Microsoft Exchange and Dell, Zero day exploits under attack.

In a flurry of activity overnight, our technicians rushed to patch two zero day exploits to Microsoft Exchnage under active attack.  Vulnerabilities were discovered in Microsoft Exchange Server 2013, 2016, and 2019 recently and following immediate work arounds patches have now been released. 

One (CVE-2022-41040) is a server-side request forgery vulnerability and the other (CVE-2022-41082) is a remote code execution bug; both can exploited together to run PowerShell commands on a vulnerable system and hijack it.

Both were reported by Vietnamese cybersecurity firm GTSC late last week and Microsoft’s Threat Intelligence Team (MSTIC) said in a blog post October 1 that the holes were being exploited in “limited targeted attacks.” We’re told a single crew in August was able to exploit the bugs to install a backdoor and exfiltrate data from a victim’s network, for instance.

Meanwhile, Dell device drivers also suffered at the hands of North Korea-backed Lazarus Group Lazurus Group utilising Spear Fishing attacks.

The lure documents, leading to the distribution of malicious droppers that were trojan-ised versions of open source projects, corroborating recent reports from Google’s Mandiant and Microsoft.

ESET said it uncovered evidence of Lazarus dropping weaponized versions of FingerText and sslSniffer, a component of the wolfSSL library, in addition to HTTPS-based downloaders and uploaders.

The intrusions also paved the way for the group’s backdoor of choice dubbed BLINDINGCAN – also known as AIRDRY and ZetaNile – which an operator can use to control and explore compromised systems.

Its a busy time in the world of Information Security. Your IT team cannot manage high alert for an indefinite period. If you are looking for a strategic partner to share the load in fighting attacks on your infrastructure book a consultation today.

http://www.itambulance.co.uk