Sunday, April 11, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Privacy

URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange

March 3, 2021
in Internet Privacy
URGENT — 4 Actively Exploited 0-Day Flaws Found in Microsoft Exchange
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

Microsoft has released emergency patches to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft.

Describing the attacks as “limited and targeted,” Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments.

You might also like

Hackers Tampered With APKPure Store to Distribute Malware Apps

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

Alert — There’s A New Malware Out There Snatching Users’ Passwords

The tech giant primarily attributed the campaign with high confidence to a threat actor it calls HAFNIUM, a state-sponsored hacker collective operating out of China, although it suspects other groups may also be involved.

Discussing the tactics, techniques, and procedures (TTPs) of the group for the first time, Microsoft paints HAFNIUM as a “highly skilled and sophisticated actor” that mainly singles out entities in the U.S. for exfiltrating sensitive information from an array of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.

HAFNIUM is believed to orchestrate its attacks by leveraging leased virtual private servers in the U.S. in an attempt to cloak its malicious activity.

The three-stage attack involves gaining access to an Exchange Server either with stolen passwords or by using previously undiscovered vulnerabilities, followed by deploying a web shell to control the compromised server remotely. The last link in the attack chain makes use of remote access to plunder mailboxes from an organization’s network and export the collected data to file sharing sites like MEGA.

To achieve this, as many as four zero-day vulnerabilities discovered by researchers from Volexity and Dubex are used as part of the attack chain —

  • CVE-2021-26855: A server-side request forgery (SSRF) vulnerability in Exchange Server
  • CVE-2021-26857: An insecure deserialization vulnerability in the Unified Messaging service
  • CVE-2021-26858: A post-authentication arbitrary file write vulnerability in Exchange, and
  • CVE-2021-27065: A post-authentication arbitrary file write vulnerability in Exchange

Although the vulnerabilities impact Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, and Microsoft Exchange Server 2019, Microsoft said it’s updating Exchange Server 2010 for “Defense in Depth” purposes.

Microsoft Exchange

Furthermore, since the initial attack requires an untrusted connection to Exchange server port 443, the company notes that organizations can mitigate the issue by restricting untrusted connections or by using a VPN to separate the Exchange server from external access.

Microsoft, besides stressing that the exploits were not connected to the SolarWinds-related breaches, said it has briefed appropriate U.S. government agencies about the new wave of attacks. But the company didn’t elaborate on how many organizations were targeted and whether the attacks were successful.

Stating that the intrusion campaigns appeared to have started around January 6, 2021, Volexity cautioned it has detected active in-the-wild exploitation of multiple Microsoft Exchange vulnerabilities used to steal email and compromise networks.

“While the attackers appear to have initially flown largely under the radar by simply stealing emails, they recently pivoted to launching exploits to gain a foothold,” Volexity researchers Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, and Thomas Lancaster explained in a write-up.

“From Volexity’s perspective, this exploitation appears to involve multiple operators using a wide variety of tools and methods for dumping credentials, moving laterally, and further backdooring systems.”

Aside from the patches, Microsoft Senior Threat Intelligence Analyst Kevin Beaumont has also created a nmap plugin that can be used to scan a network for potentially vulnerable Microsoft Exchange servers.

Given the severity of the flaws, it’s no surprise that patches have been rolled out a week ahead of the company’s Patch Tuesday schedule, which is typically reserved for the second Tuesday of each month. Customers using a vulnerable version of Exchange Server are recommended to install the updates immediately to thwart these attacks.

“Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Microsoft’s Corporate Vice President of Customer Security, Tom Burt, said. “Promptly applying today’s patches is the best protection against this attack.


Credit: The Hacker News By: noreply@blogger.com (Ravie Lakshmanan)

Previous Post

This Protein Therapeutics Company Integrates Wet Lab For High-Speed Characterization With Machine Learning Technologies To Guide The Search For Better Antibodies

Next Post

Malaysia Airlines suffers data security 'incident' spanning nine years

Related Posts

Hackers Tampered With APKPure Store to Distribute Malware Apps
Internet Privacy

Hackers Tampered With APKPure Store to Distribute Malware Apps

April 10, 2021
[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business
Internet Privacy

[WHITEPAPER] How to Achieve CMMC Security Compliance for Your Business

April 10, 2021
Alert — There’s A New Malware Out There Snatching Users’ Passwords
Internet Privacy

Alert — There’s A New Malware Out There Snatching Users’ Passwords

April 10, 2021
Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers
Internet Privacy

Cisco Will Not Patch Critical RCE Flaw Affecting End-of-Life Business Routers

April 9, 2021
Gigaset Android Update Server Hacked to Install Malware on Users’ Devices
Internet Privacy

Gigaset Android Update Server Hacked to Install Malware on Users’ Devices

April 9, 2021
Next Post
Malaysia Airlines suffers data security ‘incident’ spanning nine years

Malaysia Airlines suffers data security 'incident' spanning nine years

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Basic laws of physics spruce up machine learning
Machine Learning

New machine learning method accurately predicts battery state of health

April 11, 2021
Can a Machine Learning Model Predict T2D?
Machine Learning

Can a Machine Learning Model Predict T2D?

April 11, 2021
Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success
Data Science

Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success

April 11, 2021
Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU
Machine Learning

Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU

April 10, 2021
Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison
Data Science

Vue.js vs AngularJS Development in 2021: Side-by-Side Comparison

April 10, 2021
IBM releases Qiskit modules that use quantum computers to improve machine learning
Machine Learning

IBM releases Qiskit modules that use quantum computers to improve machine learning

April 10, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • New machine learning method accurately predicts battery state of health April 11, 2021
  • Can a Machine Learning Model Predict T2D? April 11, 2021
  • Leveraging SAP’s Enterprise Data Management tools to enable ML/AI success April 11, 2021
  • Machine Learning in Finance Market is exclusively demanding in forecast 2029 | Ignite Ltd, Yodlee, Trill A.I., MindTitan, Accenture, ZestFinance – KSU April 10, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates