Threat Advisories

New Exploit Method that Bypasses ProxyNotShell Mitigations

December 22, 2022

Threat Level

Red

Attack Report

For a detailed threat advisory, download the pdf file here

Summary

A new exploit method has been found in the mitigations of the Microsoft Exchange vulnerability ProxyNotShell URL rewrite that allows for remote code execution (RCE) on compromised servers through Outlook Web Access (OWA). The threat actors responsible for this new exploit have been identified as members of the Play ransomware group.

RisePro: A New Threat Emerges on the Russian Online Marketplace

Gamaredon APT cyber feud strikes Ukrainian entities