System Admin Stuff

Useful Posts Related to Windows,Unix,VMware,Veritas,Networking,Cluster etc.

Wednesday 3 March 2021

Microsoft updates flaws in Exchange Server utilized by Chinese attackers

All Exchange Server customers should apply the latest security updates.

What you need to know

  • Microsoft released security updates that fix vulnerabilities in Exchange Server software.
  • The vulnerabilities were utilized in an attack by a state-sponsored attacker based in China.
  • Microsoft "strongly [encourages] all Exchange Server customers to apply these updates immediately."

Microsoft recently rolled out security updates to fix four vulnerabilities in Exchange Server software (via Engadget). The vulnerabilities were utilized in cyberattacks orchestrated by a group Microsoft calls Hafnium. As explained by a Microsoft blog post, Hafnium operates out of China and is "a highly skilled and sophisticated actor."

Microsoft refers to Hafnium as a state-sponsored threat actor that operates out of China, but that primarily conducts its operations from leased virtual private services in the United States.

According to Microsoft, the primary targets of Hafnium include infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.

Microsoft outlines the three steps of the recent attacks:

First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what's called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization's network.

Microsoft released security updates that will protect people running Exchange Server. Microsoft says that all Exchange Server customers should apply the updates immediately.

The company also briefed U.S. government agencies on the attacks.

Microsoft concludes the blog post by specifying that these attacks are not connected in any way to the SolarWinds attacks that have been in the headlines.

Microsoft has another post that breaks down the attacks in more technical detail.



0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

ShortNewsWeb

Loading...

Blog Archive

Categories

'The Woks of Life' Reminded Me to Cook With All the Flavors I Love (1) 10 Scary Podcasts to Listen to in the Dark (1) 13 of the Best Spooky Episodes From (Mostly) Un-Spooky Shows (1) 13 Spooky Movies Set on Halloween Night (1) 1Password Now Generates QR Codes to Share Wifi Passwords (1) 2024 (15) 30 Movies and TV Shows That Are Basically 'Competence Porn' (1) 30 of the Most Obscenely Patriotic Movies Ever (1) 31 Spooky Movies to Watch Throughout October (1) 40 Netflix Original Series You Should Watch (1) 55 Box Office Bombs Totally Worth Watching (1) Active Directory (1) Adobe's AI Video Generator Might Be as Good as OpenAI's (1) AIX (1) and I'd Do It Again (1) and Max Bundle Isn't a Terrible Deal (1) Apache (2) Apple Intelligence Is Running Late (1) Apple Intelligence's Instructions Reveal How Apple Is Directing Its New AI (1) August 18 (1) August 4 (1) August 5 (1) Avoid an Allergic Reaction by Testing Your Halloween Makeup Now (1) Backup & Restore (2) best practices (1) bleepingcomputer (56) Blink Security Cameras Are up to 68% Off Ahead of Prime Day (1) CentOS (1) Configure PowerPath on Solaris (1) Documents (2) Don't Fall for This 'New' Google AI Scam (1) Don't Rely on a 'Monte Carlo' Retirement Analysis (1) Eight Cleaning Products TikTok Absolutely Loves (1) Eight of the Best Methods for Studying so You Actually Retain the Information (1) Eight Unexpected Ways a Restaurant Can Mislead You (1) Elevate Your Boring Store-Bought Pretzels With This Simple Seasoning Technique (1) Everything Announced at Apple's iPhone 16 Event (1) file system (6) Find (1) Find a Nearby ‘Gleaning Market’ to Save Money on Groceries (1) Five Red Flags to Look for in Any Restaurant (1) Five Ways You Can Lose Your Social Security Benefits (1) Flappy Bird's Creator Has Nothing to Do With Its 'Remake' (1) Four Reasons to Walk Out of a Job Interview (1) Four Signs Thieves Are Casing Your House (1) gaming (1) Goldfish Crackers Have a New Name (for a Little While) (1) Hackers Now Have Access to 10 Billion Stolen Passwords (1) How I Finally Organized My Closet With a Digital Inventory System (1) How to Cancel Your Amazon Prime Membership After Prime Day Is Over (1) How to Choose the Best Weightlifting Straps for Your Workout (1) How to Enable (and Turn Off) Apple Intelligence on an iPhone (1) How to Keep Squirrels Off Your Bird Feeders (1) How to Set Up Your Bedroom Like a Hotel Room (and Why You Should) (1) How to Take a Screenshot on a Mac (1) How to Take Full Control of Your Notifications on a Chromebook (1) Hulu (1) I Chose the Beats Fit Pro Over the AirPods Pro (1) If You Got a Package You Didn't Order (1) If You Hate Running (1) Important Questions (17) Install and Configure PowerPath (1) interview questions for linux (2) Is ‘Ultra-Processed’ Food Really That Bad for You? (1) Is Amazon Prime Really Worth It? (1) It Might Be a Scam (1) July 14 (1) July 21 (1) July 28 (1) July 7 (1) June 30 (1) LifeHacker (122) Linux (36) Make and Freeze Some Roux Now for Easy Turkey Gravy (1) Meta Releases Largest Open-Source AI Model Yet (1) Monitoring (3) music (688) My Favorite 14TB Hard Drive Is 25% Off Right Now (1) My Favorite Amazon Deal of the Day: Apple AirPods Max (2) My Favorite Amazon Deal of the Day: Apple Pencil Pro (1) My Favorite Amazon Deal of the Day: Google Nest Mesh WiFi Router (1) My Favorite Amazon Deal of the Day: Google Pixel 8 (1) My Favorite Amazon Deal of the Day: PlayStation 5 (1) My Favorite Amazon Deal of the Day: Samsung Odyssey G9 Gaming Monitor (1) My Favorite Amazon Deal of the Day: SHOKZ OpenMove Bone Conduction Headphones (1) My Favorite Tools for Managing Cords and Cables (1) Nagios (2) Newtorking (1) NFS (1) OMG! Ubuntu! (688) Oracle Linux (1) oracleasm (3) osnews (26) Password less communication (1) Patching (2) Poaching Is the Secret to Perfect Corn on the Cob (1) powerpath (1) Prioritize Your To-Do List By Imagining Rocks in a Jar (1) Red Hat Exam (1) register (62) Rsync (1) Safari’s ‘Distraction Control’ Will Help You Banish (Some) Pop Ups (1) Samba (1) Scrcpy (1) September 1 (1) September 15 (1) September 2 (1) September 22 (1) September 23 (1) September 30 (1) September 8 (1) Seven Home 'Upgrades' That Aren’t Worth the Money (1) ssh (1) Swift Shift Is the Window Management Tool Apple Should Have Built (1) System hardening (1) Tailor Your iPhone's Fitness Summary to Your Workouts (1) Target’s ‘Circle Week’ Sale Is Still Going After October Prime Day (1) Target’s Answer to Prime Day Starts July 7 (1) Tech (9541) Tech CENTRAL (20) Technical stories (120) technpina (7) The 30 Best Movies of the 2020s so Far (and Where to Watch Them) (1) The 30 Best Sports Movies You Can Stream Right Now (1) The Best Deals on Robot Vacuums for Amazon’s Early Prime Day Sale (2) The Best Deals on Ryobi Tools During Home Depot's Labor Day Sale (1) The Best Early Prime Day Sales on Power Tools (1) The Best Movies and TV Shows to Watch on Netflix This Month (1) The Best October Prime Day Deals If You Are Experiencing Overwhelming Existential Dread (1) The Best Places to Go When You Don't Want to Be Around Kids (1) The Best Strategies for Lowering Your Credit Card Interest Rate (1) The Best Ways to Store All Your Bags and Purses (1) The Latest watchOS Beta Is Breaking Apple Watches (1) The New Disney+ (1) The Two Best Times of Year to Look for a New Job (1) These Meatball Shots Are My Favorite Football Season Snack (1) These Milwaukee Tools Are up to 69% off Right Now (1) This 2024 Sony Bravia Mini-LED TV Is $400 Off Right Now (1) This Google Nest Pro Is 30% Off for Prime Day (1) This Peanut Butter Latte Isn’t As Weird As It Sounds (1) This Tech Brand Will Get the Biggest Discounts During Prime Day (1) Three Quick Ways to Shorten a Necklace (1) Three Services People Don't Know They Can Get From Their Bank for Free (1) Today’s Wordle Hints (and Answer) for Monday (4) Today’s Wordle Hints (and Answer) for Sunday (11) Try 'Pile Cleaning' When Your Mess Is Overwhelming (1) Try 'Rucking' (1) Ubuntu News (346) Ubuntu! (1) Unix (1) Use This App to Sync Apple Reminders With Your iPhone Calendar (1) Use This Extension to Find All Your X Followers on Bluesky (1) veritas (2) Videos (1) Was ChatGPT Really Starting Conversations With Users? (1) Watch Out for These Red Flags in a Realtor Contract (1) Wayfair Is Having a '72-Hour Closeout' Sale to Compete With Prime Day (1) We Now Know When Google Will Roll Out Android 15 (1) What Is the 'Die With Zero' Movement (and Is It Right for You)? (1) What Not to Do When Training for a Marathon (1) What to Look for (and Avoid) When Selecting a Pumpkin (1) What's New on Prime Video and Freevee in September 2024 (1) Why You Can't Subscribe to Disney+ and Hulu Through Apple Anymore (1) Why Your Home Gym Needs Adjustable Kettlebells (1) Windows (5) You Can Easily Add Words to Your Mac's Dictionary (1) You Can Get 'World War Z' on Sale for $19 Right Now (1) You Can Get a Membership to BJ's for Practically Free Right Now (1) You Can Get Beats Studio Buds+ on Sale for $100 Right Now (1) You Can Get Microsoft Visio 2021 Pro on Sale for $20 Right Now (1) You Can Get This 12-Port USB-C Hub on Sale for $90 Right Now (1) You Can Get This Roomba E5 Robot Vacuum on Sale for $170 Right Now (1) You Can Hire Your Own Personal HR Department (1) You Can Set Different Scrolling Directions for Your Mac’s Mouse and Trackpad (1)

Recent Comments

Popular Posts

Translate

My Blog List

Popular

System Admin Share

Loading...

Total Pageviews

Copyright © System Admin Stuff | Powered by Blogger
Published By Blogger Template | Design By ThemePix.com | Blogger Theme By Premium Blogger Templates