CISA Issues Urgent Warning About ProxyShell Vulnerabilities
State Department reportedly hit by cyberattack, Zero-day in Razer’s Synapse software could give threat actor SYSTEM privileges, T-Mobile ups again the number of people affected by data breach, more
Security researcher Kevin Beaumont has been monitoring the exploitation of ProxyShell, a set of vulnerabilities revealed by Orange Tsai at BlackHat, and discovered that the vulnerabilities are worse than ProxyLogon, the Exchange vulnerabilities revealed in March, and organizations have largely not patched for them.
On Saturday, the Cybersecurity and Infrastructure Security Agency issued an urgent notice that an attacker exploiting these vulnerabilities could execute arbitrary code on a vulnerable machine. CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft's Security Update from May 2021. (Kevin Beaumont / Double Pulsar and US-CERT Current Activity)
Related: The Record by Recorded Future, Bleeping Computer, Security Affairs, The Hacker News, Forbes, Infosecurity Magazine
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.