Saturday, October 16, 2021

CISA issues emergency to Federal Agencies Regarding Microsoft Exchange Flaw

Must Read

Philly Food Bank Loses $1m in BEC Scam

A Philadelphia food bank was scammed from almost $1m after a small business email compromise (BEC) attack, it's emerged.Philabundance...

Cyberattack on the US govt may have started earlier than initially thought

The unprecedented cyber attack on U.S. government bureaus reported that this month might have begun sooner than last spring...

Researchers Disclosed a security vulnerability in UNEP that affects 100k staff records

Today, researchers have revealed a security vulnerability by exploiting which they could access more than 100,000 private worker records...

The US Department of Homeland Security agency’s new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.

The US agency’s Emergency Directive 21-02, “Mitigate Microsoft Exchange On-Premises Product Vulnerabilities,” was issued on March 3. 

Following Microsoft’s release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of “active exploitation” of the vulnerabilities.

This week, Microsoft warned that four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 are being actively exploited by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium

ED-21-02 also calls for agencies to gather forensic images and, after patching, to look for known indicators of compromise in the wake of Microsoft’s revelation that four zero-day flaws in Exchange are being abused by a nation-state group believed to be out of China. CISA also published technical details and indicators of compromise today.

Exchange Online is not affected by the bugs. However, Exchange Server is software used by government agencies and the enterprise alike, and so Microsoft’s warning to apply provided patches immediately should not be ignored. 

It’s not clear if any U.S. government agencies have been breached in the campaign, but the CISA directive underscores the urgency of the threat.

CISA says that partner organizations have detected “active exploitation of vulnerabilities in Microsoft Exchange on-premise products.”

While the company mainly attributed the campaign to a threat group called HAFNIUM, Slovakian cybersecurity firm ESET said it found evidence of CVE-2021-26855 being actively exploited in the wild by several cyberespionage groups, including LuckyMouse, Tick, and Calypso targeting servers located in the U.S., Europe, Asia, and the Middle East.

CISA  issues emergency to Federal Agencies Regarding Microsoft Exchange Flaw

CISA said it worked with the National Security Agency, Microsoft, and security researchers to provide detection and mitigation steps for the threats. 

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

Leave a reply

Please enter your comment!
Please enter your name here

Latest News

Unified endpoint management automation software to boost endpoint security

Endpoints are constantly connected to the internet, so they offer a gateway for cyberattacks. Endpoint security is simply the process...

Attackers Using Morse Code in phishing campaign to Evade Detection

Microsoft on Thursday revealed the techniques used by attackers to avoid detection using morse code in the phishing campaign.Microsoft also revealed the workings of...

Murata Manufacturing suffers data breach of employees and customer

Japanese electronic components manufacturer Murata has released an apology Notice for the data breach of thousands of files in June that contained bank account...

Everything about Signalling System 7(SS7)

Signaling System 7 (SS7) is an international telecommunication protocol standard that controls and regulates the network elements in a public switched telephone network (PSTN)....

Zimbra flaw lets attackers access the mail servers

Researchers discovered a flaw in the open-source Zimbra code. As a result, an attacker would gain unrestricted access to all sent and received emails...

More Articles Like This