News

Latest news about B2B cyber security >>> PR agencies: add us to your mailing list - see contact! >>> Book an exclusive PartnerChannel for your news!

Tag: Exchange Server

Patches for 75 vulnerabilities
25. February 2023
| No comments
| Short news
B2B Cyber ​​Security ShortNews

The February 2023 Patchday release contains patches for 75 CVEs - nine rated critical and 66 rated important. Also included: Elevation of rights error in Windows, circumvention of security functions in Microsoft Office or security gaps in Microsoft Exchange Server. This month Microsoft fixed three zero-day vulnerabilities exploited by attackers in the wild, including two elevation of privilege bugs and one security feature bypass bug. CVE-2023-23376 Microsoft has patched CVE-2023-23376, an elevation of privilege bug in the Common Log File System (CLFS) driver. Its discovery will bring researchers at the Microsoft Threat Intelligence Center (MSTIC)…

Read more

Exchange Server vulnerabilities: Here's what's behind them
5 October 2022
| No comments
| Short news, Sophos
SophosNews

A few days ago, two new Microsoft Exchange Server vulnerabilities became known and are being actively exploited in a series of targeted attacks. Microsoft cannot yet offer a patch for the vulnerabilities - only a customer guide. The first vulnerability, CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability that essentially opens the door for attackers to gain access to the Exchange Server. The second vulnerability, CVE_2022-41082, allows remote code execution (RCE) via PowerShell once on the server. The Vietnamese company GTSC also has various information about…

Read more

Double attack via vulnerable Exchange servers 
24. February 2022
| No comments
| PR News, Sophos
Double attack via vulnerable Exchange servers

SophosLabs is investigating the use of the Squirrelwaffle malware "distribution station" in combination with social engineering. There was a double attack: malware droppers and financial fraud ran through the same vulnerable Exchange Server. An incident guide for security teams at organizations impacted by Squirrelwaffle. In a recent article, the Sophos Rapid Response Team describes a case where Squirrelwaffle malware exploited a vulnerable Exchange server to distribute malicious spam through hijacked email threads. At the same time, an email thread was stolen by the attackers in order to trick unsuspecting users into transferring money. Combination of Squirrelwaffle, ProxyLogon and ProxyShell The…

Read more

© 2024 MedPressIT GbR
Cookie Settings