Security News > 2022 > October > Fake Microsoft Exchange ProxyNotShell exploits for sale on GitHub
Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities.
Last week, Vietnamese cybersecurity firm GTSC disclosed that some of their customers had been attacked using two new zero-day vulnerabilities in Microsoft Exchange.
To take advantage of this lull before the storm, a scammer has begun creating GitHub repositories where they attempt to sell fake proof-of-concept exploits for the Exchange CVE-2022-41040 and CVE-2022-41082 vulnerabilities.
Huntress Lab's John Hammond has been following these scammers, finding five now-removed accounts attempting to sell the phony exploits.
Another scam account found by Paulo Pacheco impersonated Kevin Beaumont, a well-known security researcher/professional who has been documenting the new Exchange vulnerabilities and available mitigations.
These vulnerabilities are worth far more than $400, with Zerodium offering at least $250,000 for Microsoft Exchange remote code execution zero days.
News URL
Related news
- VEILDrive Attack Exploits Microsoft Services to Evade Detection and Distribute Malware (source)
- Microsoft Exchange adds warning to emails abusing spoofing flaw (source)
- Microsoft pulls Exchange security updates over mail delivery issues (source)
- Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint (source)
- Microsoft re-releases Exchange updates after fixing mail delivery (source)
- 390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits (source)
- Attackers Exploit Microsoft Teams and AnyDesk to Deploy DarkGate Malware (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-10-03 | CVE-2022-41082 | Deserialization of Untrusted Data vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |
2022-10-03 | CVE-2022-41040 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 0.0 |