Plus de 2000 serveurs Exchange suisses vulnérables à une faille
Environ 97’000 serveurs Exchange dans le monde sont potentiellement concernés par une faille permettant d'effe
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
ZDI-23-1578 | Zero Day Initiative
(0Day) Microsoft Exchange ChainedSerializationBinder Deserialization of Untrusted Data Remote Code Execution Vulnerability
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.
Throttling and Blocking Email from Persistently Vulnerable Exchange Servers to Exchange Online - Microsoft Community Hub
As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.
Russian Citizen Accused of Running Cryptocurrency Exchange Used by Criminals
The charges were part of an intensifying effort by federal law enforcement agencies, in conjunction with European partners, to combat international cryptocurrency schemes and illegal transactions.
Russian Citizen Accused of Running Cryptocurrency Exchange Used by Criminals
The charges were part of an intensifying effort by federal law enforcement agencies, in conjunction with European partners, to combat international cryptocurrency schemes and illegal transactions.
Russian founder of a cryptocurrency exchange known for funneling ransomware profits arrested
The arrest comes as the U.S. ramps up efforts to crack down on attempts by cybercriminals to use cryptocurrency to evade sanctions.
Russian founder of a cryptocurrency exchange known for funneling ransomware profits arrested
The arrest comes as the U.S. ramps up efforts to crack down on attempts by cybercriminals to use cryptocurrency to evade sanctions.
The OWASSRF + TabShell exploit chain
We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail
The OWASSRF + TabShell exploit chain
We see that one of our vulnerabilities is exploited in the wild Link. So we decided to public the detail analysis of our two bug chains. Any customer has enough information to mitigate these bugs. The vendor also released all patches a week ago. This blog post shares the detail
Rackspace Cloud Office suffers security breach
Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service. Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:
Rackspace Cloud Office suffers security breach
Thousands of small to medium size businesses are suffering as Rackspace have suffered a security incident on their Hosted Exchange service. Yesterday, 2nd December 2022, Rackspace announced an outage to their Hosted Exchange Server:
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday. We understand their situation and agree to extend the deadline.
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday. We understand their situation and agree to extend the deadline.
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
Malicious OAuth applications abuse cloud email services to spread spam
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.
The SessionManager IIS backdoor: a possibly overlooked GELSEMIUM artefact
In early 2022, we investigated an IIS backdoor called SessionManager. It has been used against NGOs, government, military and industrial organizations in Africa, South America, Asia, Europe, Russia and the Middle East.