The Cisco security researchers informed recently that another threat actors organization is targeting the Microsoft Exchange Server vulnerabilities to disseminate the ransomware “Babuk”, and to do so, they have not reinforced the ProxyShell vulnerability. The ProxyShell is a general term for 3 Exchange Server vulnerabilities that have:- CVE-2021-34473 CVE-2021-34523 CVE-2021-31207 However, all these 3 exchange […]
The Microsoft exchange servers were hacked by a very new ransomware gang that is known as LockFile. According to the cyber security expert, this ransomware gang has appeared in July 2021. However, the main motive of this ransomware is to encrypt Windows domains soon after hacking into Microsoft Exchange servers, and this they do with […]
In a security alert, Microsoft released a guidance to prevent the exploitation of the three vulnerabilities that integer ProxyShell, which reside in Exchange deployments. Recently reported, these three flaws were discovered by researcher Orange Tsai and addressed in May. During her presentation at the Pwn2Own hacking event, Orange Tsai demonstrated the commitment of a vulnerable […]
Researchers report the detection of multiple attempts to exploit ProxyShell, a set of remote code execution flaws in Microsoft Exchange disclosed during the Black Hat cybersecurity conference. ProxyShell consists of three vulnerabilities that unauthenticated remote threat actors could chain together to execute malicious code in affected Exchange deployments. The following describes the three flaws that […]
In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Of the 114 flaws, 19 are rated as Critical, 88 are rated Important, and one is rated Moderate in severity. Chief among them is […]
A group of cybersecurity specialists published a proof of concept (PoC) for exploiting a set of ProxyLogon vulnerabilities that reside on Microsoft Exchange servers. These flaws would have already been exploited by threat actors in the wild, although public disclosure of a proof of concept could increase cases of active exploitation. Those responsible for this […]