exchange server
Microsoft Exchange vulnerability actively exploited
One of Microsoft’s Patch Tuesday fixes has flipped from “Likely to be Exploited” to “Exploitation Detected”.
Read moreObserving OWASSRF Exchange Exploitation… still
Credit to Author: Angela Gunn| Date: Wed, 15 Mar 2023 16:45:56 +0000
ProxyNotShell continues to make waves as November 2022 fixes fail to contain SSRF tactic
Read moreTwo Exchange Server vulns veer dangerously close to ProxyShell
Credit to Author: Angela Gunn| Date: Mon, 03 Oct 2022 22:03:02 +0000
A chained pair of vulnerabilities, plus PowerShell, affects the Microsoft messaging platform well in advance of Patch Tuesday; Sophos customers are protected
Read moreAnalyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082
Credit to Author: Katie McCafferty| Date: Sat, 01 Oct 2022 04:21:00 +0000
MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.
The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog.
Read moreMalicious OAuth applications abuse cloud email services to spread spam
Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 22 Sep 2022 16:00:00 +0000
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange Online service to launch spam runs.
The post Malicious OAuth applications abuse cloud email services to spread spam appeared first on Microsoft Security Blog.
Read moreMalicious OAuth applications used to compromise email servers and spread spam
Credit to Author: Microsoft 365 Defender Threat Intelligence Team| Date: Thu, 22 Sep 2022 16:00:00 +0000
Microsoft discovered an attack where attackers installed a malicious OAuth application in compromised tenants and used their Exchange servers to launch spam runs.
The post Malicious OAuth applications used to compromise email servers and spread spam appeared first on Microsoft Security Blog.
Read moreYou only have nine months to ditch Exchange Server 2013
Credit to Author: Pieter Arntz| Date: Mon, 27 Jun 2022 19:51:07 +0000
Microsoft posted a reminder that Exchange Server 2013 is destined to reach end of support very, very soon.
The post You only have nine months to ditch Exchange Server 2013 appeared first on Malwarebytes Labs.
Read moreAvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI
Credit to Author: Pieter Arntz| Date: Mon, 21 Mar 2022 21:09:12 +0000
The AvosLocker ransomware as a service affiliates have been found to target multiple critical infrastructure sectors, using Exchange Server vulnerabilities.
The post AvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI appeared first on Malwarebytes Labs.
Read more‘Wormable’ Flaw Leads January 2022 Patch Tuesday
Credit to Author: BrianKrebs| Date: Tue, 11 Jan 2022 22:18:55 +0000
Microsoft today released updates to plug nearly 120 security holes in Windows and supported software. Six of the vulnerabilities were publicly detailed already, potentially giving attackers a head start in figuring out how to exploit them in unpatched systems. More concerning, Microsoft warns that one of the flaws fixed this month is “wormable,” meaning no human interaction would be required for an attack to spread from one vulnerable Windows box to another.
Read more