The administration of the GitHub service has removed a real working exploit for the ProxyLogon vulnerabilities in Microsoft Exchange, though information security specialists have sharply criticized GitHub. Yesterday we wrote that an independent information security researcher from Vietnam published on GitHub the first real PoC exploit for a serious set of ProxyLogon vulnerabilities recently discovered… Continue reading GitHub removed ProxyLogon exploit and has been criticized
Author: Vladimir Krasnogolovy
Vladimir is a technical specialist who loves giving qualified advices and tips on GridinSoft's products. He's available 24/7 to assist you in any question regarding internet security.
Researcher Published PoC Exploit for ProxyLogon Vulnerabilities in Microsoft Exchange
An independent information security researcher from Vietnam has presented a PoC exploit for ProxyLogon vulnerabilities in Microsoft Exchange, whose viability has already been confirmed by such well-known experts. Last week, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail server. Four patches united by the name ProxyLogon. In fact, these vulnerabilities can… Continue reading Researcher Published PoC Exploit for ProxyLogon Vulnerabilities in Microsoft Exchange
Hackers gained access to surveillance cameras in Tesla, Cloudflare and banks
Bloomberg reports that some hackers have gained access to surveillance cameras installed in Tesla, Equinox, medical clinics, prisons and banks. In addition to the images from the cameras, the hackers published screenshots proving that they had direct access to the surveillance systems installed at the headquarters of Cloudflare and Telsa. The group’s operation took place… Continue reading Hackers gained access to surveillance cameras in Tesla, Cloudflare and banks
Hackers attacked Microsoft Exchange servers of the European Banking Authority
Hackers attacked the servers of the Microsoft Exchange European Banking Authority (EBA). Due to the attack, EBA had to temporarily shut down its mail systems as a precaution. EBA launched an investigation of the incident in partnership with its information and communications technology provider, a group of information security experts and other relevant organizations. The… Continue reading Hackers attacked Microsoft Exchange servers of the European Banking Authority
Expert intercepted windows.com traffic using bitsquatting
An independent expert known as Remy discovered that Microsoft domains were not protected against bitsquatting and intercepted windows.com traffic. The expert conducted his experiments on the example of the windows.com domain, which can turn, for example, into windnws.com or windo7s.com in case of a bit flip. The term Bitsquatting refers to a type of cybersquatting… Continue reading Expert intercepted windows.com traffic using bitsquatting
The expert told how he hacked into a nuclear power plant
Charles Hamilton, the chief security expert of the SpiderLabs team from the information security company Trustwave, described how he hacked into a nuclear power plant. In cybersecurity, the worst-case scenario is hackers taking control of critical infrastructure. In this scenario, cybercriminals or hackers working for a country’s government can use their exploits to endanger people’s… Continue reading The expert told how he hacked into a nuclear power plant
Microsoft has released emergency patches for Exchange
Microsoft has released emergency patches for four 0-day vulnerabilities found in the code of the Exchange mail server (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065). The company warned that Chinese hackers from the Hafnium group are already exploiting these problems. For starting the attack, hackers only need to gain access to the local Microsoft Exchange server on… Continue reading Microsoft has released emergency patches for Exchange
Full-fledged exploits detected for Specter vulnerability
French cybersecurity specialist Julien Voisin reported that in early February 2021, someone uploaded exploits for the Specter vulnerability to VirusTotal. This is the first time that a “combat” exploit for this problem has become publicly available. As a reminder, the original Specter issue was discovered in 2018 along with the Meltdown bug. These fundamental flaws… Continue reading Full-fledged exploits detected for Specter vulnerability
Hackers used Firefox extension to hack Gmail
Proofpoint discovered a campaign in which hackers used a Firefox extension to hack Gmail. The attacks were linked to the Chinese group TA413. According to the researchers, the campaign was active from January to February 2021. Hackers attacked Tibetan organizations around the world using a malicious Firefox extension that steals Gmail and Firefox data and… Continue reading Hackers used Firefox extension to hack Gmail
In LastPass for Android found seven built-in trackers
German cybersecurity expert Mike Kuketz noticed that the LastPass Android app has seven trackers that monitor users. The researcher builds his findings on the report of the non-profit organization Exodus, which is described as an initiative “led by hacktivists, the goal of which is to help people understand the problems of tracking in Android applications.”… Continue reading In LastPass for Android found seven built-in trackers