Found 18 bookmarks
Newest
The ticking time bomb of Microsoft Exchange Server 2013
The ticking time bomb of Microsoft Exchange Server 2013
I monitor (in an amateur, clueless way) ransomware groups in my spare time, to see what intelligence can be gained from looking at victim orgs and what went wrong. Basically, I’m a giant big dork with too much free time. I’ve discovered two organisations with ransomware incidents, where the entry point appears to have been Exchange Server 2013 with Outlook Web Access enabled, where all available security updates were applied.
#doublepulsar#EN#2023#analysis#ransomware#Microsoft-Exchange#Exchange-Server2013#risk
·medium.com·
The ticking time bomb of Microsoft Exchange Server 2013
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.
#securelist#EN#2022#DLL-hijacking#Malware-Descriptions#Microsoft-Exchange#Trojan#Vulnerabilities-and-exploits#Zero-day#CVE-2022-41040#CVE-2022-41082#analysis
·securelist.com·
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
At the end of September, GTSC reported the finding of two 0-day vulnerabilities in Microsoft Exchange Server, CVE-2022-41040 and CVE-2022-41082. The cybersecurity community dubbed the pair of vulnerabilities ProxyNotShell.
#securelist#EN#2022#DLL-hijacking#Malware-Descriptions#Microsoft-Exchange#Trojan#Vulnerabilities-and-exploits#Zero-day#CVE-2022-41040#CVE-2022-41082#analysis
·securelist.com·
CVE-2022-41040 and CVE-2022-41082 – zero-days in MS Exchange
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday. We understand their situation and agree to extend the deadline.
#devco.re#EN#2022#CVE-2021-26414#CVE-2022-21979#Exchange#Microsoft-Exchange#ProxyRelay
·devco.re·
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
Hi, this is a long-time-pending article. We could have published this article earlier (the original bug was reported to MSRC in June 2021 with a 90-days Public Disclosure Policy). However, during communications with MSRC, they explained that since this is an architectural design issue, lots of code changes and testings are expected and required, so they hope to resolve this problem with a one-time CU (Cumulative Update) instead of the regular Patch Tuesday. We understand their situation and agree to extend the deadline.
#devco.re#EN#2022#CVE-2021-26414#CVE-2022-21979#Exchange#Microsoft-Exchange#ProxyRelay
·devco.re·
A New Attack Surface on MS Exchange Part 4 - ProxyRelay!
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
#gteltsc.vn#EN#2022#Microsoft-Exchange#Exchange#0-day#RCE#vulnerability#campaign#IoCs
·gteltsc.vn·
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server
Circa the beginning of August 2022, while doing security monitoring & incident response services, GTSC SOC team discovered that a critical infrastructure was being attacked, specifically to their Microsoft Exchange application. During the investigation, GTSC Blue Team experts determined that the attack utilized an unpublished Exchange security vulnerability, i.e., a 0-day vulnerability, thus immediately came up with a temporary containment plan.
#gteltsc.vn#EN#2022#Microsoft-Exchange#Exchange#0-day#RCE#vulnerability#campaign#IoCs
·gteltsc.vn·
Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server