Security News

Feds also said the biz sucked at policing transactions for suspicious activity – as if! Bittrex will cough up $53 million after being accused of flouting US sanctions and breaking federal money...

Let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August. A month later, Zero Day Initiative purchased the bugs and disclosed them to Microsoft.

Lockbit ransomware affiliates are encrypting victims via Microsoft Exchange servers hacked using exploits targeting unpatched vulnerabilities. In at least one such incident from July 2022, the attackers used a previously deployed web shell on a compromised Exchange server to escalate privileges to Active Directory admin, steal roughly 1.3 TB of data, and encrypt network systems.

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".

Microsoft has updated the mitigations for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.Reported privately to Microsoft three weeks ago, CVE-2022-41040 is a server-side request forgery that enables privilege escalation and works with CVE-2022-41082 to trigger remote code execution on on-premise Exchange server deployments.

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year.

Scammers are impersonating security researchers to sell fake proof-of-concept ProxyNotShell exploits for newly discovered Microsoft Exchange zero-day vulnerabilities. Last week, Vietnamese cybersecurity firm GTSC disclosed that some of their customers had been attacked using two new zero-day vulnerabilities in Microsoft Exchange.

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution.

CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA's Known Exploited Vulnerabilities Catalog. Mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working on the patches.

Introducing the book: Project Zero TrustIn this Help Net Security video interview, George Finney, CSO at Southern Methodist University, talks about his latest book - "Project Zero Trust: A Story about a Strategy for Aligning Security and the Business". How the CIO's relationship to IT security is changingIn this Help Net Security video, Joe Leonard, CTO at GuidePoint Security, illustrates how the role of the CIO is changing as cybersecurity priorities and responsibilities are creeping into the job description.