8 matches found
CISA calls for urgent action against critical threats
In a CISA Insights bulletin the Cybersecurity & Infrastructure Security Agency CISA warns that every organization in the United States is at risk from cyber threats that can disrupt essential services and potentially result in impacts to public safety. The warning specifically reminds readers of...
A week in security (August 30 – September 5)
Last week on Malwarebytes Labs ProxyToken: another nail-biter from Microsoft Exchange Macs turn on apps signed by Symantec, treat them as malware Google Play sign-ins can be abused to track another person’s movements FTC bans SpyFone and its CEO from continuing to sell stalkerware BrakTooth...
This Week in Security News - September 3, 2021
Proxytoken vulnerability can modify Exchange server configs and Lockbit jumps its own countdown, publishes Bangkok Air files...
Exploit for CVE-2021-33766
POC Exploit CVE-2021-33766 ProxyToken POC Exploit for CVE-...
ProxyToken: Another nail-biter from Microsoft Exchange
Had I known this season of Microsoft Exchange was going to be so long Id have binge watched. Does anyone know how many episodes there are? Sarcasm aside, while ProxyToken may seem like yet another episode of 2021s longest running show, that doesn’t make it any less serious, or any less...
New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure Mailboxes
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information PII. The issue, tracked as...
Microsoft Exchange ‘ProxyToken’ Bug Allows Email Snooping
A serious security vulnerability in Microsoft Exchange Server that researchers have dubbed ProxyToken could allow an unauthenticated attacker to access and steal emails from a target’s mailbox. Microsoft Exchange uses two websites; one, the front end, is what users connect to in order to access...
CVE-2021-33766 ProxyToken
Microsoft Exchange Server Information Disclosure Vulnerability Recent assessments: NinjaOperator at August 30, 2021 4:59pm UTC reported: An unauthenticated actor can perform configuration actions on mailboxes belonging to arbitrary users. Which can be used to copy all emails addressed to a target...