Hackers could exploit ProxyToken authentication bypass vulnerability to steal victims’ emails and personally identifiable information from vulnerable Microsoft Exchange servers.
CISA issues urgent alert as threat actors actively exploit ProxyShell vulnerabilities on unpatched Microsoft Exchange servers to execute LockFile ransomware attacks.
The FBI obtained a court order to remove hackers’ web shells from the still-compromised Microsoft Exchange servers without informing the owners until the operation was concluded.