Exchange Archives - Securezoo

Microsoft August 2023 Security Updates Fixes 74 Vulnerabilities (6 Critical severity)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / August 9, 2023 / CVE-2023-29328, CVE-2023-29330, CVE-2023-35385, CVE-2023-36895, CVE-2023-36910, CVE-2023-36911, Exchange, Teams, Windows

The Microsoft August 2023 Security Updates includes patches and advisories for 74 vulnerabilities, including 6 Critical severity issues.

CISA adds 2 Microsoft vulnerabilities to Known Exploited Vulnerabilities Catalog (to include 1 Windows zero-day)

Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / January 12, 2023 / CISA, CVE-2022-41080, CVE-2023-21674, Exchange, Exploit, Windows

The Cybersecurity and Infrastructure Security Agency (CISA) has added one Microsoft Exchange and one Windows zero-day vulnerability to its Known Exploited Vulnerabilities Catalog.

Rackspace suffers from security incident involving Hosted Exchange services

Cybersecurity Attacks, Data Breach, Messaging Security, Vulnerabilities & Exploits / By Frank Crast / December 4, 2022 / Exchange, Microsoft, Office365, ProxyNotShell, Rackspace, Zeroday

Cloud computing services company Rackspace has reported a security incident involving Hosted Exchange services.

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / November 11, 2022 / CVE-2022-3602, CVE-2022-3786, CVE-2022-41040, CVE-2022-41073, CVE-2022-41082, CVE-2022-41091, CVE-2022-41125, CVE-2022-41128, Exchange, ProxyNotShell

The Microsoft November 2022 Security Updates includes patches and advisories for 65 vulnerabilities, including 6 zero-days and 10 Critical severity issues.

Top CVEs targeted by PRC state-sponsored cyber actors

Cybersecurity Attacks, Vulnerabilities & Exploits / By Frank Crast / October 8, 2022 / Apache, BIG-IP, CVE-2019-11510, CVE-2019-19781, CVE-2020-5902, CVE-2021-1497, CVE-2021-20090, CVE-2021-22005, CVE-2021-22205, CVE-2021-26084, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065, CVE-2021-36260, CVE-2021-40539, CVE-2021-41773, CVE-2021-42237, CVE-2021-44228, CVE-2022-1388, CVE-2022-24112, CVE-2022-26134, Exchange, log4Shell, ProxyLogon

The FBI, NSA and CISA coauthored a joint Cybersecurity Advisory detailing how People’s Republic of China (PRC) state-sponsored cyber actors continue to exploit common, publicly known vulnerabilities used since 2020 to “actively target U.S. and allied networks.”

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / By Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 1, 2022 / Atlassian, CVE-2022-36804, CVE-2022-41040, CVE-2022-41082, Exchange, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / By Frank Crast / October 1, 2022 / CVE-2022-41040, CVE-2022-41082, Exchange, Exchange Server 2019, IIS, Microsoft, PowerSHell, ProxyNotShell, Vulnerabilities, Zero-day

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Microsoft March 2022 Security Updates (fixes for 71 vulnerabilities, 3 Critical)

Security Updates & Patches, Vulnerabilities & Exploits / By Frank Crast / March 8, 2022 / CVE-2022-21990, CVE-2022-22006, CVE-2022-23277, CVE-2022-24501, Exchange, HEVC, VP9

The Microsoft March 2022 Security Updates includes patches and advisories for 71 vulnerabilities, 29 of those remote code execution flaws and three rated Critical.

BlackByte Ransomware compromised multiple entities in US critical infrastructure sectors

Cybersecurity Attacks, Malware, Vulnerabilities & Exploits / By Frank Crast / February 19, 2022 / BlackByte, Exchange, FBI, Infrastructure, RaaS, Ransomware, USSS

The Federal Bureau of Investigation (FBI) and the U.S. Secret Service (USSS) issued a joint Cybersecurity Advisory warning of BlackByte ransomware compromising multiple entities in US critical infrastructure sectors.