Security News

A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. "We're investigating a potential issue with Exchange Online mailflow in North America," Microsoft shared on the company's Microsoft 365 Status Twitter account.

The recent Microsoft Exchange Server vulnerabilities might have initially been exploited by a government-backed APT group, but cybercriminals soon followed suit, using them to deliver ransomware and grow their botnet. One perpetrator of the latter activities is Prometei, a cross-platform, modular Monero-mining botnet that seems to have flown under the radar for years.

The US government's response groups for dealing with recent SolarWinds and Microsoft Exchange vulnerabilities have reached the end of the road. In a statement on Monday, US Deputy National Security Advisor for Cyber and Emerging Technology Anne Neuberger said the two Unified Coordination Groups formed in January and March respectively will be disbanded. The SolarWinds incident, disclosed last December and subsequently attributed to the Russian Foreign Intelligence Service, involved the hacking of SolarWinds' Orion IT management platform and is believed to have compromised at least nine federal agencies and about 100 private sector organizations.

Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses can identify and clear ProxyLogon Microsoft Exchange infections. The Small-to-Medium Business Microsoft Exchange Checklist Is This Checklist for Me? The four vulnerabilities described in Microsoft's communications to date do not appear to affect Exchange Online or Office 365 services.

U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States. "The effort by the FBI, as described in the Justice Department press release, amounts to the FBI gaining access to private servers. Just that should be a full stop that the action is not ok. While I understand the good intention - the FBI wants to remove the backdoor - this sets a dangerous precedent where law enforcement is given broad permission to access private servers."

Amongst the 100+ vulnerabilities patch in this month’s Patch Tuesday, there are four in Microsoft Exchange that were disclosed by the NSA.

In its April slate of patches, Microsoft rolled out fixes for a total of 114 security flaws, including an actively exploited zero-day and four remote code execution bugs in Exchange Server. Cybersecurity firm Kaspersky, which discovered and reported the flaw to Microsoft in February, linked the zero-day exploit to a threat actor named Bitter APT, which was found exploiting a similar flaw in attacks late last year.

Federal authorities in the U.S. have swooped in to eliminate malicious backdoor code planted by attackers on vulnerable Microsoft Exchange servers across the country. This latest effort eliminated the remaining web shells of one specific hacking group, which would have given it persistent access to Exchange servers in the U.S. had they remained.

Microsoft had its hands full Tuesday snuffing out five zero-day vulnerabilities, a flaw under active attack and applying more patches to its problem-plagued Microsoft Exchange Server software. Of note, the U.S. National Security Agency released information on four critical Exchange Server vulnerabilities impacting versions released between 2013 and 2019.

Authorities have executed a court-authorized operation to copy and remove malicious web shells from hundreds of vulnerable on-premises versions of Microsoft Exchange Server software in the United States. Through January and February 2021, certain hacking groups exploited zero-day vulnerabilities in Microsoft Exchange Server software to access email accounts and place web shells for continued access.