Login

Register

Login

Register


Multiple likely state-backed APT groups have been detected exploiting a recently patched Microsoft flaw to target Exchange servers.

The vulnerability in question, CVE-2020-0688, was discovered by an anonymous security researcher and reported to Microsoft via Trend Micro’s Zero Day Initiative (ZDI). It was fixed in the February Patch Tuesday update round, but discovered by Volexity around two weeks later being exploited in the wild.

The flaw is found in the Exchange Control Panel (ECP) component and results from “Exchange Server failing to properly create unique cryptographic keys at the time of installation,” according to the ZDI.

It works on unpatched systems but only if the ECP interface is accessible to the attacker and if they have a working credential to access the ECP.

“In some cases the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use. Many organizations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password,” explained Volexity.

“This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account. This issue further underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA.”

So far, the firm has observed attackers exploiting the bug to run systems commands to conduct reconnaissance, deploy a webshell backdoor accessible via OWA, and execute in-memory post-exploitation frameworks.

They have also been trying to brute force their way to exploitation via Exchange Web Services (EWS).

While the need for a compromised credential will put off many low-level black hats, more motivated hackers will certainly present a threat to organizations that have not yet patched, Volexity concluded.

____________________________________________________________________________________________________________________

#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
____________________________________________________________________________________________________________________

Source link

Leave a Reply

Shqip Shqip አማርኛ አማርኛ العربية العربية English English Français Français Deutsch Deutsch Português Português Русский Русский Español Español

National Cyber Security Consulting App

 https://apps.apple.com/us/app/id1521390354

https://play.google.com/store/apps/details?id=nationalcybersecuritycom.wpapp


NATIONAL CYBER SECURITY RADIO
HACKER FOR HIRE MURDERS
 

ALEXA “OPEN NATIONAL CYBER SECURITY RADIO”

National Cyber Security Radio (Podcast) is now available for Alexa.  If you don't have an Alexa device, you can download the Alexa App for free for Google and Apple devices.   

nationalcybersecurity.com

FREE
VIEW