Security News > 2021 > March > ProxyLogon PoC Exploit Released; Likely to Fuel More Disruptive Cyber Attacks
While there is no concrete explanation for the widespread exploitation by so many different groups, speculations are that the adversaries shared or sold exploit code, resulting in other groups being able to abuse these vulnerabilities, or that the groups obtained the exploit from a common seller.
For its part, the Dutch Institute for Vulnerability Disclosure reported Tuesday that it found 46,000 servers out of 260,000 globally that were unpatched against the heavily exploited ProxyLogon vulnerabilities.
"Interestingly, all of them are APT groups focused on espionage, except one outlier that seems related to a known coin-mining campaign. It is still unclear how the distribution of the exploit happened, but it is inevitable that more and more threat actors, including ransomware operators, will have access to it sooner or later."
Complicating the situation further is the availability of what appears to be the first functional public proof-of-concept exploit for the ProxyLogon flaws despite Microsoft's attempts to take down exploits published on GitHub over the past few days.
"I've confirmed there is a public PoC floating around for the full RCE exploit chain," security researcher Marcus Hutchins said.
While the researchers deliberately decided to omit critical PoC components, the development has also raised concerns that the technical information could further accelerate the development of a working exploit, in turn triggering even more threat actors to launch their own attacks.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/RLLH3Q2VKfw/proxylogon-exchange-poc-exploit.html
Related news
- Xeon Sender Tool Exploits Cloud APIs for Large-Scale SMS Phishing Attacks (source)
- Cybercriminals exploit file sharing services to advance phishing attacks (source)
- BlackByte Ransomware Exploits VMware ESXi Flaw in Latest Attack Wave (source)
- Hacktivists Exploits WinRAR Vulnerability in Attacks Against Russia and Belarus (source)
- New PIXHELL Attack Exploits LCD Screen Noise to Exfiltrate Data from Air-Gapped Computers (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869) (source)
- Cybercriminals Exploit HTTP Headers for Credential Theft via Large-Scale Phishing Attacks (source)
- PoC exploit for exploited Ivanti Cloud Services Appliance flaw released (CVE-2024-8190) (source)
- Alert: Adobe Commerce and Magento Stores Under Attack from CosmicSting Exploit (source)