2022’s most routinely exploited vulnerabilities—history repeats

Categories: Exploits and vulnerabilities

Categories: News

Tags: Zoho ManageEngine

Tags: CVE-2021-40539

Tags: Log4Shell

Tags: CVE-2021-44228

Tags: CVE-2021-13379

Tags: ProxyShell

Tags: CVE-2021-34473

Tags: CVE-2021-31207

Tags: CVE-2021-34523

Tags: CVE-2021-26084

Tags: Atlassian

Tags: CVE-2022-22954

Tags: CVE-2022-22960

Tags: CVE-2022-26134

Tags: CVE-2022-1388

Tags: CVE-2022-30190

Tags: Follina

What can the routinely exploited vulnerabilities of 2022 tell us, and what do we think will make it on to next year’s list?

(Read more…)

The post 2022’s most routinely exploited vulnerabilities—history repeats appeared first on Malwarebytes Labs.

Read more

[updated]Two new Exchange Server zero-days in the wild

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post [updated]Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Read more

Two new Exchange Server zero-days in the wild

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

Read more

IIS extensions are on the rise as backdoors to servers

Credit to Author: Pieter Arntz| Date: Wed, 27 Jul 2022 13:58:06 +0000

The Microsoft 365 Defender Research Team has warned that attackers are increasingly leveraging Internet Information Services (IIS) extensions as covert backdoors into servers.

The post IIS extensions are on the rise as backdoors to servers appeared first on Malwarebytes Labs.

Read more

The Active Adversary Playbook 2022

Credit to Author: Tilly Travers| Date: Tue, 07 Jun 2022 11:02:43 +0000

Cyberattacker behaviors, tactics and tools seen on the frontline of incident response during 2021

Read more

The top 5 most routinely exploited vulnerabilities of 2021

Credit to Author: Pieter Arntz| Date: Fri, 29 Apr 2022 16:28:20 +0000

International cybersecurity authorities have published an overview of the most routinely exploited vulnerabilities of 2021.

The post The top 5 most routinely exploited vulnerabilities of 2021 appeared first on Malwarebytes Labs.

Read more

AvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI

Credit to Author: Pieter Arntz| Date: Mon, 21 Mar 2022 21:09:12 +0000

The AvosLocker ransomware as a service affiliates have been found to target multiple critical infrastructure sectors, using Exchange Server vulnerabilities.

The post AvosLocker ransomware uses Microsoft Exchange Server vulnerabilities, says FBI appeared first on Malwarebytes Labs.

Read more