Security
Headlines
HeadlinesLatestCVEs

Tag

#microsoft

CVE-2022-41082

Microsoft Exchange Server Remote Code Execution Vulnerability.

CVE
#vulnerability#microsoft#rce
NK Hackers Lacing Legit Software with Malware

By Waqas The hacker group is called ZINC, and its primary targets are organizations in the aerospace, media, IT services, and defense sectors. This is a post from HackRead.com Read the original post: NK Hackers Lacing Legit Software with Malware

Why (almost) everything we told you about passwords was wrong

Categories: News Sorry. (Read more...) The post Why (almost) everything we told you about passwords was wrong appeared first on Malwarebytes Labs.

Chinese Hackers Hiding Malware in Windows Logo

By Waqas Going by the name of Witchetty; the hacker group is targeting countries in Africa and the Middle East. This is a post from HackRead.com Read the original post: Chinese Hackers Hiding Malware in Windows Logo

Microsoft Exchange Server Has a Zero-Day Problem

Plus: CIA failures allegedly got US informants killed, a former NSA worker is charged under the Espionage Act, and more.

State-Sponsored Hackers Likely Exploited MS Exchange 0-Days Against ~10 Organizations

Microsoft on Friday disclosed that a single activity group in August 2022 achieved initial access and breached Exchange servers by chaining the two newly disclosed zero-day flaws in a limited set of attacks aimed at less than 10 organizations globally. "These attacks installed the Chopper web shell to facilitate hands-on-keyboard access, which the attackers used to perform Active Directory

Worried About the Exchange Zero-Day? Here's What to Do

While organizations wait for an official patch for the two zero-day flaws in Microsoft Exchange, they should scan their networks for signs of exploitation and apply these mitigations.

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. While no fixes or patches are available yet, Microsoft has provided mitigations for on-premises Microsoft Exchange users on Sept. 29, 2022. Even organizations that use Exchange Online may still be affected if they run a hybrid server. Cisco Talos is closely monitoring the recent reports of exploitation attempts against these vulnerabilities and strongly recommends users implement mitigation steps while waiting for securit...

Threat Roundup for September 23 to September 30

Talos is publishing a glimpse into the most prevalent threats we've observed between Sept. 23 and Sept. 30.