Lucene search
+L

24 matches found

Information Security Automation
Information Security Automation
added 2022/10/21 8:10 p.m.162 views

Joint Advisory AA22-279A and Vulristics

Hello everyone! This episode will be about the new hot twenty vulnerabilities from CISA, NSA and FBI, Joint cybersecurity advisory CSA AA22-279A, and how I analyzed these vulnerabilities using my open source project Vulristics. Alternative video link for Russia: Americans cant just release a list...

10CVSS1.1AI score0.99999EPSS
Exploits975
Securelist
Securelist
added 2021/06/17 10:0 a.m.420 views

Black Kingdom ransomware

Black Kingdom ransomware appeared on the scene back in 2019, but we observed some activity again in 2021. The ransomware was used by an unknown adversary for exploiting a Microsoft Exchange vulnerability CVE-2021-27065. The complexity and sophistication of the Black Kingdom family cannot bear a...

7.5CVSS0.9AI score0.99999EPSS
Exploits87
ThreatPost
ThreatPost
added 2021/05/10 5:37 p.m.800 views

Lemon Duck Cryptojacking Botnet Changes Up Tactics

The Lemon Duck cryptocurrency-mining botnet has added the ProxyLogon group of exploits to its bag of tricks, targeting Microsoft Exchange servers. That’s according to researchers at Cisco Talos, who said that the cybercrime group behind Lemon Duck has also added the Cobalt Strike attack framework...

10CVSS7.7AI score0.99999EPSS
Exploits189References15
Metasploit
Metasploit
added 2021/03/23 5:42 p.m.396 views

Microsoft Exchange ProxyLogon RCE

This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you can execute...

9.8CVSS9.5AI score0.99999EPSS
Exploits65
Metasploit
Metasploit
added 2021/03/23 5:42 p.m.538 views

Microsoft Exchange ProxyLogon Scanner

This module scan for a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication and impersonating as the admin CVE-2021-26855. By chaining this bug with another post-auth arbitrary-file-write vulnerability to get code execution CVE-2021-27065. As a result, a...

9.8CVSS9.8AI score0.99999EPSS
Exploits65
0day.today
0day.today
added 2021/03/23 12:0 a.m.309 views

Microsoft Exchange ProxyLogon Remote Code Execution Exploit

This Metasploit module exploits a vulnerability on Microsoft Exchange Server that allows an attacker bypassing the authentication, impersonating as the admin CVE-2021-26855 and write arbitrary file CVE-2021-27065 to get the RCE Remote Code Execution. By taking advantage of this vulnerability, you...

9.1CVSS9.6AI score0.99999EPSS
Exploits65
Packet Storm
Packet Storm
added 2021/03/23 12:0 a.m.559 views

Microsoft Exchange ProxyLogon Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Exchange ProxyLogon RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allows an attacker...

7.5CVSS0.3AI score0.99999EPSS
Exploits65
MSRC
MSRC
added 2021/03/16 6:44 p.m.241 views

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065. Microsoft will continue to monitor these threats and provide updated tools and...

7.5CVSS2.7AI score0.99999EPSS
Exploits66
MSRC
MSRC
added 2021/03/16 7:0 a.m.83 views

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update system...

7.5CVSS2.2AI score0.99999EPSS
Exploits66
MSRC
MSRC
added 2021/03/16 7:0 a.m.99 views

Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities

This guidance will help customers address threats taking advantage of the recently disclosed Microsoft Exchange Server on-premises vulnerabilities CVE-2021-26855, CVE-2021-26858, CVE-2021-26857, and CVE-2021-27065, which are being exploited. We strongly urge customers to immediately update system...

9.8CVSS7AI score0.99999EPSS
Exploits66
Akamai Blog
Akamai Blog
added 2021/03/15 10:30 p.m.540 views

How Akamai Can Help You Fight the Latest Exploitation Attempts Against Microsoft Exchange

Co-authored by Ryan Barnett. AppSec Protections for Microsoft Exchange CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 On March 2, 2021, the Microsoft Security Response Center alerted its customers to several critical security updates to Microsoft Exchange Server, addressing...

7.5CVSS10AI score0.99999EPSS
Exploits66
0day.today
0day.today
added 2021/03/11 12:0 a.m.228 views

Microsoft Exchange 2019 - SSRF to Arbitrary File Write (Proxylogon) Exploit

Exploit Title: Microsoft Exchange 2019 - SSRF to Arbitrary File Write Proxylogon Date: 2021-03-10 Exploit Author: testanull Vendor Homepage: https://www.microsoft.com Version: MS Exchange Server 2013, 2016, 2019 CVE: 2021-26855, 2021-27065 import requests from urllib3.exceptions import...

9.8CVSS0.5AI score0.99999EPSS
Exploits65
Talos Blog
Talos Blog
added 2021/03/08 10:18 a.m.506 views

Threat Advisory: HAFNIUM and Microsoft Exchange zero-day

Microsoft released patches for four vulnerabilities in Exchange Server on March 2, disclosing that these vulnerabilities were being exploited by a previously unknown threat actor, referred to as HAFNIUM. The vulnerabilities in question — CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and...

7.5CVSS1.2AI score0.99999EPSS
Exploits66
FireEye
FireEye
added 2021/03/04 12:0 a.m.601 views

Detection and Response to Exploitation of Microsoft Exchange Zero-Day Vulnerabilities

Beginning in January 2021, Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint securit...

7.5CVSS9.8AI score0.99999EPSS
Exploits66References10
Qualys Blog
Qualys Blog
added 2021/03/03 10:12 p.m.1802 views

Microsoft Exchange Server Zero-Days (ProxyLogon) – Automatically Discover, Prioritize and Remediate Using Qualys VMDR

Update March 10, 2021: A new section describes how to respond with mitigation controls if patches cannot be applied, as recommended by Microsoft. This section details the Qualys Policy Compliance control ids for each vulnerability. Update March 8, 2021: Qualys has released an additional QID: 5010...

7.5CVSS0.1AI score0.99999EPSS
Exploits69
ThreatPost
ThreatPost
added 2021/03/03 3:30 p.m.574 views

Microsoft Exchange 0-Day Attackers Spy on U.S. Targets

Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Adversaries have been able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to the computin...

10AI score0.99999EPSS
Exploits66References8
Circl
Circl
added 2021/03/03 2:44 a.m.14 views

CVE-2021-27065

creationtimestamp| type| source ---|---|--- 2021-03-03 02:44:45+00:00| seen| https://t.me/cibsecurity/24377 2021-03-03 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=556 2021-03-03 06:31:27+00:00| seen| MISP/76591c3b-efb3-4084-a644-87a6cca8c784 2021-03-03 15:38:55+00:00|...

7.8CVSS8.3AI score0.99946EPSS
Exploits30References33
NVD
NVD
added 2021/03/03 12:15 a.m.29 views

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability...

7.8CVSS0.99946EPSS
Exploits30References4
OSV
OSV
added 2021/03/03 12:15 a.m.0 views

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability...

7.8CVSS7.5AI score0.99946EPSS
Exploits30References4
ATTACKERKB
ATTACKERKB
added 2021/03/03 12:0 a.m.462 views

CVE-2021-27065

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: wvu-r7 at March 10, 2021 7:13am UTC reported: When used with CVE-2021-26855, an unauthenticated SSRF, CVE-2021-27065 yields unauthed, SYSTEM-level RCE against a vulnerable Exchange Server. On its own, exploiting thi...

9.8CVSS8.8AI score0.99999EPSS
In wildExploits65References5
Rows per page
Query Builder