When news hit earlier this week that Chinese hackers were actively targeting Microsoft Exchange servers, the cybersecurity community warned that the zero-day vulnerabilities they were exploiting might have allowed them to hit countless organizations around the world. Now it's becoming clear just many email servers they hacked.
Microsoft continues to work with partners and customers to expand our knowledge of the threat actor behind the nation-state cyberattacks that compromised the supply chain of SolarWinds and impacted multiple other organizations. As we have shared previously, we have observed the threat actor using both backdoor and other malware implants to establish sustained access to affected networks.
In my 20+ years writing about hackers and tracking advanced threats, I've never seen this volume of in-the-wild zero-day exploitation happening at the same time. Last week alone, we saw five 0-days exploited in the wild, including a mysterious Chrome attack and Chinese cyberspies hitting tens-of-thousands of companies globally via Microsoft Exchange server vulnerabilities.
Over the past few weeks, three of the longest running and most venerated Russian-language online forums serving thousands of experienced cybercriminals have been hacked. In two of the intrusions, the attackers made off with the forums' user databases, including email and Internet addresses and hashed passwords.
CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products. Neither the vulnerabilities nor the identified exploit activity is currently known to affect Microsoft 365 or Azure Cloud deployments. Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.
Who has had the biggest impact on my professional career? Well, it has to be Dr. Jessica Barker ( | ). She has not only mentored and supported me in my early career, but I'm also now lucky enough to call her my boss and also a dear friend.
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with...
More than 20,000 American organizations have been compromised through a back door installed via a recently patched flaw in Microsoft Corp's flagship email software program, a person familiar with the U.S. government's response to the hacking spree said on Friday.
The National Security Agency and Cybersecurity and Infrastructure Security Agency (CISA) released a cybersecurity information sheet, " Selecting a Protective DNS Service " on Thursday. This publication details the benefits of using a Protective Domain Name System (PDNS), which criteria to consider when selecting a PDNS provider, and how to effectively implement PDNS.