20
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Multiple nation-state hackers have begun exploiting a vulnerability in Microsoft Exchange email servers that was recently patched.The UK-based cybersecurity firm Volexity first spotted the vulnerability being exploited in the wild but the firm did not name any of the hacking groups involved.The vulnerability, tracked under the identifier CVE-2020-0688, was patched by Microsoft last month.
If exploited though, the remote code execution vulnerability could be used to read all of an organization's emails as it gives attackers full control of a Microsoft Exchange email server.While Microsoft has already patched the vulnerability, a technical report from the Zero-Day Initiative, who first reported the bug to the company, provided extensive details on the bug and how it works.
This report served as a roadmap for security researchers who used the information it contained to create proof-of-concept exploits to prepare their own servers for possible attacks.Following the release of Zero-Day Initiative's report, hacker groups began to scan the internet for vulnerable Exchange servers which they could launch attacks against in the future.In a new blog post, Volexity revealed that cybercriminals' scans for vulnerable Exchange servers have turned into actual attacks, saying:Volexity has observed multiple APT actors exploiting or attempting to exploit on-premise Exchange servers.
In some cases the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use.
Many organizations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password.
This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account.Thankfully though, the vulnerability in Exchange is not easy to exploit and to do so, hackers need to have the credentials for an email account on the server they're trying to attack.
This means that less advanced hackers will be unable to do so while nation-state hackers have the resources to exploit the vulnerability.All Microsoft Exchange servers are considered vulnerable to these attacks including versions that have reached their end-of-life (EoL).
Organizations should apply the latest patch as soon as possible and if they're running an EoL version, they should consider updating to a newer Exchange version.Via ZDNet
