image credit: Pixabay

Hackers Exploiting ProxyLogon and ProxyShell Flaws in Spam Campaigns

November 22, 2021

Threat actors are exploiting ProxyLogon and ProxyShell exploits in unpatched Microsoft Exchange Servers as part of an ongoing spam campaign that leverages stolen email chains to bypass security software and deploy malware on vulnerable systems.

The findings come from Trend Micro following an investigation into a number of intrusions in the Middle East that culminated in the distribution of a never-before-seen loader dubbed SQUIRRELWAFFLE. First publicly documented by Cisco Talos, the attacks are believed to have commenced in mid-September 2021 via laced Microsoft Office documents.

Read More on The Hacker News