{"id":4152,"date":"2022-12-21T21:10:40","date_gmt":"2022-12-21T20:10:40","guid":{"rendered":"https:\/\/sajberinfo.com\/?p=4152"},"modified":"2022-12-21T21:10:40","modified_gmt":"2022-12-21T20:10:40","slug":"play-ransomware-napada-microsoft-exchange-servere","status":"publish","type":"post","link":"https:\/\/sajberinfo.com\/en\/2022\/12\/21\/play-ransomware-napada-microsoft-exchange-servere\/","title":{"rendered":"Play ransomware napada Microsoft Exchange servere"},"content":{"rendered":"

Sigurnosni istra\u017eiva\u010di kompanije CrowdStrike<\/em> su otkrili da Play ransomware<\/em> koristi novu metodu za iskori\u0161tavanje poznatih ranjivosti CVE-2022-41080<\/em> i CVE-2022-41082<\/em>, odnosno NotProxyShell <\/em>ranjivosti.<\/span><\/p>\n

\"ms-exchange-cve\"

Microsoft Exchange OWASSRF ranjivost; Desing by Sa\u0161a \u0110uri\u0107<\/p><\/div>\n

Ova ranjivost zaobilazi ProxyNotShell<\/em> ispravak za ponovno pisanje URL<\/em>-a, kako bi se postiglo daljinsko izvr\u0161enje k\u00f4da na ranjivim serverima preko Outlook Web<\/em> pristupa. Ranjivost je nazvana OWASSRF<\/em> i mo\u017ee se zaustaviti samo primjenom sigurnosnog a\u017euriranja za Microsoft Exchange<\/em> iz novembra 2022. godine.<\/span><\/p>\n

 <\/p>\n

Nakon dobijanja pristupa serveru, zlonamjerni akteri koriste legalne aplikacije Plink<\/em>, AnyDesk<\/em> i ConnectWise<\/em>\u00a0 kako bi zadr\u017eali pristup i onemogu\u0107ili forenzi\u010dke tehnike poku\u0161avaju\u0107i da \u0161to du\u017ee sakriju svoje aktivnosti. Organizacije koje koriste lokalni Microsoft Exchange<\/em> server bi trebalo da onemogu\u0107e Outlook Web Application<\/em> (OWA<\/em>) sve dok ne primjene sigurnosno a\u017euriranje za ranjivost CVE-2022-41080<\/em><\/a> ili da primjene posljednja dostupna a\u017euriranja za Exchange <\/em>server sa tim da je a\u017euriranje iz novembra 2022. godine minimum.<\/span><\/p>\n

 <\/p>\n

Sigurnosni istra\u017eiva\u010di iz kompanije CrowdStrike <\/em>su objavili detaljne informacije ovdje<\/a>.<\/span><\/p>","protected":false},"excerpt":{"rendered":"

Sigurnosni istra\u017eiva\u010di kompanije CrowdStrike su otkrili da Play ransomware koristi novu metodu za iskori\u0161tavanje poznatih ranjivosti CVE-2022-41080 i CVE-2022-41082, odnosno NotProxyShell ranjivosti. Ova ranjivost zaobilazi ProxyNotShell ispravak za ponovno pisanje URL-a, kako bi se...<\/p>","protected":false},"author":1,"featured_media":4153,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[255,257,256,133],"class_list":["post-4152","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hronike","tag-microsoft-exchange","tag-notproxyshell","tag-owa","tag-ransomware"],"_links":{"self":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4152","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/comments?post=4152"}],"version-history":[{"count":0,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/posts\/4152\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media\/4153"}],"wp:attachment":[{"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/media?parent=4152"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/categories?post=4152"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sajberinfo.com\/en\/wp-json\/wp\/v2\/tags?post=4152"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}