Lucene search
K

104 matches found

ThreatPost
ThreatPost
added 2021/03/12 4:26 p.m.404 views

Microsoft Exchange Exploits Pave a Ransomware Path

Cybercriminals are now using compromised Microsoft Exchange servers as a foothold to deploy a new ransomware family called DearCry, Microsoft has warned. The ransomware is the latest threat to beleaguer vulnerable Exchange servers, emerging shortly after Microsoft issued emergency patches in earl...

7.5CVSS9.7AI score0.99999EPSS
Exploits66References14
The Hacker News
The Hacker News
added 2021/03/12 8:36 a.m.60 views

Hackers Are Targeting Microsoft Exchange Servers With Ransomware

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up. According to...

8.2AI score
Exploits0
The Hacker News
The Hacker News
added 2021/03/12 8:36 a.m.4 views

Hackers Are Targeting Microsoft Exchange Servers With Ransomware

It didn't take long. Intelligence agencies and cybersecurity researchers had been warning that unpatched Exchange Servers could open the pathway for ransomware infections in the wake of swift escalation of the attacks since last week. Now it appears that threat actors have caught up. According to...

5.9AI score
Exploits0
GithubExploit
GithubExploit
added 2021/03/11 8:51 p.m.218 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855 PoC of proxylogon chain SSRFCVE-2021-26855 to...

9.8CVSS8.9AI score0.99999EPSS
Exploits63
GithubExploit
GithubExploit
added 2021/03/11 7:35 p.m.103 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855 CVE-2021-26855, also known as Proxylogon, is a...

9.8CVSS9.6AI score0.99999EPSS
Exploits65
GithubExploit
GithubExploit
added 2021/03/11 7:35 p.m.3 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-26855 CVE-2021-26855, also known as Proxylogon, is a...

9.8CVSS7.7AI score0.99999EPSS
Exploits65
ThreatPost
ThreatPost
added 2021/03/11 6:1 p.m.207 views

Microsoft Exchange Servers Face APT Attack Tsunami

Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat APT groups, all bent on compromising email servers around the world. Overall exploitation activity is snowballing, according to researchers. Microsoft said in early March that ...

7.5CVSS9.9AI score0.99999EPSS
Exploits66References19
GithubExploit
GithubExploit
added 2021/03/11 5:32 p.m.270 views

Exploit for Deserialization of Untrusted Data in Microsoft

Proxylogon-exploi...

7.8CVSS9.5AI score0.94008EPSS
Exploits5
Qualys Blog
Qualys Blog
added 2021/03/11 2:2 a.m.56 views

Security Advisory: Mitigating the Risk of Microsoft Exchange Zero-Day ProxyLogon Vulnerabilities

Microsoft recently released several security updates for Microsoft Exchange Server to address vulnerabilities that sophisticated nation-state actors are exploiting to exfiltrate critical data from a variety of organizations. Reports suggest attackers have been targeting these vulnerabilities sinc...

0.5AI score
Exploits0
0day.today
0day.today
added 2021/03/11 12:0 a.m.228 views

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit

Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...

9.8CVSS0.5AI score0.99999EPSS
Exploits65
Exploit DB
Exploit DB
added 2021/03/11 12:0 a.m.4440 views

Microsoft Exchange 2019 - Server-Side Request Forgery (Proxylogon) (PoC)

Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2021/03/11 12:0 a.m.409 views

Microsoft Exchange Proxylogon SSRF Proof Of Concept

Original Author: testanull https://github.com/testanull https://twitter.com/testanull PoC of proxylogon chain SSRFCVE-2021-26855 to write file Original "Archive" https://web.archive.org/web/20210310164403/https://gist.github.com/testanull/fabd8eeb46f120c4b15f8793617ca7d1 import requests from...

7.5CVSS0.2AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/03/10 5:37 a.m.4161 views

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, an...

10CVSS0.8AI score0.99999EPSS
Exploits67
The Hacker News
The Hacker News
added 2021/03/10 5:37 a.m.7 views

Microsoft Issues Security Patches for 89 Flaws — IE 0-Day Under Active Attacks

Microsoft plugged as many as 89 security flaws as part of its monthly Patch Tuesday updates released today, including fixes for an actively exploited zero-day in Internet Explorer that could permit an attacker to run arbitrary code on target machines. Of these flaws, 14 are listed as Critical, an...

10CVSS8.2AI score0.99999EPSS
Exploits67
Qualys Blog
Qualys Blog
added 2021/03/09 9:33 p.m.188 views

March 2021 Patch Tuesday – 82 Vulnerabilities, 10 Critical, Adobe

This month’s Microsoft Patch Tuesday addresses 82 vulnerabilities, of which 10 are rated with Critical severity. This follows an out-of-band security update on March 2 to address critical vulnerabilities in Microsoft Exchange. Adobe released patches today for its FrameMaker, Creative Cloud Deskto...

10CVSS1.2AI score0.81103EPSS
Exploits0
Malwarebytes
Malwarebytes
added 2021/03/09 7:59 p.m.242 views

Microsoft Exchange attacks cause panic as criminals go shell collecting

Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. Seeing how this disclosure came with a patch being available, under normal circumstances you would see some companies update...

7.5CVSS10AI score0.99999EPSS
Exploits63
The Hacker News
The Hacker News
added 2021/03/08 10:15 a.m.17696 views

Microsoft Exchange Cyber Attack — What Do We Know So Far?

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company said "it continues to see...

9.8CVSS10AI score0.99999EPSS
Exploits66
GithubExploit
GithubExploit
added 2021/03/07 12:12 p.m.5 views

Exploit for Server-Side Request Forgery in Microsoft

PoC exploit for CVE-2021-26855 and CVE-2021-27065, two vulnerabi...

9.8CVSS9.6AI score0.99999EPSS
Exploits65
GithubExploit
GithubExploit
added 2021/03/05 8:22 a.m.40 views

Exploit for Server-Side Request Forgery in Microsoft

It is an offensive tool for Microsoft Exchange server vulnerabil...

9.8CVSS9.9AI score0.99999EPSS
Exploits66
Qualys Blog
Qualys Blog
added 2021/03/03 10:12 p.m.1795 views

Microsoft Exchange Server Zero-Days (ProxyLogon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR

Update March 10, 2021: A new section describes how to respond with mitigation controls if patches cannot be applied, as recommended by Microsoft. This section details the Qualys Policy Compliance control ids for each vulnerability. Update March 8, 2021: Qualys has released an additional QID: 5010...

7.5CVSS0.1AI score0.99999EPSS
Exploits69
Rows per page
Query Builder