Security News > 2021 > August > ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
Over the weekend, the Cybersecurity & Infrastructure Security Agency issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Security Update.
Security researchers at Huntress reported seeing ProxyShell vulnerabilities being actively exploited throughout the month of August to install backdoor access once the ProxyShell exploit code was published on Aug. 6.
Starting Friday night, Huntress reported a "Surge" in attacks after finding 140 webshells launched against 1,900 unpatched Exchange servers.
ProxyShell attacks were first publicly documented at Black Hat in early August by Devcore researcher Orange Tsai.
Many servers remain unpatched against ProxyShell attacks.
News URL
https://threatpost.com/proxyshell-attacks-unpatched-exchange-servers/168879/
Related news
- New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks (source)
- Cybercriminals Exploiting Docker API Servers for SRBMiner Crypto Mining Attacks (source)
- Exploit released for new Windows Server "WinReg" NTLM Relay attack (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)