Search results for solarwinds microsoft exchange | Breaking Cybersecurity News | The Hacker News

Microsoft has  released emergency patches  to address four previously undisclosed security flaws in Exchange Server that it says are being actively exploited by a new Chinese state-sponsored threat actor with the goal of perpetrating data theft. Describing the attacks as "limited and targeted," Microsoft Threat Intelligence Center (MSTIC) said the adversary used these vulnerabilities to access on-premises Exchange servers, in turn granting access to email accounts and paving the way for the installation of additional malware to facilitate long-term access to victim environments. The tech giant primarily attributed the campaign with high confidence to a threat actor it calls HAFNIUM, a state-sponsored hacker collective operating out of China, although it suspects other groups may also be involved. Discussing the tactics, techniques, and procedures (TTPs) of the group for the first time, Microsoft paints HAFNIUM as a "highly skilled and sophisticated actor" that m...

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe. The company  said  "it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM," signaling an escalation that the breaches are no longer "limited and targeted" as was previously deemed. According to independent cybersecurity journalist  Brian Krebs , at least 30,000 entities across the U.S. — mainly small businesses, towns, cities, and local governments — have been compromised by an "unusually aggressive" Chinese group that has set its sights on stealing emails from victim organizations by exploiting previously undisclosed flaws in Exchange Server. Victims are also being reported from outside the U.S., with email s...

Mimecast said on Tuesday that "a sophisticated threat actor" had compromised a digital certificate it provided to certain customers to securely connect its products to Microsoft 365 (M365) Exchange. The discovery was made after the breach was notified by Microsoft, the London-based company  said in an alert  posted on its website, adding it's reached out to the impacted organizations to remediate the issue. The company didn't elaborate on what type of certificate was compromised, but Mimecast offers  seven different digital certificates  based on the geographical location that must be uploaded to M365 to create a server Connection in Mimecast. "Approximately 10 percent of our customers use this connection," the company said. "Of those that do, there are indications that a low single digit number of our customers' M365 tenants were targeted." Mimecast is a cloud-based email management service for Microsoft Exchange and Microsoft Office 365...

The European Banking Authority (EBA) on Sunday said it had been a victim of a cyberattack targeting its Microsoft Exchange Servers, forcing it to temporarily take its email systems offline as a precautionary measure. "As the vulnerability is related to the EBA's email servers, access to personal data through emails held on that servers may have been obtained by the attacker," the Paris-based regulatory agency  said . EBA said it's launched a full investigation into the incident in partnership with its information and communication technology (ICT) provider, a team of forensic experts, and other relevant entities. In a second update issued on Monday, the agency said it had secured its email infrastructure and that it found no evidence of data extraction, adding it has "no indication to think that the breach has gone beyond our email servers." Besides deploying extra security measures, EBA also noted it's closely monitoring the situation after restor...

Microsoft has released patches to address  73 security flaws  spanning its software lineup as part of its Patch Tuesday updates for February 2024, including two zero-days that have come under active exploitation. Of the 73 vulnerabilities, 5 are rated Critical, 65 are rated Important, and three and rated Moderate in severity. This is in addition to  24 flaws  that have been fixed in the Chromium-based Edge browser since the release of the January 2024 Patch Tuesday updates . The two flaws that are listed as under active attack at the time of release are below - CVE-2024-21351  (CVSS score: 7.6) - Windows SmartScreen Security Feature Bypass Vulnerability CVE-2024-21412  (CVSS score: 8.1) - Internet Shortcut Files Security Feature Bypass Vulnerability "The vulnerability allows a malicious actor to inject code into  SmartScreen  and potentially gain code execution, which could potentially lead to some data exposure, lack of system availabilit...

Microsoft has patched a total of  74 flaws  in its software as part of the company's Patch Tuesday updates for August 2023, down from the voluminous 132 vulnerabilities the company fixed last month. This comprises six Critical, 67 Important, and one Moderate severity vulnerabilities. Released along with the security improvements are two defense-in-depth updates for Microsoft Office ( ADV230003 ) and the Memory Integrity System Readiness Scan Tool ( ADV230004 ). The updates are also in addition to 30 issues addressed by Microsoft in its Chromium-based Edge browser since last month's Patch Tuesday edition and one side-channel flaw impacting certain processor models offered by AMD ( CVE-2023-20569  or  Inception ). ADV230003 concerns an already known security flaw tracked as  CVE-2023-36884 , a remote code execution vulnerability in Office and Windows HTML that has been actively exploited by the Russia-linked RomCom threat actor in attacks targeting Ukraine as...

SolarWinds, the enterprise monitoring software provider which found itself at the epicenter of the most  consequential supply chain attacks , said as many as 18,000 of its high-profile customers might have installed a tainted version of its Orion products. The acknowledgment comes as part of a new filing made by the company to the US Securities and Exchange Commission on Monday. The Texas-based company serves more than 300,000 customers worldwide, including every branch of the US military and four-fifths of the Fortune 500 companies. The "incident was likely the result of a highly sophisticated, targeted and manual supply chain attack by an outside nation state," SolarWinds said in the  regulatory disclosure , adding it "currently believes the actual number of customers that may have had an installation of the Orion products that contained this vulnerability to be fewer than 18,000." The company also reiterated in its  security advisory  that besides 2019.4 HF...

Microsoft closed out its Patch Tuesday updates for 2024 with fixes for a total of 72 security flaws spanning its software portfolio, including one that it said has been exploited in the wild. Of the 72 flaws, 17 are rated Critical, 54 are rated Important, and one is rated Moderate in severity. Thirty-one of the vulnerabilities are remote code execution flaws, and 27 of them allow for the elevation of privileges. This is in addition to 13 vulnerabilities the company has addressed in its Chromium-based Edge browser since the release of last month's security update . In total, Microsoft has resolved as many as 1,088 vulnerabilities in 2024 alone, per Fortra. The vulnerability that Microsoft has acknowledged as having been actively exploited is CVE-2024-49138 (CVSS score: 7.8), a privilege escalation flaw in the Windows Common Log File System (CLFS) Driver. "An attacker who successfully exploited this vulnerability could gain SYSTEM privileges," the company said in an...

In yet another sign that the Russian hackers who breached SolarWinds network monitoring software to compromise a slew of entities never really went away, Microsoft said the threat actor behind the malicious cyber activities used password spraying and brute-force attacks in an attempt to guess passwords and gain access to its customer accounts. "This recent activity was mostly unsuccessful, and the majority of targets were not successfully compromised – we are aware of three compromised entities to date," the tech giant's Threat Intelligence Center  said  Friday. "All customers that were compromised or targeted are being contacted through our nation-state notification process." The development was first  reported  by news service Reuters. The names of the victims were not revealed. The latest wave in a series of intrusions is said to have primarily targeted IT companies, followed by government agencies, non-governmental organizations, think tanks, and financ...

The U.S. government on Tuesday formally pointed fingers at the Russian government for orchestrating the massive  SolarWinds supply chain attack  that came to light early last month. "This work indicates that an Advanced Persistent Threat (APT) actor, likely Russian in origin, is responsible for most or all of the recently discovered, ongoing cyber compromises of both government and non-governmental networks," the Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), the Office of the Director of National Intelligence (ODNI), and the National Security Agency (NSA)  said  in a joint statement. Russia, however,  denied  any involvement in the operation on December 13, stating it "does not conduct offensive operations in the cyber domain." The FBI, CISA, ODNI, and NSA are members of the Cyber Unified Coordination Group (UCG), a newly-formed task force put in place by the White House National Security Council to...

Microsoft has released software fixes to  remediate 59 bugs  spanning its product portfolio, including two zero-day flaws that have been actively exploited by malicious cyber actors. Of the 59 vulnerabilities, five are rated Critical, 55 are rated Important, and one is rated Moderate in severity. The update is in addition to  35 flaws  patched in the Chromium-based Edge browser since last month's Patch Tuesday edition, which also encompasses a fix for  CVE-2023-4863 , a critical heap buffer overflow flaw in the WebP image format. The two Microsoft vulnerabilities that have come under active exploitation in real-world attacks are listed below - CVE-2023-36761  (CVSS score: 6.2) - Microsoft Word Information Disclosure Vulnerability CVE-2023-36802  (CVSS score: 7.8) - Microsoft Streaming Service Proxy Elevation of Privilege Vulnerability "Exploiting this vulnerability could allow the disclosure of  NTLM hashes ," the Windows maker said in an ...