Security News > 2021 > August > ProxyShell Attacks Pummel Unpatched Exchange Servers
CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers.
Over the weekend, the Cybersecurity & Infrastructure Security Agency issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Security Update.
Security researchers at Huntress reported seeing ProxyShell vulnerabilities being actively exploited throughout the month of August to install backdoor access once the ProxyShell exploit code was published on Aug. 6.
Starting Friday night, Huntress reported a "Surge" in attacks after finding 140 webshells launched against 1,900 unpatched Exchange servers.
ProxyShell attacks were first publicly documented at Black Hat in early August by Devcore researcher Orange Tsai.
Many servers remain unpatched against ProxyShell attacks.
News URL
https://threatpost.com/proxyshell-attacks-unpatched-exchange-servers/168879/
Related news
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Apache Tomcat Vulnerability CVE-2024-56337 Exposes Servers to RCE Attacks (source)
- Over 3 million mail servers without encryption exposed to sniffing attacks (source)