all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Threat Advisory: Microsoft warns of actively exploited vulnerabilities in Exchange Server

Add to bookmarks
Sept. 30, 2022, 9:16 p.m. | Unknown (noreply@blogger.com)

Cisco Talos Intelligence Group - Comprehensive Threat Intelligence blog.talosintelligence.com


Cisco Talos has released new coverage to detect and prevent the exploitation of two recently disclosed vulnerabilities collectively referred to as "ProxyNotShell," affecting Microsoft Exchange Servers 2013, 2016 and 2019. One of these vulnerabilities could allow an attacker to execute remote code on the targeted server. Limited exploitation of these vulnerabilities in the wild has been reported. CVE-2022-41040 is a Server Side Request Forgery (SSRF) vulnerability, while CVE-2022-41082 enables Remote Code Execution (RCE) when PowerShell is accessible to the attackers. …

actively exploited advisory cve-2022-41040 cve-2022-41082 exchange exchange server microsoft microsoft exchange server threat threat advisory vulnerabilities

Visit resource

More from blog.talosintelligence.com / Cisco Talos Intelligence Group - Comprehensive Threat Intelligence

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks 1 day, 20 hours ago | blog.talosintelligence.com
attacks banking banking trojan banking trojans +19
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks 2 days, 14 hours ago | blog.talosintelligence.com
attackers attacks drivers equally +17
LilacSquid: The stealthy trilogy of PurpleInk, InkBox and InkLoader 2 days, 20 hours ago | blog.talosintelligence.com
apt apt groups bear campaign +7
New Generative AI category added to Talos reputation services 3 days, 16 hours ago | blog.talosintelligence.com
announcements artificial artificial intelligence audio +11
Out-of-bounds reads in Adobe Acrobat; Foxit PDF Reader contains vulnerability that could lead to SYSTEM-level … 3 days, 16 hours ago | blog.talosintelligence.com
acrobat adobe adobe acrobat application +14
Apple and Google are taking steps to curb the abuse of location-tracking devices — but … 1 week, 2 days ago | blog.talosintelligence.com
abuse adversaries airtag apple +16
From trust to trickery: Brand impersonation over the email attack vector 1 week, 3 days ago | blog.talosintelligence.com
adversaries attack attack vector brand +10
Rounding up some of the major headlines from RSA 2 weeks, 2 days ago | blog.talosintelligence.com
coming conference major may +3
Talos releases new macOS open-source fuzzer 2 weeks, 2 days ago | blog.talosintelligence.com
code fuzzer fuzzing linux +8

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com