[HackerNews] Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems.
The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a

Source: Read More (The Hacker News)

You might be interested in …

[TheRecord] Researcher discloses iPhone lock screen bypass on iOS 15 launch day

On the day Apple released iOS 15, a Spanish security researcher disclosed an iPhone lock screen bypass that can be exploited to grant attackers access to a user’s notes. In an interview with The Record, Jose Rodriguez said he published details about the lock screen bypass after Apple downplayed similar lock screen bypass issues he reported […]

Read More

[ThreatPost] Microsoft Patches Actively Exploited Windows Zero-Day Bug

All posts, ThreatPost

On Patch Tuesday, Microsoft fixed 66 CVEs, including an RCE bug in MSHTML under active attack as threat actors passed around guides for the drop-dead simple exploit. Source: Read More (Threatpost)

Read More

Daily NCSC-FI news followup 2019-10-31

Breaches at NetworkSolutions, Register.com, and Web.com krebsonsecurity.com/2019/10/breaches-at-networksolutions-register-com-and-web-com/ Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed.. thehackernews.com/2019/10/domain-name-registrars-hacked.html How a months-old AMD microcode bug destroyed my weekend arstechnica.com/gadgets/2019/10/how-a-months-old-amd-microcode-bug-destroyed-my-weekend/ AMD shipped Ryzen 3000 with a serious microcode […]

Read More