Microsoft Exchange Server has a zero-day issue

have global Tech Policy Ripples This Week As VPN Providers forced to withdraw from India With the country’s new data collection law coming into effect, and United Nations countries prepare for elections The new head of the International Telecommunication Union – a key Internet standards body.

Following an explosion and damage to the Nord Stream gas pipeline running between Russia and Germany, an investigation is underway that the sabotage was intentional and A complex manhunt is underway to identify the perpetrators. and Unidentified hackers are ‘hijacking’ victims A terrifying technique is used to hijack virtualization software to obtain data.

The notorious Lapsus$ hackers are back on their hacking journey, compromising major corporations and A dire but important warning about how easy it is for large institutions to actually be compromised. and End-to-end encrypted communication protocol Matrix patched Serious and worrisome breach this week.

Pornhub launches trial version of automation tool This has prompted users searching for child sexual abuse material to seek help for their actions.and Cloudflare launches free captcha alternative Trying to verify humanity online without worrying about finding a bike in a grid or deciphering obscure text.

We have advice on how to fight Big Tech Advocate for data privacy and user rights in your communityplus hint The latest iOS, Chrome and HP updates you need to install.

there are more. Every week, we highlight stories that we ourselves haven’t covered in depth. Click the title below to read the full story. And stay safe outside.

On Thursday night, Microsoft confirmed that two unpatched Exchange Server vulnerabilities are being actively exploited by cybercriminals. The flaws were discovered by a Vietnamese cybersecurity firm called GTSC, which claimed in a post on its website that the two zero-day exploits have been used against its customers since early August. According to GTSC, while the vulnerabilities only affect on-premises Exchange servers that an attacker has authenticated access to, zero-day exploits can be chained together to create backdoors in vulnerable servers. “It turns out that the vulnerability is so severe that an attacker could perform an RCE [remote code execution] on a compromised system,” researchers say.

in a blog post, Microsoft describes the first vulnerability as a server-side request forgery (SSRF) vulnerability, and the second as “an attack that allows remote code execution on a vulnerable server when an attacker has access to PowerShell.” The post also provides guidance on how on-premises Microsoft Exchange customers should mitigate the attack.

According to Reuters, sloppy development operations and the CIA’s negligence partly enabled Iranian intelligence to identify and capture informants who risked their lives to provide information to the United States. The year-long investigation follows the tale of six Iranian men jailed in an aggressive Iranian counterintelligence operation that began in 2009. The men were partially exposed by what Reuters described as a flawed web-based covert communications system that led to the arrest and execution of dozens of CIA informants in Iran and China. In 2018, Yahoo News reported on the system.

Because the CIA appears to be buying web hosting space in bulk from the same provider, Reuters was able to enumerate hundreds of secret CIA websites designed to facilitate communication between informants around the world and their CIA handlers Communication. These no longer active sites focus on topics such as beauty, fitness and entertainment.According to Reuters, one of the star wars fan page. Two former CIA officials told the news agency that each fake website was assigned to just one spy to limit exposure across the network in case any one agent was caught.

“If we’re careless, if we’re reckless, and we’ve been infiltrated, then we’re going to be ashamed,” James Olsen, the former head of the CIA’s counterintelligence division, told Reuters.

On Wednesday, a former National Security Agency staffer was charged with three counts of espionage law violations for allegedly attempting to sell classified defense information to an unnamed foreign government, According to court documents unsealed this weekIn a press release about the arrest, the U.S. Department of Justice said Jareh Sebastian Dalke of Colorado Springs, Colorado used encrypted email to send excerpts from three classified documents to an undercover FBI agent he believed to be associated with a a foreign government. Dalk allegedly told agents that he was in heavy financial debt and that in exchange for the information he would need to be compensated in cryptocurrency.

The FBI arrested Dalk on Wednesday when he arrived at Union Station in downtown Denver to hand over classified documents to undercover agents. If convicted, he could face life in prison or the death penalty.

On Tuesday, hackers hijacked fast company‘s content management system, sending two obscene push notifications to the publication’s Apple News followers. In response, the publication’s parent company, Mansueto Ventures, closed and, which it also owned. fast company It issued a statement calling the messages “despicable” and “incompatible with the content and spirit of the medium.”An article the hacker apparently posted to fast companyThe website claimed they gained access through passwords shared by multiple accounts, including administrators.

As of yesterday, the company’s website was still offline, redirecting instead to a statement about the hack.

Source link