Source |
Bleeping Computer |
Identifiant |
8293207 |
Date de publication |
2022-12-20 17:33:13 (vue: 2022-12-20 23:05:58) |
Titre |
Ransomware gang uses new Microsoft Exchange exploit to breach servers |
Texte |
Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA). [...] |
Envoyé |
Oui |
Condensat |
access actors are breach bypasses chain code exchange execution exploit gain gang microsoft mitigations new outlook owa play proxynotshell ransomware rce remote rewrite servers threat through url uses using vulnerable web |
Tags |
Ransomware
Threat
|
Stories |
|
Notes |
★★
|
Move |
|
Src |
Date (GMT) |
Titre |
Description |
Tags |
Stories |
Notes |
|
2022-12-21 13:11:00 |
(Déjà vu) Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations (lien direct) |
Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA).
"The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, |
Ransomware
Threat
|
|
★★★★
|