Remove 11
Remove 2021 Remove Authentication Remove Government Remove Military
article thumbnail

Researchers warn of a surge in cyber attacks against Microsoft Exchange

Security Affairs

On March 2nd, Microsoft released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported MS Exchange versions that are actively exploited in the wild. 2/5 — ESET research (@ESETresearch) March 2, 2021.

article thumbnail

Iran-linked DEV-0343 APT target US and Israeli defense technology firms

Security Affairs

Threat actors are launching extensive password spraying attacks aimed at the target organizations, the malicious campaign was first spotted in July 2021. “DEV-0343 is a new activity cluster that the Microsoft Threat Intelligence Center (MSTIC) first observed and began tracking in late July 2021.

Insiders

Sign Up for our Newsletter

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

article thumbnail

The Microsoft Exchange Attack Saga Continues

eSecurity Planet

Specifically, the tool targets the CVE-2021-26855 vulnerability. This vulnerability allows an attacker to make an untrusted connection to Exchange server port 443, allowing them to send arbitrary HTTP requests and authenticate as the Exchange server. Even after running the tool, existing and future updates should still be applied.

article thumbnail

EP 49: LoL

ForAllSecure

I worked at NSA both as a contractor and in the military for about 15 years, building those implants, building these exploits to do some of these attacks that we are currently talking about. Kyle was doing this for the government, doing this for the good of a nation. It's sort of a rerun of CVE 2021 40444.