Lucene search
+L

18 matches found

ICS
ICS
•added 2022/11/25 12:0 p.m.•96 views

#StopRansomware: Hive Ransomware

Actions to Take Today to Mitigate Cyber Threats from Ransomware: 1. Prioritize remediating known exploited vulnerabilities. 2. Enable and enforce multifactor authentication with strong passwords. 3. Close unused ports and remove any application not deemed necessary for day-to-day operations...

10CVSS8.7AI score0.99999EPSS
Exploits27References54
hivepro
hivepro
•added 2022/03/25 4:5 a.m.•463 views

Magic Hound Exploiting Old Microsoft Exchange ProxyShell Vulnerabilities

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here APT35 aka Magic Hound, an Iranian-backed threat group, has begun using Microsoft Exchange ProxyShell vulnerabilities as an initial attack vector and to execute code through multiple web shells. The group has primarily targeted...

10CVSS0.9AI score0.99999EPSS
Exploits18
Qualys Blog
Qualys Blog
•added 2022/03/07 5:18 a.m.•1067 views

AvosLocker Ransomware Behavior Examined on Windows & Linux

AvosLocker is a ransomware group that was identified in 2021, specifically targeting Windows machines. Now a new variant of AvosLocker malware is also targeting Linux environments. In this blog, we examine the behavior of these two AvosLocker Ransomware in detail. AvosLocker is a relatively new...

10CVSS8.9AI score0.99999EPSS
Exploits18
Trellix
Trellix
•added 2022/02/28 12:0 a.m.•402 views

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware

Trellix Global Defenders: Analysis and Protections for BlackByte Ransomware By Taylor Mullins Ā· February 28, 2022 BlackByte Ransomware has been in the news of late due to a successful attack against a National Football League NFL Franchise and a Joint Cybersecurity Advisory by the Federal Bureau ...

0.8AI score0.99999EPSS
Exploits18
The Hacker News
The Hacker News
•added 2021/11/22 11:47 a.m.•460 views

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems. The findings come from Trend Micro following an...

10CVSS9.4AI score0.99999EPSS
Exploits78
The Hacker News
The Hacker News
•added 2021/11/17 3:44 p.m.•277 views

U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities...

10CVSS9.3AI score0.99999EPSS
Exploits39
hivepro
hivepro
•added 2021/08/24 10:35 a.m.•876 views

ProxyShell and PetitPotam exploits weaponized by LockFile Ransomware Group

THREAT LEVEL: Red. For a detailed advisory, download the pdf file here. LockFile, a new ransomware gang, has been active since last week. LockFile began by using a publicly disclosed PetitPotam exploit CVE-2021-36942 to compromise Windows Domain Controllers earlier this week. Using ProxyShell...

10CVSS0.5AI score0.99999EPSS
Exploits22
Malwarebytes
Malwarebytes
•added 2021/08/23 1:21 p.m.•728 views

Patch now! Microsoft Exchange is being attacked via ProxyShell

Last Saturday the Cybersecurity and Infrastructure Security Agency issued an urgent warning that threat actors are actively exploiting three Microsoft Exchange vulnerabilities—CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. These vulnerabilities can be chained together to remotely execute...

10CVSS9.8AI score0.99999EPSS
Exploits18
CISA
CISA
•added 2021/08/21 12:0 a.m.•136 views

Urgent: Protect Against Active Exploitation of ProxyShell Vulnerabilities

Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207. An attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable...

10CVSS2.8AI score0.99999EPSS
In wildExploits18References4
Packet Storm
Packet Storm
•added 2021/08/20 12:0 a.m.•1031 views

Microsoft Exchange ProxyShell Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'winrm' class MetasploitModule 'Microsoft Exchange ProxyShell RCE', 'Description' = %q This module exploit a vulnerability on Microsoft Exchange Server that allo...

10CVSS0.3AI score0.99999EPSS
Exploits18
GithubExploit
GithubExploit
•added 2021/08/16 11:27 a.m.•28 views

Exploit for Server-Side Request Forgery in Microsoft

CVE-2021-34473 CVE-2021-34473 Microsoft Exchange Server Remote...

10CVSS7.9AI score0.99999EPSS
Exploits16
GithubExploit
GithubExploit
•added 2021/08/10 3:1 p.m.•495 views

Exploit for Server-Side Request Forgery in Microsoft

Proxyshell-Scanner nuclei scanner for Proxyshell RCE CVE-2021...

10CVSS8.8AI score0.99999EPSS
Exploits17
NVD
NVD
•added 2021/07/14 6:15 p.m.•35 views

CVE-2021-34473

Microsoft Exchange Server Remote Code Execution Vulnerability...

10CVSS0.99999EPSS
Exploits16References4
CVE
CVE
•added 2021/07/14 5:54 p.m.•2411 views

CVE-2021-34473

CVE-2021-34473 is part of the ProxyShell chain affecting on-premises Microsoft Exchange Server. The vulnerability arises from pre-auth path confusion that bypasses ACLs, enabling pre-auth remote code execution when combined with CVE-2021-34523 and CVE-2021-31207 in the same exploit chain. Exploit...

10CVSS9.8AI score0.99999EPSS
In wildExploits16References4Affected Software1
Check Point Advisories
Check Point Advisories
•added 2021/07/14 12:0 a.m.•18 views

Microsoft Exchange Server Remote Code Execution (CVE-2021-34473; CVE-2021-34523)

A remote code execution vulnerability exists in Microsoft Exchange. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

10CVSS5.8AI score0.99999EPSS
Exploits17
ATTACKERKB
ATTACKERKB
•added 2021/07/14 12:0 a.m.•439 views

ProxyShell Exploit Chain

Microsoft Exchange Server Remote Code Execution Vulnerability Recent assessments: ccondon-r7 at August 12, 2021 9:19pm UTC reported: Check out the Rapid7 analysis for details on the exploit chain. Seems like a lot of the PoC implementations so far are using admin mailboxes, but I’d imagine folks...

10CVSS8.7AI score0.99999EPSS
In wildExploits18References10
MSRC
MSRC
•added 2021/04/13 7:0 a.m.•57 views

April 2021 Update Tuesday packages now available

Update August 25, 2021: Microsoft strongly recommends that you update your servers with the most recent security updates available. CVE-2021-34473 ProxyShell CVE-2021-34523 ProxyShell CVE-2021-33766 Today is Update Tuesday – our commitment to provide a predictable monthly schedule to release...

10CVSS6.9AI score0.99999EPSS
Exploits19
Circl
Circl
•added 2021/04/13 5:0 a.m.•10 views

CVE-2021-34473

creationtimestamp| type| source ---|---|--- 2021-04-13 05:00:00+00:00| seen| https://msrc.microsoft.com/blog/2021/04/april-2021-update-tuesday-packages-now-available/ 2021-07-14 16:59:39+00:00| seen| https://t.me/truesecator/1917 2021-07-15 10:13:10+00:00| seen|...

10CVSS8.3AI score0.99999EPSS
In wildExploits16References51
Rows per page
Query Builder