Click here to download all references as Bib-File.

Enter keywords to filter the library entries below or Propose new Entry
2021-04-26Medium testbnullVictor Vrabie, Bogdan Botezatu
@online{vrabie:20210426:microsoft:9ccf07e, author = {Victor Vrabie and Bogdan Botezatu}, title = {{Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)}}, date = {2021-04-26}, organization = {Medium testbnull}, url = {https://testbnull.medium.com/microsoft-exchange-from-deserialization-to-post-auth-rce-cve-2021-28482-e713001d915f}, language = {Vietnamese}, urldate = {2021-05-04} } Microsoft Exchange From Deserialization to Post-Auth RCE (CVE-2021–28482)
2021-04-22CybereasonLior Rochberger
@online{rochberger:20210422:prometei:c7eb590, author = {Lior Rochberger}, title = {{Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities}}, date = {2021-04-22}, organization = {Cybereason}, url = {https://www.cybereason.com/blog/prometei-botnet-exploiting-microsoft-exchange-vulnerabilities}, language = {English}, urldate = {2021-04-28} } Prometei Botnet Exploiting Microsoft Exchange Vulnerabilities
Prometei
2021-04-19CERT NZCERT NZ
@online{nz:20210419:microsoft:70f3a4e, author = {CERT NZ}, title = {{Microsoft 365 phishing using fake voicemail messages}}, date = {2021-04-19}, organization = {CERT NZ}, url = {https://www.cert.govt.nz/individuals/alerts/microsoft-365-phishing-using-fake-voicemail/}, language = {English}, urldate = {2021-04-20} } Microsoft 365 phishing using fake voicemail messages
2021-04-16Associated PressFrank Bajak, Matt O'Brien
@online{bajak:20210416:sanctioned:84bffd0, author = {Frank Bajak and Matt O'Brien}, title = {{Sanctioned Russian IT firm was partner with Microsoft, IBM}}, date = {2021-04-16}, organization = {Associated Press}, url = {https://apnews.com/article/business-europe-hacking-russia-dd8c331ff30d366ea4f5d828e788c307}, language = {English}, urldate = {2021-04-19} } Sanctioned Russian IT firm was partner with Microsoft, IBM
2021-04-16Zero DayKim Zetter
@online{zetter:20210416:sanctioned:5ebdd05, author = {Kim Zetter}, title = {{Sanctioned Firm Accused of Helping Russian Intelligence Was Part of Microsoft’s Early Vuln Access Program — MAPP}}, date = {2021-04-16}, organization = {Zero Day}, url = {https://zetter.substack.com/p/sanctioned-firm-accused-of-helping}, language = {English}, urldate = {2021-04-19} } Sanctioned Firm Accused of Helping Russian Intelligence Was Part of Microsoft’s Early Vuln Access Program — MAPP
2021-04-15Palo Alto Networks Unit 42Robert Falcone
@online{falcone:20210415:actor:8428e3f, author = {Robert Falcone}, title = {{Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials}}, date = {2021-04-15}, organization = {Palo Alto Networks Unit 42}, url = {https://unit42.paloaltonetworks.com/exchange-server-credential-harvesting/}, language = {English}, urldate = {2021-04-19} } Actor Exploits Microsoft Exchange Server Vulnerabilities, Cortex XDR Blocks Harvesting of Credentials
CHINACHOPPER
2021-04-13Department of JusticeDepartment of Justice
@online{justice:20210413:justice:97a1ad5, author = {Department of Justice}, title = {{Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities}}, date = {2021-04-13}, organization = {Department of Justice}, url = {https://www.justice.gov/usao-sdtx/pr/justice-department-announces-court-authorized-effort-disrupt-exploitation-microsoft}, language = {English}, urldate = {2021-04-14} } Justice Department announces court-authorized effort to disrupt exploitation of Microsoft Exchange Server vulnerabilities
2021-04-09MicrosoftEmily Hacker, Justin Carroll, Microsoft 365 Defender Threat Intelligence Team
@online{hacker:20210409:investigating:2b6f30a, author = {Emily Hacker and Justin Carroll and Microsoft 365 Defender Threat Intelligence Team}, title = {{Investigating a unique “form” of email delivery for IcedID malware}}, date = {2021-04-09}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/}, language = {English}, urldate = {2021-04-12} } Investigating a unique “form” of email delivery for IcedID malware
IcedID
2021-04-01MicrosoftCole Sodja, Justin Carroll, Melissa Turcotte, Joshua Neil, Microsoft 365 Defender Research Team
@online{sodja:20210401:automating:d24c8aa, author = {Cole Sodja and Justin Carroll and Melissa Turcotte and Joshua Neil and Microsoft 365 Defender Research Team}, title = {{Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting}}, date = {2021-04-01}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/04/01/automating-threat-actor-tracking-understanding-attacker-behavior-for-intelligence-and-contextual-alerting/}, language = {English}, urldate = {2021-04-06} } Automating threat actor tracking: Understanding attacker behavior for intelligence and contextual alerting
2021-03-27InfoSec Handlers Diary BlogGuy Bruneau
@online{bruneau:20210327:malware:91319b0, author = {Guy Bruneau}, title = {{Malware Analysis with elastic-agent and Microsoft Sandbox}}, date = {2021-03-27}, organization = {InfoSec Handlers Diary Blog}, url = {https://isc.sans.edu/forums/diary/Malware+Analysis+with+elasticagent+and+Microsoft+Sandbox/27248/}, language = {English}, urldate = {2021-03-31} } Malware Analysis with elastic-agent and Microsoft Sandbox
2021-03-26MicrosoftEric Doerr
@online{doerr:20210326:securing:0f170cb, author = {Eric Doerr}, title = {{Securing our approach to domain fronting within Azure}}, date = {2021-03-26}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/26/securing-our-approach-to-domain-fronting-within-azure/}, language = {English}, urldate = {2021-03-30} } Securing our approach to domain fronting within Azure
2021-03-26ImpervaDaniel Johnston
@online{johnston:20210326:imperva:a78367a, author = {Daniel Johnston}, title = {{Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures}}, date = {2021-03-26}, organization = {Imperva}, url = {https://www.imperva.com/blog/imperva-observes-hive-of-activity-following-hafnium-microsoft-exchange-disclosures/}, language = {English}, urldate = {2021-03-30} } Imperva Observes Hive of Activity Following Hafnium Microsoft Exchange Disclosures
CHINACHOPPER
2021-03-25Google Project ZeroAnthony Weems, Michael Weber, Dallas Kaman
@online{weems:20210325:cve202126855:046af82, author = {Anthony Weems and Michael Weber and Dallas Kaman}, title = {{CVE-2021-26855: Microsoft Exchange Server-Side Request Forgery}}, date = {2021-03-25}, organization = {Google Project Zero}, url = {https://googleprojectzero.github.io/0days-in-the-wild/0day-RCAs/2021/CVE-2021-26855.html}, language = {English}, urldate = {2021-03-25} } CVE-2021-26855: Microsoft Exchange Server-Side Request Forgery
2021-03-25MicrosoftMicrosoft 365 Defender Threat Intelligence Team
@online{team:20210325:analyzing:d9ddef0, author = {Microsoft 365 Defender Threat Intelligence Team}, title = {{Analyzing attacks taking advantage of the Exchange Server vulnerabilities}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://www.microsoft.com/security/blog/2021/03/25/analyzing-attacks-taking-advantage-of-the-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-30} } Analyzing attacks taking advantage of the Exchange Server vulnerabilities
CHINACHOPPER
2021-03-25MicrosoftTom McElroy
@online{mcelroy:20210325:web:38010a7, author = {Tom McElroy}, title = {{Web Shell Threat Hunting with Azure Sentinel}}, date = {2021-03-25}, organization = {Microsoft}, url = {https://techcommunity.microsoft.com/t5/azure-sentinel/web-shell-threat-hunting-with-azure-sentinel/ba-p/2234968}, language = {English}, urldate = {2021-03-30} } Web Shell Threat Hunting with Azure Sentinel
CHINACHOPPER
2021-03-25Recorded FutureInsikt Group®
@online{group:20210325:suspected:5b0078f, author = {Insikt Group®}, title = {{Suspected Chinese Group Calypso APT Exploiting Vulnerable Microsoft Exchange Servers}}, date = {2021-03-25}, organization = {Recorded Future}, url = {https://www.recordedfuture.com/chinese-group-calypso-exploiting-microsoft-exchange/}, language = {English}, urldate = {2021-03-30} } Suspected Chinese Group Calypso APT Exploiting Vulnerable Microsoft Exchange Servers
Meterpreter PlugX
2021-03-19Bundesamt für Sicherheit in der InformationstechnikCERT-Bund
@techreport{certbund:20210319:microsoft:beb2409, author = {CERT-Bund}, title = {{Microsoft Exchange Schwachstellen Detektion und Reaktion (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)}}, date = {2021-03-19}, institution = {Bundesamt für Sicherheit in der Informationstechnik}, url = {https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Cyber-Sicherheit/Vorfaelle/Exchange-Schwachstellen-2021/MSExchange_Schwachstelle_Detektion_Reaktion.pdf}, language = {English}, urldate = {2021-03-22} } Microsoft Exchange Schwachstellen Detektion und Reaktion (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065)
CHINACHOPPER MimiKatz
2021-03-18YouTube (Microsoft Security)Microsoft
@online{microsoft:20210318:how:2acd7e5, author = {Microsoft}, title = {{How to protect against Microsoft Exchange Server}}, date = {2021-03-18}, organization = {YouTube (Microsoft Security)}, url = {https://www.youtube.com/playlist?list=PL3ZTgFEc7Lytavbz30fR2J8qQYVGW83me}, language = {English}, urldate = {2021-03-19} } How to protect against Microsoft Exchange Server
2021-03-18CERT-BRCERT-BR
@online{certbr:20210318:communiqu:cc24235, author = {CERT-BR}, title = {{Communiqué de presse: 400 systèmes informatique belges infiltrés dans le cadre d'une vulnérabilité des serveurs Microsoft Exchange}}, date = {2021-03-18}, organization = {CERT-BR}, url = {https://www.cert.be/fr/news/communique-de-presse-400-systemes-informatique-belges-infiltres-dans-le-cadre-dune}, language = {French}, urldate = {2021-03-19} } Communiqué de presse: 400 systèmes informatique belges infiltrés dans le cadre d'une vulnérabilité des serveurs Microsoft Exchange
2021-03-16MicrosoftMSRC Team
@online{team:20210316:guidance:c9a881b, author = {MSRC Team}, title = {{Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities}}, date = {2021-03-16}, organization = {Microsoft}, url = {https://msrc-blog.microsoft.com/2021/03/16/guidance-for-responders-investigating-and-remediating-on-premises-exchange-server-vulnerabilities/}, language = {English}, urldate = {2021-03-19} } Guidance for responders: Investigating and remediating on-premises Exchange Server vulnerabilities