News

Microsoft has released out-of-band security updates for seven bugs affecting Microsoft Exchange Servers, four of which are zero-day vulnerabilities being exploited by attackers in the wild to plunder on-premises machines. According to Volexity, the attacks have been going on for nearly two months, possibly even longer. Our team has been tirelessly working several intrusions since January involving multiple 0-day exploits in Microsoft Exchange. We’ve released the details of this threat activity alongside Microsoft’s Out of … More

The post Exchange Servers targeted via zero-day exploits, have yours been hit? appeared first on Help Net Security.

Read More Exchange Servers targeted via zero-day exploits, have yours been hit?

The day after VMware released fixes for a critical RCE flaw (CVE-2021-21972) found in a default vCenter Server plugin, opportunistic attackers began searching for publicly accessible vulnerable systems. We’ve detected mass scanning activity targeting vulnerable VMware vCenter servers (https://t.co/t3Gv2ZgTdt). Query our API for “tags=CVE-2021-21972” for relevant indicators and source IP addresses. #threatintel https://t.co/AcSZ40U5Gp — Bad Packets (@bad_packets) February 24, 2021 “In our opinion, the RCE vulnerability in the vCenter Server can pose no less a … More

The post Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP! appeared first on Help Net Security.

Read More Attackers are looking to exploit critical VMware vCenter Server RCE flaw, patch ASAP!