Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains

Squirrelwaffle is known for using the tactic of sending malicious spam as replies to existing email chains. We look into how by investigating its exploit of Microsoft Exchange Server vulnerabilities, ProxyLogon and ProxyShell...

MuddyWater is taking advantage of old vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. The Federal Bureau of Investigation FBI, the Cybersecurity and Infrastructure Security Agency CISA, the Australian Cyber Security Centre ACSC, and the United Kingdoms National Cyber Security Centre NCSC have issued a joint...

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities...

Analyzing ProxyShell-related Incidents via Trend Micro Managed XDR

In this blog entry, we will take a look at the ProxyShell vulnerabilities that were being exploited in these events, and dive deeper into the notable post-exploitation routines that were used in four separate incidents involving these web shell attacks...

ProxyShell vulnerabilities exploited in domain-wide ransomware attacks

By Deeba Ahmed The ProxyShell vulnerabilities have prompted threat actors to launch domain-wide ransomware attacks against their targets. This is a post from HackRead.com Read the original post: ProxyShell vulnerabilities exploited in domain-wide ransomware attacks...

Microsoft Nov. Patch Tuesday Fixes Six Zero-Days, 55 Bugs

Microsoft reported a total of 55 vulnerabilities, six of which are rated critical, with the remaining 49 being rated important. The flaws are found in Microsoft Windows and Windows Components, Azure, Azure RTOS, Azure Sphere, Microsoft Dynamics, Microsoft Edge Chromium-based, Exchange Server,...

12 New Flaws Used in Ransomware Attacks in Q3

A dozen new vulnerabilities were used in ransomware attacks this quarter, bringing the total number of bugs associated with ransomware to 278. That’s a 4.5 percent increase over Q2, according to researchers. Five of the newbies can be used to achieve remote code execution RCE, while two can be us...

‘Tortilla’ Wraps Exchange Servers in ProxyShell Attacks

A new-ish threat actor sometimes known as “Tortilla” is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. Cisco Talos researchers said in a Wednesday report that they spotted...

A New APT Hacking Group Targeting Fuel, Energy, and Aviation Industries

A previously undocumented threat actor has been identified as behind a string of attacks targeting fuel, energy, and aviation production industries in Russia, the U.S., India, Nepal, Taiwan, and Japan with the goal of stealing data from compromised networks. Cybersecurity company Positive...

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShellPOC POC for...

New APT ChamelGang Targets Russian Energy, Aviation Orgs

A new APT group has emerged that’s specifically targeting the fuel and energy complex and aviation industry in Russia, exploiting known vulnerabilities like Microsoft Exchange Server’s ProxyShell and leveraging both new and existing malware to compromise networks. Researchers at security firm...

Exploit for Unrestricted Upload of File with Dangerous Type in Microsoft

ProxyShell Proof of Concept Exploit for Microsoft Exchange CVE...

Conti ransomware affiliates hit Exchange Servers with ProxyShell exploits

By Waqas Conti ransomware affiliates are exploiting 3 unpatched vulnerabilities that allow unauthenticated, remote code execution on MS Exchange Servers. This is a post from HackRead.com Read the original post: Conti ransomware affiliates hit Exchange Servers with ProxyShell exploits...

PST, Want a Shell? ProxyShell Exploiting Microsoft Exchange Servers

In August 2021, Mandiant Managed Defense identified and responded to the exploitation of a chain of vulnerabilities known as ProxyShell. The ProxyShell vulnerabilities consist of three CVEs CVE-2021-34473, CVE-2021-34523, CVE-2021-31207 affecting the following versions of on-premises Microsoft...

Security News: Exchange ProxyShell, Zoom RCE, Citrix Canceled PT Acknowledgments, Cisco No Patch Router RCEs

Hello everyone! This is a new episode with my comments on the latest Information Security news. Exchange ProxyShell I want to start with something about attacks on Exchange. ProxyShell is in the news, the LockFile ransomware compromised more than 2000 servers. On the other hand, there is basicall...

LockFile Ransomware Uses Never-Before Seen Encryption to Avoid Detection

Researchers discovered a novel ransomware emerging on the heels of the ProxyShell vulnerabilities discovery in Microsoft Exchange servers. The threat, dubbed LockFile, uses a unique “intermittent encryption” method as a way to evade detection as well as adopting tactics from previous ransomware...

LockFile Ransomware Bypasses Protection Using Intermittent File Encryption

A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption." Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such as ProxyShel...

Microsoft Breaks Silence on Barrage of ProxyShell Attacks

Microsoft has broken its silence on the recent barrage of attacks on several ProxyShell vulnerabilities in that were highlighted by a researcher at Black Hat earlier this month. The company released an advisory late Wednesday letting customers know that threat actors may use unpatched Exchange...

Unpatched Microsoft Exchange servers hit with ProxyShell attack

By Waqas Researchers have identified 140+ webshells launched against 1,900 unpatched Microsoft Exchange servers. This is a post from HackRead.com Read the original post: Unpatched Microsoft Exchange servers hit with ProxyShell attack...