One Article Review
| Source |  The Hacker News |
|---|---|
| Identifiant | 8293320 |
| Date de publication | 2022-12-21 13:11:00 (vue: 2022-12-21 09:05:39) |
| Titre | Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations (Recyclage) |
| Texte | Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, |
| Notes | ★★★★ |
| Envoyé | Oui |
| Condensat | access achieve actors affiliated are before blocking brian bypass bypasses bypasses url chain code crowdstrike endpoint exchange execution exploit flaws hackers known leveraging method microsoft mitigations mitigations for never new outlook owa pitchford play proxynotshell ransomware rce remote researchers rewrite rules seen server strain the autodiscover threat through using way web |
| Tags | Ransomware Threat |
| Stories | |
| Move | 
|
Les reprises de l'article (1):
| Source |  Bleeping Computer |
|---|---|
| Identifiant | 8293207 |
| Date de publication | 2022-12-20 17:33:13 (vue: 2022-12-20 23:05:58) |
| Titre | Ransomware gang uses new Microsoft Exchange exploit to breach servers |
| Texte | Play ransomware threat actors are using a new exploit chain that bypasses ProxyNotShell URL rewrite mitigations to gain remote code execution (RCE) on vulnerable servers through Outlook Web Access (OWA). [...] |
| Notes | ★★ |
| Envoyé | Oui |
| Condensat | access actors are breach bypasses chain code exchange execution exploit gain gang microsoft mitigations new outlook owa play proxynotshell ransomware rce remote rewrite servers threat through url uses using vulnerable web |
| Tags | Ransomware Threat |
| Stories | |
| Move |
|
L'article ressemble à 1 autre(s) article(s):
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2022-12-21 18:21:25 | (Déjà vu) Ransomware groups use new exploit to bypass ProxyNotShell mitigations for Microsoft Exchange (lien direct) | Threat actors affiliated with the Play ransomware strain are leveraging a never-before-seen exploit method that bypasses Microsoft's ProxyNotShell URL rewrite mitigation to gain remote code execution through Outlook Web Access (OWA). | Ransomware | ★ |