At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.

https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/?utm_campaign=Social%20Engineering&utm_medium=email&_hsmi=114469307&_hsenc=p2ANqtz-_bKqW2UnKiT4v86shQrqETuzit5KlYHbLMg8VA8J9lz-PY0Up0sQlszd40mRPyLGeaBiUzKQIr0ET5L4oSdne2FlBwZgaK6aaIZl-Ne9Kog4tMXVQ&utm_content=114469307&utm_source=hs_email

Global aviation industry IT supplier SITA has confirmed it has fallen victim to a cyberattack, with hackers gaining access to personal information of airline passengers.

The information technology and communications company, which claims to serve around 90% of the world’s airlines, said that a cyberattack on February 24, 2021 led to "data security incident" involving passenger data that was stored on SITA Passenger Service System Inc. servers located at Atlanta, Georgia in the United States.

https://www.zdnet.com/article/airlines-warn-passengers-of-data-breach-after-aviation-tech-supplier-is-hit-by-cyberattack/

Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

When did Microsoft find out about attacks on previously unknown vulnerabilities in Exchange?

Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified “in early January.” So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCOR who goes by the handle “Orange Tsai.” DEVCOR is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.

https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/

HOW CAN I CHECK MY SERVERS AND THEIR VULNERABILITY STATUS? WHAT DO I DO NOW?

Microsoft has urged IT administrators and customers to apply the security fixes immediately. However, just because fixes are applied now, this does not mean that servers have not already been backdoored or otherwise compromised.

Interim mitigation option guides are also available if patching immediately is not possible.

The Redmond giant has also published a script on GitHub available to IT administrators to run that includes indicators of compromise (IOCs) linked to the four vulnerabilities. IoCs are listed separately here.

CISA issued an emergency directive on March 3 that demanded federal agencies immediately analyze any servers running Microsoft Exchange and to apply the firm’s supplied fixes.

https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/?ftag=TRE-03-10aaa6b&bhid=29712484196653961481203774278789&mid=13291744&cid=2363971032

https://www.youtube.com/watch?v=HWudFKqs5OQ&feature=youtu.be

https://www.youtube.com/channel/UC7smF0X4AyNWMpvsk_uNvqA

https://www.youtube.com/watch?v=BsVa_OZ-r9c&t=183s

Por favor compartan con estudiantes, profesores y todas aquellas personas que organizan reuniones en Zoom.

https://www.youtube.com/watch?v=Xct6Xt_09JU&feature=youtu.be