Security News

Microsoft is recommending that Exchange server users scan certain objects for viruses and other threats that until now had been excluded. Microsoft late last month urged Exchange server users to make sure their systems are up-to-date with the latest Cumulative and Security updates and hardened against cyberattacks.

Microsoft says admins should remove some previously recommended antivirus exclusions for Exchange servers to boost the servers' security. "Keeping these exclusions may prevent detections of IIS webshells and backdoor modules, which represent the most common security issues," the Exchange Team said.

A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021.

Microsoft has reminded admins that Exchange Server 2013 is reaching its extended end-of-support date in 60 days, on April 11, 2023. The first version of Exchange Server 2013 was released in January 2013, and it reached its mainstream end date four years ago, in April 2018.

The man accused of bringing down decentralized crypto exchange Mango Markets through market manipulation has made his first appearance in court in connection with the theft of millions in cryptocurrency. Avraham Eisenberg was arrested in late December in Puerto Rico in relation to charges [PDF] filed by the US Securities and Exchange Commission, which allege he made off with more than $110 million in crypto "By artificially manipulating the price of certain perpetual futures contracts."

Microsoft is urging customers to keep their Exchange servers updated as well as take steps to bolster the environment, such as enabling Windows Extended Protection and configuring certificate-based signing of PowerShell serialization payloads."Attackers looking to exploit unpatched Exchange servers are not going to go away," the tech giant's Exchange Team said in a post.

Microsoft is urging organizations to protect their Exchange servers from cyberattacks by keeping them updated and hardened, since online criminals are still going after valuable data in the email system. Enterprises need to make sure to install the latest Cumulative Updates and Security Updates on the Exchange servers - and occasionally on Exchange Management Tools workstations - and to run manual tasks like enabling Extended Protection and certificate signing of PowerShell serialization payloads, according to the vendor's Exchange Team.

Microsoft urged customers today to keep their on-premises Exchange servers patched by applying the latest supported Cumulative Update to have them always ready to deploy an emergency security update. "To defend your Exchange servers against attacks that exploit known vulnerabilities, you must install the latest supported CU and the latest SU," The Exchange Team said.

Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues."We're investigating issues impacting multiple Microsoft 365 services. We've identified a potential networking issue and are reviewing telemetry to determine the next troubleshooting steps," the Microsoft 365 team said in a Twitter thread. "We've isolated the problem to networking configuration issues, and we're analyzing the best mitigation strategy to address these without causing additional impact."

There has been quite a bit of ransomware news this week, with crypto exchanges being seized for alleged money laundering and researchers providing fascinating reports on the behavior of ransomware operators. For those who want to learn more about the rise of the most prominent ransomware operation at this time, you should definitely give DiMaggio's Unlocking LockBit - a Ransomware Story a read. The US and France also conducted a law enforcement operation where they seized the domain and arrested the operator of the Bizlato crypto exchange for allegedly money laundering crypto proceeds generated from ransomware and illegal drug transaction.