Friday, July 23, 2021

CISA issues emergency to Federal Agencies Regarding Microsoft Exchange Flaw

Must Read

Attackers Targeting Unpatched Exchange Servers With DearCry Ransomware

Ransomware attackers are now targeting Exchange servers that haven’t received the patches that Microsoft released last week. According to the...

Hacker leaks data of MeetMindful dating site

The data belongs to the MeetMindful dating site and includes everything from real names to Facebook account tokens and...

Sophos Informs customers of Information exposure after database misconfiguration

The company states that just a tiny subset of clients was affected. UK-based cyber-security seller Sophos is presently advising clients...

The US Department of Homeland Security agency’s new emergency directive comes in the wake of major zero-day attacks on email servers revealed by Microsoft this week.

The US agency’s Emergency Directive 21-02, “Mitigate Microsoft Exchange On-Premises Product Vulnerabilities,” was issued on March 3. 

Following Microsoft’s release of out-of-band patches to address multiple zero-day flaws in on-premises versions of Microsoft Exchange Server, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning of “active exploitation” of the vulnerabilities.

This week, Microsoft warned that four zero-day vulnerabilities in Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019 are being actively exploited by a suspected state-sponsored advanced persistent threat (APT) group from China called Hafnium

ED-21-02 also calls for agencies to gather forensic images and, after patching, to look for known indicators of compromise in the wake of Microsoft’s revelation that four zero-day flaws in Exchange are being abused by a nation-state group believed to be out of China. CISA also published technical details and indicators of compromise today.

Exchange Online is not affected by the bugs. However, Exchange Server is software used by government agencies and the enterprise alike, and so Microsoft’s warning to apply provided patches immediately should not be ignored. 

It’s not clear if any U.S. government agencies have been breached in the campaign, but the CISA directive underscores the urgency of the threat.

CISA says that partner organizations have detected “active exploitation of vulnerabilities in Microsoft Exchange on-premise products.”

While the company mainly attributed the campaign to a threat group called HAFNIUM, Slovakian cybersecurity firm ESET said it found evidence of CVE-2021-26855 being actively exploited in the wild by several cyberespionage groups, including LuckyMouse, Tick, and Calypso targeting servers located in the U.S., Europe, Asia, and the Middle East.

CISA issues emergency to Federal Agencies Regarding Microsoft Exchange Flaw

CISA said it worked with the National Security Agency, Microsoft, and security researchers to provide detection and mitigation steps for the threats. 

a2434345d63481a40f0d145881b41013?s=96&d=mm&r=g
Priyanshu Vijayvargiya
Founder and Editor-in-Chief of 'Virtualattacks Inc' Priyanshu Vijayvargiya is a cybersecurity analyst, Information Security professional, developer, and a white hat hacker.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

OAIC: Uber found to have interfered with the privacy of over 1.2 million Australians

The Office of the Australian Information Commissioner (OAIC) has determined that Uber Technologies, Inc. and Uber B.V. have interfered...

Over 80 US Municipalities data are exposed due to Misconfigured Amazon S3

A team of Cybersecurity researchers at Wizcase found major data exposure of Over 80 US Municipalities due to the Misconfigured Amazon S3 Bucket. This happened...

Formbook malware Upgraded as an XLoader malware to Attack macOS Systems

Researchers have spotted an upgraded malware variant of Formbook malware which is now Upgraded as an XLoader malware to Attack macOS Systems. Cybersecurity researchers on...

Millions of HP, Samsung, Xerox Printers are Vulnerable to 16 year old bug

A 16-year-old security vulnerability affects Millions of HP, Samsung, Xerox Printers Driver allows attackers to gain admin rights on systems using the vulnerable driver...

MosaicLoader malware targets cracked software via SEO poisoning

New MosaicLoader malware targets users that are searching to download cracked software. Cybercriminals run ad campaigns in search engine results to boost their malicious...

More Articles Like This