Tuesday, June 22, 2021

Microsoft Exchange exploited to hack 30,000 US organization emails


What just happened? Four exploits found in Microsoft Exchange Server software have led to some 30,000 U.S. government and commercial organizations – including police departments, hospitals, and nonprofits – having their emails hacked. Microsoft rolled-out a patch to fix four zero-day exploits in Exchange Server a few days ago, but that hasn’t stopped a hacking group from taking advantage of the situation.

According to Microsoft, the vulnerabilities in Exchange Server are being targeted by a previously unknown Chinese hacking group known as “Hafnium.” In the days since Microsoft issued the patch for Exchange, the group is said to have dramatically doubled-up its efforts, targeting unpatched servers around the world and accessing the accounts of some 30,000 U.S. organizations. This is said to include local governments, banks, and credit units, as well as police departments, hospitals, and nonprofits.

Krebs on Security explains, “In each incident, the intruders have left behind a ‘web shell,’ an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.”

Although the attacks have exploded in recent days, the group has reportedly been taking advantage of the vulnerabilities since early January. In fact, the first attacks were quietly targeting users on January 6, 2021 – a day when all eyes were focused on the U.S. Capitol.

Microsoft explains that self-hosted servers running Exchange Server 2013, 2016, or 2019 are at risk and should download its security patch as a matter of urgency. If your organization uses Exchange Online, it won’t be affected.





Source link

MORE Articles

Clubhouse is building a DM text chat feature – TechCrunch

Some Clubhouse users were treated to a surprise feature in their favorite app, but it wasn’t long for this world. A new UI...

HPE says it has acquired Determined AI, which is developing an open source platform for building machine learning models; terms of the deal were...

Kyle Wiggers / VentureBeat: HPE says it has acquired Determined AI, which is developing an open source platform for building machine learning models;...

టీఆర్ఎస్‌లోకి రేవంత్ రెడ్డి ముఖ్య అనుచరుడు… హుజురాబాద్ ఉపఎన్నికవేళ మారుతున్న రాజకీయం…

హుజురాబాద్‌లో గెలుపు టీఆర్ఎస్‌దే -హరీశ్ రావు మంత్రి హరీశ్ రావు మాట్లాడుతూ... హుజురాబాద్‌ నియోజకవర్గ ప్రజలు సీఎం కేసీఆర్‌ వెంటే ఉన్నారని అన్నారు. 2001 నుంచి హుజురాబాద్‌...

हाई ब्लड प्रेशर को कंट्रोल में रखेंगी ये चीजें, हार्ट अटैक का खतरा भी होगा कम, डॉक्टर ने बताया सेवन करने का सही तरीका

नई दिल्ली: हार्ट अटैक एक ऐसी स्थिति है, जिसमें जान बचाना बेहद मुश्किल हो जाता है. इसकी सबसे बड़ी वजह अनियंत्रित हाई ब्लड...

Stay Connected

98,675FansLike
224,586FollowersFollow
56,656SubscribersSubscribe