Researchers at Huntress Labs estimate that over the past few days, about 2,000 Microsoft Exchange mail servers have been compromised and infected with backdoors, because their owners have not installed patches to fix ProxyShell vulnerabilities. Let me remind you that the vulnerabilities, which were collectively called ProxyShell, were discussed at the Black Hat conference in… Continue reading Over 2000 Exchange Servers Hacked Using ProxyShell Exploit
Tag: Microsoft Exchange servers
Hackers exploit ProxyShell vulnerabilities to install backdoors
Experts warn that hackers are attacking Microsoft Exchange servers, exploiting ProxyShell vulnerabilities, and installing backdoors on them for subsequent access. Let me remind you that the vulnerabilities, which are collectively called ProxyShell, were recently discussed at the Black Hat conference. ProxyShell combines three vulnerabilities that allow remote code execution without authentication on Microsoft Exchange servers.… Continue reading Hackers exploit ProxyShell vulnerabilities to install backdoors
GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
Prometei botnet attacks vulnerable Microsoft Exchange servers
Since the patches for ProxyLogon problems were still not installed, cybercriminals continue their activity, for example, the updated Prometei botnet attacks vulnerable Microsoft Exchange servers. Researchers from Cybereason Nocturnus discovered Prometei malware, which mines Monero cryptocurrency on vulnerable machines. In early March 2021, Microsoft engineers released unscheduled patches for four vulnerabilities in the Exchange mail… Continue reading Prometei botnet attacks vulnerable Microsoft Exchange servers
FBI removed web shells from vulnerable Microsoft Exchange servers without informing owners
The US Department of Justice reported that a court in early April granted the FBI special powers and the bureau removed web shells previously installed by hackers on vulnerable Exchange servers in the United States. The FBI also had the power to remove other malware (without notification of the server owners). The FBI did not… Continue reading FBI removed web shells from vulnerable Microsoft Exchange servers without informing owners
Hackers attack Microsoft Exchange servers on behalf of Brian Krebs
The well-known information security expert, journalist and author of the KrebsOnSecurity blog has repeatedly become a target for attacks and mockery of hackers. Now hackers are attack Microsoft Exchange servers with Proxylogon vulnerabilities on behalf of Brian Krebs. The fact is that Krebs is famous for his investigations and revelations, and over the long years… Continue reading Hackers attack Microsoft Exchange servers on behalf of Brian Krebs
Valak malware steals corporate data using Microsoft Exchange servers
Cyberreason Nocturnus experts said that the Valak bootloader discovered in 2019 now exploits vulnerabilities in Microsoft Exchange servers. It has become a full-fledged info-staler and attacks companies in the USA and Germany. Researchers write that in the last six months, the malware has received more than 20 updates and now poses a complete and independent… Continue reading Valak malware steals corporate data using Microsoft Exchange servers