The flaws \u2014 tracked as CVE-2022-41040 and CVE-2022-41082 \u2014 were disclosed last week<\/a><\/strong> after the Vietnamese cybersecurity firm GTSC first spotted the vulnerabilities in August 2022.<\/p>\n According to cybersecurity researcher John Hammond<\/a><\/strong>, who has been tracking the scammers, five now-removed GitHub accounts were attempting to sell the fake exploits.<\/p>\n He noted that a sixth was still active and is impersonating cybersecurity researcher Kevin Beaumont, who has been documenting the flaws and available workarounds.<\/p>\n Bleeping Computer reported that the repositories themselves aren’t important.<\/p>\n However, the README.md file included in the repositories provides details on what is currently known about the flaws, followed by a sales pitch.<\/p>\n Via: Bleeping Computer<\/a><\/strong><\/p><\/div>\n “This means it can go unnoticed by the user and potentially by the security team as well,” it reads.<\/p>\n “Such a powerfull [sic] tool should not be fully public, there is strictly only 1 copy available so a REAL researcher can use it: https:\/\/satoshidisk.com\/pay\/xxx.”<\/p>\n After that, it specifies that readers must not resell or leak the proof-of-concept as that would put them “at risk of breaking the law”.<\/p>\n According to GTSC, exploiting the vulnerabilities could help malicious actors access Microsoft Exchange server systems to drop web shells and carry out lateral movements across the compromised network.<\/p>\n “We detected webshells, mostly obfuscated, being dropped to Exchange servers,” it said.<\/p>\n “Using the user-agent, we detected that the attacker uses Antsword, an active Chinese-based open source cross-platform website administration tool that supports web shell management.”<\/p>\n Scammers pretending to be security researchers are selling fake exploits for recently discovered zero-day flaws in Microsoft Exchange.<\/p>\n","protected":false},"author":341076,"featured_media":463191,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[11253,81707,81777,78704,68902],"class_list":["post-463187","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-github","tag-gtsc","tag-john-hammond","tag-kevin-beaumont","tag-microsoft-exchange"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/463187"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/341076"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=463187"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/463187\/revisions"}],"predecessor-version":[{"id":463293,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/463187\/revisions\/463293"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/463191"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=463187"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=463187"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=463187"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}![\"\"](\"https:\/\/mybroadband.co.za\/news\/wp-content\/uploads\/2022\/10\/Github-repository-README.jpg\")
<\/a>
\nNow read: Activision Blizzard hit by DDoS attack on Overwatch 2 launch day<\/a><\/h3>\n","protected":false},"excerpt":{"rendered":"