Un nuovo malware sfrutta le vulnerabilità di Microsoft Exchange per il mining di criptovaluta
Il nuovo #malware, soprannominato “#ProxyShellMiner”, sfrutta le #vulnerabilità di #Microsoft Exchange #ProxyShell per distribuire minatori di #criptovaluta e trarre profitto dagli aggressori.
Gli aggressori rilasciano quindi il payload del #malware .NET nella cartella #NETLOGON del controller di dominio per garantire che tutti i dispositivi sulla #rete possano eseguire il #malware. Per attivarlo è necessario un parametro della riga di comando, che viene duplicato come password per il componente #XMRig #Miner.
#redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #cybersecurityawareness #cybersecuritytraining #cybersecuritynews #privacy #infosecurity
#malware #ProxyShellMiner #vulnerabilità #microsoft #ProxyShell #criptovaluta #Netlogon #rete #xmrig #miner #redhotcyber #informationsecurity #ethicalhacking #dataprotection #hacking #cybersecurity #cybercrime #CyberSecurityAwareness #cybersecuritytraining #CyberSecurityNews #privacy #infosecurity
Referenced link: https://www.rapid7.com/blog/post/2022/12/09/metasploit-wrap-up-156/
Originally posted by Metasploit Project / @metasploit@twitter.com: https://twitter.com/metasploit/status/1601317509063667712#m
New in #Metasploit this week: A WordPress exploit, a vCenter privilege escalation, and a login scanner for Syncovery, plus #ProxyShell improvements and more https://www.rapid7.com/blog/post/2022/12/09/metasploit-wrap-up-156/
Remote Code Execution in Exchange PowerShell Backend - The details of CVE-2022-41040 and CVE-2022-41082
https://www.zerodayinitiative.com/blog/2022/11/14/control-your-types-or-get-pwned-remote-code-execution-in-exchange-powershell-backend
#ProxyShell #security #exchange #microsoft
#ProxyShell #security #exchange #microsoft
Okay… Nur mal so zum Mitschreiben:
Bitte patcht #ProxyShell nicht nur sondern checkt die Server auf Backdoors und werft die Kisten unbedingt in eine sauber aufgebaute #DMZ! Ein Unternehmen ist vor wenigen Tagen verschlüsselt worden, weil die Angreifer einen entsprechenden Zugang gekauft haben.
LV Ransomware Exploits #ProxyShell in Attack on a Jordan-based Company
https://www.trendmicro.com/en_us/research/22/j/lv-ransomware-exploits-proxyshell-in-attack.html
#Ransomware
La #Cybersecurity and Infrastructure Security Agency (#CISA) degli Stati Uniti ha emesso un avviso rivolto agli amministratori per gettare al cesso MSExchange e utilizzare server di posta più sicuri... Ah NO: solo per affrontare le vulnerabilità #ProxyShell sfruttate attivamente sui server Microsoft #Exchange locali.
Di Pierluigi #Paganini https://securityaffairs.co/wordpress/121395/security/cisa-alert-exchange-proxyshell-flaws.html
#cisa #ProxyShell #exchange #Paganini #cybersecurity
Casi 2.000 servidores de Exchange hackeados con el exploit #ProxyShell https://blog.segu-info.com.ar/2021/08/casi-2000-servidores-de-exchange.html
微軟還沒搞定這個破洞 ?🤪
RT @TheHackersNews@twitter.com
WARNING — Multiple threat actors are extensively exploiting the #ProxyShell vulnerabilities in-the-wild to compromise hundreds of #Microsoft Exchange servers.
Read details: https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html
🐦🔗: https://twitter.com/TheHackersNews/status/1429471978809749507
#ProxyShell #microsoft #infosec #cybersecurity