CISA orders agencies to patch Exchange bug abused by ransomware gang
"The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.
The first is a Microsoft Exchange elevation of privileges bug tracked as CVE-2022-41080 that can be chained with the CVE-2022-41082 ProxyNotShell bug to gain remote code execution.
✓ Texas-based cloud computing provider Rackspace confirmed one week ago that the Play ransomware gang exploited it as a zero-day to bypass Microsoft's ProxyNotShell URL rewrite mitigations and escalate permissions on compromised Exchange servers.
The exploit used in the attack, dubbed OWASSRF by CrowdStrike security researchers who spotted it, was also shared online with some of Play ransomware's other malicious tools.
This will likely make it easier for other cybercriminals to create their own custom exploits or adapt Play ransomware's tool for their own purposes, adding to the urgency of updating the vulnerability as soon as possible.
Organizations with on-premises Microsoft Exchange servers are advised to deploy the latest Exchange security updates immediately (with November 2022 being the minimum patch level) or disable Outlook Web Access (OWA) until they can apply CVE-2022-41080 patches.
✓✓ The second vulnerability CISA added to its Known Exploited Vulnerabilities (KEV) catalog is a privilege escalation zero-day (CVE-2023-21674) in the Windows Advanced Local Procedure Call (ALPC), tagged as being exploited in attacks and patched by Microsoft during this month's Patch Tuesday.
Federal agencies have to patch until the end of January
A BOD 22-01 binding operational directive issued by CISA in November 2021 requires all Federal Civilian Executive Branch Agencies (FCEB) agencies to secure their networks against bugs added to the KEV catalog.
Today, CISA gave FCEB agencies three weeks, until January 31st, to address the two security flaws and block potential attacks targeting their systems.
While this directive only applies to U.S. federal agencies, CISA also strongly urged all organizations to fix these vulnerabilities to thwart exploitation attempts.
"These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise," CISA warned today.
Since the BOD 22-01 directive was issued, CISA added more than 800 security flaws to its list of bugs exploited in the wild, requiring federal agencies to address them on a tighter schedule to prevent potential security breaches."
CISA orders agencies to patch Exchange bug abused by ransomware gang
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.
- January 10, 2023
- 06:22 PM
- 0
Royal Mail halts international services after cyberattack
The Royal Mail, UK's leading mail delivery service, has stopped its international shipping services due to "severe service disruption" caused by what it described as a "cyber incident."
- January 11, 2023
- 12:13 PM
- 0
Scattered Spider hackers use old Intel driver to bypass security
A financially motivated threat actor tracked as Scattered Spider was observed attempting to deploy Intel Ethernet diagnostics drivers in a BYOVD (Bring Your Own Vulnerable Driver) attack to evade detection from EDR (Endpoint Detection and Response) security products.
- January 11, 2023
- 04:55 PM
- 5
Twitter claims leaked data of 200M users not stolen from its systems
Twitter finally addressed reports that a dataset of email addresses linked to hundreds of millions of Twitter users was leaked and put up for sale online, saying that it found no evidence the data was obtained by exploiting a vulnerability in its systems.
- January 11, 2023
- 03:18 PM
- 0
Get 400 hours of cybersecurity training for just $79 in this deal
There are over 400 hours of training in this cybersecurity course and you can get access to it all for $79, a savings of hundreds off the total MSRP.
- January 11, 2023
- 02:11 PM
- 0
Threema claims encryption flaws never had a real-world impact
A team of researchers from ETH Zurich has published a paper describing multiple security flaws in Threema, a secure end-to-end encrypted communications app.
- January 11, 2023
- 02:04 PM
- 0
Cisco warns of auth bypass bug with public exploit in EoL routers
Cisco warned customers today of a critical authentication bypass vulnerability with public exploit code affecting multiple end-of-life (EoL) VPN routers.
- January 11, 2023
- 01:50 PM
- 0
Gootkit malware abuses VLC to infect healthcare orgs with Cobalt Strike
The Gootkit loader malware operators are running a new SEO poisoning campaign that abuses VLC Media Player to infect Australian healthcare entities with Cobalt Strike beacons.
- January 11, 2023
- 12:24 PM
- 1
New Dark Pink APT group targets govt and military with custom malware
Attacks targeting government agencies and military bodies in multiple countries in the APAC region have been attributed to what appears to be a new advanced threat actor that leverages custom malware to steal confidential information.
- January 11, 2023
- 02:00 AM
- 0
CISA orders agencies to patch Exchange bug abused by ransomware gang
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more security vulnerabilities to its catalog of exploited bugs today.
- January 10, 2023
- 06:22 PM
- 0
Over 1,300 fake AnyDesk sites push Vidar info-stealing malware
A massive campaign using over 1,300 domains to impersonate the official AnyDesk site is underway, all redirecting to a Dropbox folder recently pushing the Vidar information-stealing malware.
- January 10, 2023
- 06:05 PM
- 2
Lorenz ransomware gang plants backdoors to use months later
Security researchers are warning that patching critical vulnerabilities allowing access to the network is insufficient to defend against ransomware attacks.
- January 10, 2023
- 04:30 PM
- 0
Microsoft fixes ODBC connections broken by November updates
Microsoft has fixed a known issue affecting Windows apps using ODBC database connections after installing the November 2022 Patch Tuesday updates.
- January 10, 2023
- 03:36 PM
- 0
Trojan Puzzle attack trains AI assistants into suggesting malicious code
Researchers at the universities of California, Virginia, and Microsoft have devised a new poisoning attack that could trick AI-based coding assistants into suggesting dangerous code.
- January 10, 2023
- 03:20 PM
- 0
Windows 11 KB5022303 and KB5022287 cumulative updates released
Microsoft has released the Windows 11 KB5022303 and KB5022287 cumulative updates for versions 22H2 and 21H2 to fix security vulnerabilities and resolve bugs and performance issues.
- January 10, 2023
- 02:38 PM
- 0
Windows 10 KB5022282 and KB5022286 updates released
Microsoft has published the Windows 10 KB5022282 and KB5022286 cumulative updates for versions 22H2, version 21H2, version 21H1, and 1809 to fix security vulnerabilities and resolve known bugs.
- January 10, 2023
- 02:26 PM
- 1
Microsoft fixes issue causing 0xc000021a blue screen crashes
Microsoft has addressed a known issue causing Blue Screen of Death (BSOD) crashes with 0xc000021a errors after installing the Windows 10 KB5021233 cumulative update released during the December Patch Tuesday.
- January 10, 2023
- 02:18 PM
- 2
Prepare for cybersecurity certifications with this course bundle deal
If you want to enter the cybersecurity profession, then it might be time to start studying. Get the Ultimate Advanced CyberSecurity Professional Certification Bundle while it's on sale for $69.
- January 10, 2023
- 02:08 PM
- 0
Microsoft January 2023 Patch Tuesday fixes 98 flaws, 1 zero-day
Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.
- January 10, 2023
- 01:39 PM
- 6
READ MORE
No comments:
Post a Comment