Security News

Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. An attacker can exploit the vulnerability by crafting a request to web services within the Exchange Control Panel application and steal messages from a victim's inbox.

CISA is warning about a surge of ProxyShell attacks, as Huntress discovered 140 webshells launched against 1,900 unpatched Microsoft Exchange servers. Over the weekend, the Cybersecurity & Infrastructure Security Agency issued an urgent alert that attackers are actively attacking ProxyShell vulnerabilities in unpatched Microsoft Exchange Servers, joining researchers in urging organizations to immediately install the latest Microsoft Security Update.

The US Cybersecurity and Infrastructure Security Agency issued its first alert tagged as "Urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities. "Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207," CISA warned over the weekend.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution.

The U.S. Cybersecurity and Infrastructure Security Agency is warning of active exploitation attempts that leverage the latest line of "ProxyShell" Microsoft Exchange vulnerabilities that were patched earlier this May, including deploying LockFile ransomware on compromised systems.Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, the vulnerabilities enable adversaries to bypass ACL controls, elevate privileges on the Exchange PowerShell backend, effectively permitting the attacker to perform unauthenticated, remote code execution.

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of an attack consisting of three chained Microsoft Exchange vulnerabilities that result in unauthenticated, remote code execution.

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. ProxyShell is the name of an attack consisting of three chained Microsoft Exchange vulnerabilities that result in unauthenticated, remote code execution.

Important Notice: We are sorry to announce that #LiquidGlobal warm wallets were compromised, we are moving assets into the cold wallet. In a cold wallet setup, the files that constitute your cryptocoin stash are inaccessible to malware or hackers who manage to wriggle into your computer, thanks to being kept offline, and unusable in the event of an intruder in your house finding the storage device on which you stashed them, thanks to being encrypted.

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Liquid is one of the largest cryptocurrency-fiat exchange platforms worldwide.

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. Liquid is one of the largest cryptocurrency-fiat exchange platforms worldwide.