Category Archives: AllPosts

A Basic Timeline of the Exchange Mass-Hack

Posted on by
Reply

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

When did Microsoft find out about attacks on previously unknown vulnerabilities in Exchange?

Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified “in early January.” So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCOR who goes by the handle “Orange Tsai.” DEVCOR is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.

https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/

Everything you need to know about the Microsoft Exchange Server hack

Posted on by
Reply

HOW CAN I CHECK MY SERVERS AND THEIR VULNERABILITY STATUS? WHAT DO I DO NOW?

Microsoft has urged IT administrators and customers to apply the security fixes immediately. However, just because fixes are applied now, this does not mean that servers have not already been backdoored or otherwise compromised.

Interim mitigation option guides are also available if patching immediately is not possible.

The Redmond giant has also published a script on GitHub available to IT administrators to run that includes indicators of compromise (IOCs) linked to the four vulnerabilities. IoCs are listed separately here.

CISA issued an emergency directive on March 3 that demanded federal agencies immediately analyze any servers running Microsoft Exchange and to apply the firm’s supplied fixes.

https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/?ftag=TRE-03-10aaa6b&bhid=29712484196653961481203774278789&mid=13291744&cid=2363971032

Researchers Find Vulnerabilities in Microsoft Azure Cloud Service

Posted on by
Reply

As businesses are increasingly migrating to the cloud, securing the infrastructure has never been more important.

Now according to the latest research, two security flaws in Microsoft’s Azure App Services could have enabled a bad actor to carry out server-side request forgery (SSRF) attacks or execute arbitrary code and take over the administration server.

"This enables an attacker to quietly take over the App Service’s git server, or implant malicious phishing pages accessible through Azure Portal to target system administrators," cybersecurity firm Intezer said in a report published today and shared with The Hacker News.

Discovered by Paul Litvak of Intezer Labs, the flaws were reported to Microsoft in June, after which the company subsequently addressed them.

https://thehackernews.com/2020/10/microsoft-azure-vulnerability.html

55 New Security Flaws Reported in Apple Software and Services

Posted on by
Reply

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity.

The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacker to "fully compromise both customer and employee applications, launch a worm capable of automatically taking over a victim’s iCloud account, retrieve source code for internal Apple projects, fully compromise an industrial control warehouse software used by Apple, and take over the sessions of Apple employees with the capability of accessing management tools and sensitive resources."

The flaws meant a bad actor could easily hijack a user’s iCloud account and steal all the photos, calendar information, videos, and documents, in addition to forwarding the same exploit to all of their contacts.

The findings were reported by Sam Curry along with Brett Buerhaus, Ben Sadeghipour, Samuel Erb, and Tanner Barnes over a three month period between July and September.

https://thehackernews.com/2020/10/apple-security.html