Connect with us

News

Exploits In Microsoft Exchange Used To Breach Over 30,000 Organizations

Published

on

exploit in microsoft exchange used to breach over 30000 organizations

Over 30,000 entities, including local governments, small businesses, defense contractors, and education institutions, have been breached because of unpatched exploits in Microsoft Exchange, reported journalist and investigative reporter Brian Krebs on his blog, KrebsOnSecurity.

“In each incident, the intruders have left behind a ‘web shell,’ an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers,” Krebs wrote.

According to Microsoft, the attack was orchestrated by notorious Chinese hacking group Hafnium, and they started on January 6th, the day when rioters stormed the United States Capitol in a violent attack against the 117th United States Congress.

Microsoft released emergency security updates to patch the vulnerabilities on March 2nd, which means that the attackers had nearly two months to infiltrate vulnerable systems. The tech giant has been working closely with the U.S. Cybersecurity & Infrastructure Security Agency (CISA), as well as other public and private organizations, to secure all unpatched servers running Exchange Server 2013, 2016, or 2019 (Exchange Online hasn’t been affected).

“The best protection is to apply updates as soon as possible across all impacted systems,” said Microsoft spokesperson in a written statement. “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”

Also Read: Dubai Police Use Futuristic Technology To Read Murder Suspect’s Mind

While most known victims of the attacks were located in the United States, breaches related to the Microsoft Exchange vulnerabilities were also detected on the other side of the Atlantic. For example, the Prague municipality and the Czech Ministry for Labor and Social Affairs were forced to shut down some of their systems and install emergency patches. No data was stolen during the attack, said Czech government officials.

Attacks like this one highlight the importance of timely patching and modern intrusion detection tools, which are able to detect unusual activity while it’s still time to act.

Advertisement

📢 Get Exclusive Monthly Articles, Updates & Tech Tips Right In Your Inbox!

JOIN 16K+ SUBSCRIBERS

News

Are You Ready For This Year’s GITEX Shopper Event?

We’re excited to be media partners of this year’s GITEX Shopper event, an extravaganza bringing together all the big names and retailers in electronics.

Published

on

are you ready for this year's gitex shopper event

GITEX Shopper, the giant 5-day electronics extravaganza, is getting ready to open its doors to the public between December 14 and 18 at the Dubai World Trade Center.

The expo brings together all of the top electronic brands and retailers and features huge discounts on all the best tech, plus prize draws, new product launches, interactive displays and much more.

Visitors to GITEX Shopper will be able to grab all of the latest products at the best prices, from gaming consoles and speakers to drones, TV sets, and even e-scooters. This 5-day shopping extravaganza offers exclusive discounts on selected items that can’t be found elsewhere, and there are plenty of shows and demonstrations at the expo to keep the whole family entertained.

To join over 100,000 people at this year’s GITEX Shopper and grab some of 2022’s biggest bargains, head over to the official website to register your interest.

Continue Reading

#Trending