Category Archives: Exchange Server

Thousands of Exchange servers breached prior to patching, CISA boss says

Posted on by

A U.S. government cybersecurity official on Monday warned organizations not to have a false sense of security when it comes to vulnerabilities in Microsoft Exchange Server software, noting that “thousands” of computer servers with updated software had already been breached. “Patching is not sufficient,” said Brandon Wales, acting head of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA). “There are literally thousands of compromised servers that are currently patched. And these system owners, they believe they are protected.” “We’re seeing improvements there, but more work needs to be done,” Wales said at an event hosted by Auburn University’s McCrary Institute. “The vulnerabilities can be scriptable, allowing automation exploitation, and that’s just a risk that’s unacceptable.” Everyone from suspected Chinese spies to ransomware gangs have in the last month moved to exploit the flaws in Exchange Server, a popular email software. At least one of the bugs could […]

The post Thousands of Exchange servers breached prior to patching, CISA boss says appeared first on CyberScoop.

Continue reading Thousands of Exchange servers breached prior to patching, CISA boss says

US racing to address Microsoft vulnerabilities, especially for small businesses

Posted on by

The number of entities in the U.S. that remain vulnerable to the recently announced Microsoft Exchange Server software flaws is dropping, according to a National Security Council spokesperson. Overall, the number of vulnerable systems systems fell 45% last week, the National Security Council (NSC) spokesperson said in a statement, and there are now fewer than 10,000 vulnerable systems in the U.S., compared to the more than 120,000 entities that were vulnerable when the software bugs were first uncovered. The key to that apparent decrease is the fact that entities are taking advantage of a new tool Microsoft released to the public last week in an attempt to protect protect smaller organizations against hackers seeking to exploit the Exchange Server flaws, according to the NSC spokesperson. Microsoft developed the tool, the Exchange On-Premises Mitigation tool — which works in an automated way, scanning for compromises and remediating issues — in coordination with […]

The post US racing to address Microsoft vulnerabilities, especially for small businesses appeared first on CyberScoop.

Continue reading US racing to address Microsoft vulnerabilities, especially for small businesses

Biden administration mulls software security grades after SolarWinds

Posted on by

The White House is contemplating the use of cybersecurity ratings and standards for U.S. software, a move akin to how New York City grades restaurants on sanitation or Singapore labels internet of things devices, a senior administration official told reporters on Friday. “There will be ideas coming on both of those in an executive action in the next few weeks,” the official said, briefing reporters on the condition of anonymity about simultaneous major security incidents that continue to roil the country: the SolarWinds supply chain attack, and the exploitation of Microsoft Exchange Server vulnerabilities. The concept of government labeling and grading in cybersecurity isn’t entirely new. Some experts have long coveted an Energy Star-style rating system resembling the program that the Environmental Protection Agency and Energy Department use to promote energy-efficient devices. Among them: the Cybersecurity Solarium Commission, which last year recommended that Congress establish a National Cybersecurity Certification and […]

The post Biden administration mulls software security grades after SolarWinds appeared first on CyberScoop.

Continue reading Biden administration mulls software security grades after SolarWinds

Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs

Posted on by

The floodgates appear to be open on critical bugs in Microsoft software as a predictable bevy of scammers — from a ransomware actor to cryptocurrency conmen — have flocked to vulnerable email servers. The new incidents make clear that what started as a reported China-linked spying operation to steal data from the Microsoft email program has devolved into an opportunistic romp for criminals. The number of attempts to exploit the email software program, known as Exchange Server, doubled every two to three hours over the course of 24 hours, Israeli security firm Check Point said Thursday. Government organizations, along with manufacturing and financial firms, were the top sectors targeted. The researchers cautioned however, that they have yet to see intrusions that successfully string all of the vulnerabilities together. At least one ransomware actor has now entered the fray. Microsoft said late Thursday that crooks were using a new family of […]

The post Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs appeared first on CyberScoop.

Continue reading Botnet operators, ransomware scammers the latest groups to pounce on Exchange Server bugs

GitHub removes researcher’s Exchange Server exploit, sparking industry debate

Posted on by

Microsoft-owned GitHub has removed a security researcher’s proof-of-concept exploit for vulnerabilities in Microsoft software that are at the center of widespread malicious cyber activity. The decision immediately touched off debate in the cybersecurity industry over when researchers should refrain from releasing software exploits and how software repositories like GitHub should govern their users. It’s an unusually sensitive situation: A slew of Chinese state-linked hackers have already exploited the flaws in Exchange Server, a popular email software, and analysts fear cybercriminals could be not far behind in abusing the bugs. And now the concern for some security analysts is that researcher Nguyen Jang’s release of a proof-of-concept exploit could enable additional malicious attackers to exploit the flaws. Nguyen defended the decision by saying it would prompt organizations to patch. A GitHub spokesperson said it removed the code because it violated the platform’s policy against uploading “active” software exploits. “We understand that […]

The post GitHub removes researcher’s Exchange Server exploit, sparking industry debate appeared first on CyberScoop.

Continue reading GitHub removes researcher’s Exchange Server exploit, sparking industry debate

As firms race to patch Microsoft Exchange flaw, security pros brace for ransomware outbreak

Posted on by

Nobody likes to hurry up and wait. It’s exactly how security professionals are urging vulnerable organizations to protect themselves, though, against a cavalcade of nation-state and criminal hacking groups reportedly working to exploit Microsoft Exchange Server flaws that were announced earlier this month. Suspected Chinese government-linked hackers were the first to allegedly exploit the Microsoft vulnerabilities. As soon as the company released a fix for the bugs, though, taking the issue public, a range of other hacking groups also appeared to try leveraging the flaw. At least ten different advanced threat groups are working to exploit the vulnerabilities now, according to ESET research, while other hackers have stolen email data and others have tried to generate financial revenue. With potentially tens of thousands of victims, the U.S. government — including the National Security Agency, the Department of Homeland Security’s cybersecurity agency, the FBI and the White House — has spent days […]

The post As firms race to patch Microsoft Exchange flaw, security pros brace for ransomware outbreak appeared first on CyberScoop.

Continue reading As firms race to patch Microsoft Exchange flaw, security pros brace for ransomware outbreak

No signs yet of Exchange Server compromises at federal agencies, CISA says

Posted on by

U.S. officials have yet to find any signs that federal civilian agencies have been breached in recent widespread exploitation of Microsoft software, a senior Department of Homeland Security official told lawmakers Wednesday. The “vast majority” of civilian agencies have addressed vulnerabilities in the Exchange Server email software following an emergency directive from DHS’s Cybersecurity and Infrastructure Security Agency (CISA), said Eric Goldstein, the agency’s executive assistant director for cybersecurity. But Goldstein cautioned in  testimony before a House Appropriations subcommittee that the malicious cyber activity is “an evolving campaign, with new information coming in by the hour.” The news is a welcome reprieve for federal officials who have been consumed with responding to the critical Exchange Server flaws amid reports that tens of thousands of U.S. state and local government organizations and small businesses could be affected. Microsoft disclosed the vulnerabilities on March 2 while accusing a Chinese government-linked hacking group […]

The post No signs yet of Exchange Server compromises at federal agencies, CISA says appeared first on CyberScoop.

Continue reading No signs yet of Exchange Server compromises at federal agencies, CISA says

Chinese Exchange Hack: At Best, Microsoft is Incompetent

Posted on by

This week brought news of Chinese hackers attacking Microsoft Exchange. But why did Microsoft wait eight weeks to tell anyone?
The post Chinese Exchange Hack: At Best, Microsoft is Incompetent appeared first on Security Boulevard.
Continue reading Chinese Exchange Hack: At Best, Microsoft is Incompetent