Security News
Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads."Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team said in a post.
Microsoft is urging organizations to protect their Exchange servers from cyberattacks by keeping them updated and hardened, since online criminals are still going after valuable data in the email system. Enterprises need to make sure to install the latest Cumulative Updates and Security Updates on the Exchange servers - and occasionally on Exchange Management Tools workstations - and to run manual tasks like enabling Extended Protection and certificate signing of PowerShell serialization payloads, according to the vendor's Exchange Team.
Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update to have them always ready to deploy an emergency security update. "To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU and the latest SU," The Exchange Team said.
Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues."We're investigating issues impacting multiple Microsoft 365 services. We've identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps," the Microsoft 365 team said in a Twitter thread. "We've isolated the problem to networking configuration issues, and we're analyzing the best mitigation strategy to address these without causing additional impact."
There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators. For those who want to learn more about the rise of the most prominent ransomware operation at this time, you should definitely give DiMaggio's Unlocking LockBit - a Ransomware Story a read. The US and France also conducted a law enforcement operation where they seized the domain and arrested the operator of the Bizlato crypto exchange for allegedly money laundering crypto proceeds generated from ransomware and illegal drug transaction.
The U.S. Department of Justice on Wednesday announced the arrest of Anatoly Legkodymov, the cofounder of Hong Kong-registered cryptocurrency exchange Bitzlato for allegedly processing $700 million in illicit funds. According to court documents, Bitzlato is said to have advertised itself as a virtual currency exchange with minimal identification requirements for its users, breaking the rules requiring the vetting of customers.
The U.S. Department of Justice arrested and charged Russian national Anatoly Legkodymov, the founder of the Hong Kong-registered cryptocurrency exchange Bitzlato, with helping cybercriminals allegedly launder illegally obtained money. Because of "Deficient know-your-customer procedures, Bitzlato allegedly became a haven for criminal proceeds and funds intended for use in criminal activity," the DOJ said.
Two cryptocurrency exchanges have frozen accounts identified as having been used by North Korea's notorious Lazarus Group. Lazarus Group is identified suspected of being a cybercrime crew run by the government of North Korea and is infamous for the WannaCry ransomware, attacking Sony Pictures and stealing secrets from energy companies.
Microsoft warned customers today that Exchange Server 2013 will reach its extended end-of-support date 90 days from now, on April 11, 2023. Exchange Server 2013 was released in January 2013 and has already reached the mainstream end date more than four years ago, in April 2018.
The US Securities and Exchange Commission has sued international law firm Covington & Burling for details about 298 of the biz's clients whose information was accessed by a Chinese state-sponsored hacking group in November 2020. In March 2022, the SEC issued a subpoena asking Covington to hand over information about the security breach including, among other things, all of the affected clients' names, and the amount of information that was accessed or stolen, and communications between the law firm and the clients about the exfiltration.