Business Email Compromise, and its evil brother CEO Fraud, are both email based fraud attacks that seek to trick the victim into paying a fake invoice or transferring or diverting funds through some other kind of deception. Read on to learn how to protect your business from BEC Fraud. What is BEC fraud? Business EmailRead more
Blog
Details have emerged of (another) Exchange Server vulnerability, called ProxyToken, which allows an attacker to reconfigure an Exchange server remotely without needing to know any passwords. Reported by the Zero Day Initiative the vulnerability affects Exchange server versions 2013 through 2019: With this vulnerability, an unauthenticated attacker can perform configuration actions on mailboxes belonging toRead more
ProxyShell can be exploited to achieve a Remote Code Execution without needing to know any usernames or passwords for the targeted Exchange Server – security vulnerabilities do not come any worse than this. ProxyShell is easier to exploit than the ProxyLogon attacks that hit the headlines earlier this year, prompting CISA to issue their first everRead more
The April security patch bundle from Microsoft resolves 108 vulnerabilities, 19 of them Critical and 5 are zero-day with one already under active attack. The majority of the remote code execution vulnerabilities fixed this month are in the Windows Remote Procedure Call Runtime. 27 Critical or Important vulnerabilities have been resolved in this software thatRead more
Microsoft has released an easy to install one-click mitigation tool for the critical Exchange security vulnerability known as ProxyLogon as the NCSC issues an urgent alert to UK firms. The Hafnium/Proxylogon attack against Microsoft Exchange servers worldwide is escalating. Security researchers at Checkpoint report a 10 fold increase in daily attacks against Exchange e-mail serversRead more
Microsoft has updated their Microsoft Safety Scanner (MSERT) tool so that it detects Web Shells installed on your Exchange servers through the ProxyLogon vulnerability. Last week Microsoft issued emergency patches to address four zero-day exploits that were being exploited by the Hafnium group. Since the disclosures, criminal groups have been targeting Microsoft Exchange Servers aroundRead more
Microsoft has released a patch to a remote code execution vulnerability in Exchange server which is being actively targeted. CVE-2020-0688 is a flaw in the installation procedure resulting in all Exchange Servers using the same cryptographic keys for ASP.NET ViewState data. A detailed write-up by the Zero Day Initiative demonstrates the flaw in action. In summary:Read more
LightNeuron is a backdoor specifically designed to target Microsoft Exchange mail servers. It permits attackers to read and reroute all email passing through the server and execute commands on the server hidden in incoming email attachments. A recent paper published by ESET describes how the malware functions and the risks it poses. The researcher says:Read more
