Friday, September 25, 2020
Home Lead Story Hackers Attack Microsoft Exchange Email Servers

Hackers Attack Microsoft Exchange Email Servers

Hackers exploiting bug in Microsoft email servers

Several state-sponsored hacking groups are exploiting a vulnerability in Microsoft Exchange email servers that the tech giant patched in February, a cyber security firm has revealed. This is a breaking news.

London-based Volexity saw this vulnerability — CVE-2020-0688 — exploited in the wild by advanced persistent threat (APT) actors.

The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative.

“Two weeks after the security updates were released, the Zero Day Initiative published a blog post providing more details on the vulnerability. The post made it clear that an attacker could exploit a vulnerable Exchange server if the three criteria are not met,” said the Volexity Threat Research team.

“The Exchange Server had not been patched since February 11, 2020; The Exchange Control Panel (ECP) interface was accessible to the attacker and the attacker has a working credential that allows them to access the Exchange Control Panel in order to collect the ViewState Key,” the security researchers noted.

microsoft hackers
The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative. Pixabay

Volexity has observed multiple APT actors exploiting or attempting to exploit on-premise Exchange servers. In some cases, the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use.

Many organisations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password.

“This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account,” said security researchers.

Also Read- Actress Bhumi Pednekar: I Hope to Continue Doing Good Work

This issue further underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA.

Microsoft was yet to react to the Volexity report. (IANS)

STAY CONNECTED

19,140FansLike
362FollowersFollow
1,775FollowersFollow

Most Popular

Covid Patients More Likely to Face Kidney Damage Risk: Study

Researchers have found that many hospitalised patients with Covid-19 may face an increased risk for kidney damage or acute kidney injury (AKI), a dreaded...

Amazon Echo Show 10 to Make Video Calling More Enjoyable

Amazon on Thursday introduced Echo Show 10 that will make video calling more enjoyable as the screen moves as you move, and the camera...

The Emerging OTT Stars

Just a few weeks, ago that filmmaker Shekhar Kapur shared that he was impressed with the amazing new acting talents that the OTT space...

DesignCap – Make a Design and Protect Yourselves from Coronavirus

The new coronavirus was found in one city after another around the world from 2019. During this time, everybody was in a frenzy till...

What To Do If You’ve Been Injured in a Truck Accident

According to FMCSA, 4,311 large trucks and buses were involved in fatal crashes in 2015, an 8-percent increase from the previous year. Each year,...

People Avoid Masks Due to Breathing Problems: Study

When it came to non-compliance towards covering the face, breathing problems have emerged as a key reason, with 50 percent listing it in a...

Women More Vulnerable to Uncurbed Diabetes

Traditionally, women play the role of caregivers in India when it comes to families and their health. They prioritize the health of their loved...

Australia Rescuing Helpless Beached Whales

Rescuers of Australia are trying to save scores of beached whales on the shore in the state of Tasmania. Earlier this week, a pod...

Recent Comments