Microsoft Exchange Server has Zero-Day issue

There were a lot of people ripples in tech politics this week as VPN providers were forced out of India as the country’s new data collection law takes hold and UN nations prepare to elect a new head of the International Telecommunication Union, a key Internet standards body.

After explosions and damage to the Nord Stream gas pipeline that connects Russia to Germany, the destruction is being investigated as deliberate and a complicated hunt is underway to identify the perpetrator. And as yet unidentified hackers are being “hyperjacked” to recover data using a long-dreaded technique to hijack virtualization software.

The notorious Lapsus$ hackers have resumed their hacking spree, compromising huge corporations around the world and issuing a dire but important warning about the real vulnerability of large institutions to compromise. And the Matrix end-to-end encrypted communications protocol patched some serious and concerning vulnerabilities this week.

Pornhub has launched a trial of an automated tool that nudges users looking for child sexual abuse material to seek help for their behavior. And Cloudflare has rolled out a free Captcha alternative in an attempt to validate humanity online without the headache of finding bikes in a grid or deciphering blurry text.

We’ve got tips on how to stand up to Big Tech and defend data privacy and user rights in your community, as well as advice on the latest iOS, Chrome, and HP updates you need to install.

And there’s more. Each week, we highlight news that we haven’t covered in depth ourselves. Click on the titles below to read the full stories. And stay safe there.

On Thursday night, Microsoft confirmed that two unpatched Exchange Server vulnerabilities are being actively exploited by cybercriminals. The vulnerabilities were discovered by a Vietnamese cybersecurity firm named GTSC, which claims in a post on its website that the two zero days have been used in attacks against its customers since early August. Although the flaws only affect on-premises Exchange servers to which an attacker has authenticated access, according to GTSC, zero-days can be chained together to create backdoors into the vulnerable server. “The vulnerability is found to be so critical that it allows the attacker to do RCE [remote code execution] on the compromised system,” the researchers said.

In a blog post, Microsoft described the first flaw as a server-side request forgery (SSRF) vulnerability, and the second as “an attack that allows remote code execution on a vulnerable server when PowerShell is accessible to attacker”. The message also provides guidance on how on-premises Microsoft Exchange customers should mitigate the attack.

Botched developments and CIA negligence partially enabled Iranian intelligence services to identify and capture informants who risked their lives to provide information to the United States, according to Reuters. The year-long investigation follows the story of six Iranian men who were imprisoned as part of an aggressive counterintelligence operation by Iran that began in 2009. The men were partially unmasked by what Reuters describes as a flawed web-based secret communications system that led to the arrest and execution of dozens of CIA informants in Iran and China. In 2018, Yahoo News reported on the system.

Because the CIA appeared to have purchased web hosting space in bulk from the same provider, Reuters was able to list hundreds of secret CIA websites intended to facilitate communications between informants around the world and their CIA handlers. . The sites, which are no longer active, were devoted to topics such as beauty, fitness and entertainment. Among them, according to Reuters, was a star wars fanpage. Two former CIA officials told the news agency that each fake website was assigned to a single spy to limit the exposure of the entire network in case a single operative was captured.

Former CIA counterintelligence chief James Olson told Reuters: “If we are negligent, if we are reckless and have been penetrated, then shame on us.”

On Wednesday, a former National Security Agency staffer was charged with three violations of the Espionage Act for allegedly attempting to sell classified national defense information to an unnamed foreign government, according to unnamed court documents. sealed this week. In a news release about the arrest, the US Department of Justice said Jareh Sebastian Dalke, of Colorado Springs, Colorado, used an encrypted email to send excerpts of three classified documents to an undercover FBI agent. , which he believed to be working with a foreign government. Dalke allegedly told the agent that he was heavily in debt and in exchange for the information, he needed compensation in cryptocurrency.

The FBI arrested Dalke on Wednesday when he arrived at Union Station in downtown Denver to deliver classified documents to the undercover agent. If found guilty, he faces life in prison or the death penalty.

On Tuesday, hackers hacked fast businessfrom the content management system, sending two obscene push notifications to the publication’s Apple News subscribers. In response, the publication’s parent company, Mansueto Ventures, shut down and, which it also owns. fast business released a statement calling the posts “vile” and “not in line with the content and ethos” of the outlet. An article that the hacker apparently posted on fast businessThe website claimed to have gained access via a password shared by many accounts, including an administrator.

The company’s websites were still offline yesterday, instead redirecting to a statement about the hack.

Comments are closed.