Security News

Exchange Server downtime may occur at any point in time due to several reasons, such as malware attack, server crash, database corruption, and hardware or software-related issues/incompatibility. Exchange Server downtime is inevitable, especially when your organization relies on a standalone on-premises Exchange server.

In his Black Hat presentation last week, Devcore principal security researcher Orange Tsai said that a survey shows more than 400,000 Exchange servers on the internet that are exposed to the attack via port 443. Breakdown of Exchange servers on Shodan vulnerable to ProxyShell or ProxyLogon, it's just under 50% of internet facing Exchange servers.

Threat actors have started exploiting the recently disclosed Microsoft Exchange Server vulnerabilities to deliver web shells that give them access to the compromised system. Orange Tsai, principal researcher at security consulting firm DEVCORE, recently disclosed the details of three Exchange vulnerabilities that can be exploited by remote, unauthenticated attackers to take control of vulnerable servers.

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed "ProxyShell." At least 30,000 machines are affected by the vulnerabilities, according to a Shodan scan performed by Jan Kopriva of SANS Internet Storm Center.

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed "ProxyShell." At least 30,000 machines are affected by the vulnerabilities, according to a Shodan scan performed by Jan Kopriva of SANS Internet Storm Center.

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.

The Security Service of Ukraine took down a network of cryptocurrency exchanges used to anonymize transactions since the beginning of 2021. "The clandestine cryptocurrency exchanges were in demand because they provided anonymity of transactions and possibility of money laundering," the SBU said.

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. ProxyShell is the name given to a series of vulnerabilities - CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207 - that can be chained for unauthenticated remote code execution, allowing an attacker to take complete control of an Exchange server.

Organizations have been warned that hackers have started scanning the internet for Microsoft Exchange servers affected by a series of vulnerabilities that were disclosed by researchers last week. Orange Tsai, principal researcher at security consulting firm DEVCORE, discovered that Microsoft Exchange servers are affected by three vulnerabilities that can be exploited by unauthenticated attackers for remote code execution.