Blog

A new report from HP’s Threat Research Blog provides details of an evasive Javascript loader that gets passed security tools 89% of the time. Remote Access Trojans (RATs) are a class of malware that is designed to gain persistent access to the target computer system, and by leveraging elevation of privilege vulnerabilities gain administrator rightsRead more

A flaw in the design of the Autodiscover protocol used to set-up email clients with Exchange Server can cause domain credentials to be sent in the clear to a server controlled by an attacker. The Microsoft Autodiscover protocol makes it easier for end users to configure their email client to connect to an Exchange ServerRead more

The September update for Microsoft Exchange includes a new security feature for on-premises servers – they can now automatically mitigate new vulnerabilities just like the cloud versions used by Office 365. The last 12 months have not been fun for Exchange administrators with a series of high-profile vulnerabilities affecting on-premise Exchange servers resulting in theRead more

Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception.  Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business EmailRead more

Details have emerged of (another) Exchange Server vulnerability, called ProxyToken, which allows an attacker to reconfigure an Exchange server remotely without needing to know any passwords. Reported by the Zero Day Initiative the vulnerability affects Exchange server versions 2013 through 2019: With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging toRead more

ProxyShell can be exploited to achieve a Remote Code Execution without needing to know any usernames or passwords for the targeted Exchange Server – security vulnerabilities do not come any worse than this. ProxyShell is easier to exploit than the ProxyLogon attacks that hit the headlines earlier this year, prompting CISA to issue their first everRead more

Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms. The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating.  Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail serversRead more

Microsoft has updated their Microsoft Safety Scanner (MSERT) tool so that it detects Web Shells installed on your Exchange servers through the ProxyLogon vulnerability. Last week Microsoft issued emergency patches to address four zero-day exploits that were being exploited by the Hafnium group.  Since the disclosures, criminal groups have been targeting Microsoft Exchange Servers aroundRead more

Microsoft has released a patch to a remote code execution vulnerability in Exchange server which is being actively targeted. CVE-2020-0688 is a flaw in the installation procedure resulting in all Exchange Servers using the same cryptographic keys for ASP.NET ViewState data.  A detailed write-up by the Zero Day Initiative demonstrates the flaw in action. In summary:Read more

LightNeuron is a backdoor specifically designed to target Microsoft Exchange mail servers. It permits attackers to read and reroute all email passing through the server and execute commands on the server hidden in incoming email attachments. A recent paper published by ESET describes how the malware functions and the risks it poses. The researcher says:Read more