Rackspace Hosted Exchange outage was caused by ransomware

Rackspace has finally confirmed the cause of the ongoing outage of its Hosted Exchange service: it’s ransomware. “As you know, on Friday, December 2nd, 2022, we became aware of suspicious activity and immediately took proactive measures to isolate the Hosted Exchange environment to contain the incident. We have since determined this suspicious activity was the […]

Continue Reading

PoC exploit code for ProxyNotShell Microsoft Exchange bugs released online

Proof-of-concept exploit code for two actively exploited Microsoft Exchange ProxyNotShell flaws released online. Proof-of-concept exploit code has been released online for two actively exploited vulnerabilities in Microsoft Exchange, known as ProxyNotShell. The two flaws are: CVE-2022-41040 – Microsoft Exchange Server Elevation of Privilege Vulnerability CVE-2022-41082 – Microsoft Exchange Server Remote Code Execution Vulnerability they impact Exchange Server […]

Continue Reading

Advanced threat predictions for 2023

It is fair to say that since last year’s predictions, the world has dramatically changed. While the geopolitical landscape has durably shifted, cyberattacks remain a constant threat and show no signs of receding – quite the contrary. No matter where they are, people around the world should be prepared for cybersecurity incidents. A useful exercise […]

Continue Reading

Microsoft fixes many zero-days under attack

November 2022 Patch Tuesday is here, with fixes for many vulnerabilities actively exploited in the wild, including CVE-2022-41091, a Windows Mark of the Web bypass flaw, and the ProxyNotShell MS Exchange vulnerabilities. Fixes to prioritize CVE-2022-41091 is a Windows zero-day vulnerability that allows attackers to bypass the Mark of the Web (MOTW) security feature. They […]

Continue Reading

Microsoft mitigations for recently disclosed Exchange zero-days can be easily bypassed

The mitigation shared by Microsoft for the two recently disclosed Exchange zero-day vulnerabilities can be bypassed, expert warns. Last week, Microsoft confirmed that two zero-day vulnerabilities in Microsoft Exchange recently disclosed by researchers at cybersecurity firm GTSC are being actively exploited in the wild. The first flaw, tracked as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) issue. […]

Continue Reading

MS Exchange zero-days: The calm before the storm?

CVE-2022-41040 and CVE-2022-41082, the two exploited MS Exchange zero-days that still have no official fix, have been added to CISA’s Known Exploited Vulnerabilities (KEV) Catalog. But mitigating the risk of exploitation until patches are ready will require patience and doggedness, as Microsoft is still revising its advice to admins and network defenders, and still working […]

Continue Reading

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)

Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About […]

Continue Reading