Exchange Server Vulnerability, Former Employee Blackmails Company, and More!
Microsoft Zero-Days in Exchange Server
by Artie Kaye
Two vulnerabilities have been reported to Microsoft. The company is working on a solution to fix the flaws. The affected products are Exchange Server 2013, 2016, and 2019. Though these exploits have had low activity in the wild thus far, that will change until a patch is released. Protect yourself and look at the mitigation suggestions from Microsoft linked below.
The flaws are listed as CVE-2022-41040 and CVE-2022-41082.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Former Employee Sabotages Company’s Online Presence
by Artie Kaye
The former employee logged into the company’s website using the company’s credentials. From there he rerouted website traffic and email to other locations. He then locked out any other users from being able to get in and fix what he had done. His stated goal was to negotiate being hired back at higher salary.
This highlights two important things for security. First, make sure former employees no longer have access to your systems. Revoke their security privileges. This can prevent potential security breaches.
The second is password safety. The employee logged in with the company’s account, meaning he had access to the administrator login and password. While he may have needed access to the website and email servers as part of IT, he should not have had the company’s login. Admin passwords should not be shared. If employees need to have access, a secondary account should be made specifically for them.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Fake Government Job Phishing
by Artie Kaye
Emails are being sent out with information for a government job within the US or New Zealand. The documents attached make use of an old flaw in MS Office. (The flaw was patched in 2017, some machines may not be patched.) Opening the document triggers a download from the online repository Bitbucket, and infects the computer with Cobalt Strike, or other malware. Do not download unknown attachments and do not open them. Always scan documents before opening them even from a trusted source.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Hackers Using LinkedIn To Distribute Malware
by Artie Kaye
Microsoft has tracked a North Korean hacker group which has been making fake LinkedIn accounts to propagate infected versions of legit software. The software distributed includes but is not limited to PuTTY, KiTTY, TightVNC, Sumatra PDF Reader and muPDF/Subliminal Recording. These are valid open source programs the hackers have tainted for distribution. If you need to install any of the programs, get them from a trusted source, not as an attachment in a message or a link from someone else.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)
Cisco Patch
by Artie Kaye
Cisco has released multiple fixes for their products this week. This is a semi-annual process for the company. If you are using Cisco products now is a good time to patch.
Third-Party references:
Click the links below to learn more details. (Opens in a new tab/window.)