Scammers take to GitHub to hoodwink other cybercriminals
There’s no PoC for the latest Microsoft Exchange flaw
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Cybersecurity researchers have discovered multiple GitHub accounts selling fake proof-of-work concept exploits for the latest zero-day vulnerabilities discovered inMicrosoftExchange.
The warning follows the discovery of two new zero-day vulnerabilities in Microsoft Exchange: CVE-2022-41040 and CVE-2022-41082. These are a server-side request forgery (SSRF) flaw, and remote code execution (RCE) flaw, with both said to be being used by threat actors in the wild.
Microsoft confirmed the existence of both the flaws and threat actors using it, and said to be working on apatch. Until that happens, it won’t share more details about the vulnerabilities, so as to not to give any new ideas to hackers - however, some saw this as an opportunity to make a quick buck.
Fake accounts selling fake exploits
As reported byBleepingComputer, researchers found at least two separate fraud campaigns: one comprised of five accounts looking to sell fake exploits (‘jml4da’, ‘TimWallbey’, ‘Liu Zhao Khin (0daylabin)’, ‘R007er’, and ‘spher0x’), and another one impersonating Kevin Beaumont, aka GossTheDog, a popular cybersecurity expert.
The GitHub repositories for sale luckily don’t hold anymalware. They don’t hold any important files either, just a README.md that details what’s known about the vulnerabilities so far, and a pitch on how the crooks are selling a copy of a PoC exploit for the zero-days.
More Microsoft Exchange zero-days exploited in the wild>Microsoft Exchange Online is making some major access changes>These are the best endpoint protection tools at the moment
“This means it can go unnoticed by the user and potentially by the security team as well. Such a powerful tool should not be fully public, there is strictly only 1 copy available so a REAL researcher can use it: https://satoshidisk.com/pay/xxx," the document reads.
The file then leads to a SatoshiDisk page where gullible hackers can “buy” the fake exploit for 0.0182 Bitcoin, or roughly $420.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
This should already be considered a red flag, as flaws like this one should cost at least a thousand times as much. Apparently, IT company Zerodium offers $250,000 for RCE flaws in Microsoft Exchange.
Via:BleepingComputer
Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.
A new form of macOS malware is being used by devious North Korean hackers
Scammers are using fake copyright infringement claims to hack businesses
This super-cheap HP Victus 15 gaming laptop just dropped to its lowest price yet
