on 2022-12-23
Palo Alto Networks Unit 42 researchers observed the active exploitation of the OWASSRF vulnerability. So far, eight organizations have seen the exploitation activity against Microsoft Exchange servers. Read more: Threat Brief: OWASSRF Vulnerability Exploitation
Updated on 2022-12-20
The Play ransomware gang claimed responsibility for attacks on Germany-based H-Hotels by listing the company on its Tor site. The data stolen includes client documents, passports, IDs, and more. Read more: Cyberangriff auf H-Hotels.com
Overview
Crowdstrike said they identified OWASSRF, a new method of exploiting the ProxyNotShell vulnerabilities. The company said it saw the technique being used in the wild to deploy the Play ransomware. Read more: OWASSRF: CrowdStrike Identifies New Exploit Method for Exchange Bypassing ProxyNotShell Mitigations