Symantec cybersecurity experts: The malware deployment is preceded by a reconnaissance with the AdFind tool. The victims are large organizations.
New Exchange Server Vulnerability: PROXYTOKEN. Yoroi: The flaw, CVE-2021-33766, allows a threat actor to monitor, steal or alter corporate email communications
Microsoft Exchange Server has a new serious vulnerability, the technical details of which have already been posted online: the exploits. Yoroi cybersecurity experts denounce it. The flaw is known as “PROXYTOKEN” and with the identifier CVE-2021-33766. It is caused by gaps in the management of user authentication between the frontend and backend service interfaces of Exchange Server, for which a non-authenticated network attacker capable of reaching the ECP interfaces over HTTP / HTTP protocols can execute arbitrary commands on each mailbox. mail managed by the server. This circumstance represents significant risk scenarios as a threat actor would be able to monitor, steal or alter corporate e-mail communications, exposing the organization to high risks of fraud and theft of intellectual property.