Security News

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed "ProxyShell." At least 30,000 machines are affected by the vulnerabilities, according to a Shodan scan performed by Jan Kopriva of SANS Internet Storm Center.

Threat actors are actively carrying out opportunistic scanning and exploitation of Exchange servers using a new exploit chain leveraging a trio of flaws affecting on-premises installations, making them the latest set of bugs after ProxyLogon vulnerabilities were exploited en masse at the start of the year. The remote code execution flaws have been collectively dubbed "ProxyShell." At least 30,000 machines are affected by the vulnerabilities, according to a Shodan scan performed by Jan Kopriva of SANS Internet Storm Center.

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.

Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution.

The Security Service of Ukraine took down a network of cryptocurrency exchanges used to anonymize transactions since the beginning of 2021. "The clandestine cryptocurrency exchanges were in demand because they provided anonymity of transactions and possibility of money laundering," the SBU said.

Tens of thousands of internet-exposed Microsoft Exchange servers appear to be affected by the ProxyShell vulnerabilities, and they could get compromised at any moment considering that threat actors are already scanning the web for vulnerable devices. ProxyShell is the name given to a series of vulnerabilities - CVE-2021-34473, CVE-2021-34523 and CVE-2021-31207 - that can be chained for unauthenticated remote code execution, allowing an attacker to take complete control of an Exchange server.

Organizations have been warned that hackers have started scanning the internet for Microsoft Exchange servers affected by a series of vulnerabilities that were disclosed by researchers last week. Orange Tsai, principal researcher at security consulting firm DEVCORE, discovered that Microsoft Exchange servers are affected by three vulnerabilities that can be exploited by unauthenticated attackers for remote code execution.

Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together.

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan on compromised systems. Attributing the intrusions to a threat actor named PKPLUG, Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers.

Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Threat actors used similar tactics to those exposed recently in the Hafnium zero-day attacks - which were recently blamed on China and condemned by the White House - that exploited ProxyLogon vulnerabilities in Microsoft Exchange Servers to gain access to the targeted networks, according to the report.