Compromised Microsoft Exchange Servers getting hacked by FBI; A second zero-day Chromium exploit code released on Twitter, and data of 1.3 million Clubhouse users exposed.
Let's see what it's all about.
Compromised Microsoft Exchange Servers Getting Hacked by FBI
This week the FBI got a court order that will let it run an operation on hundreds of Microsoft Exchange mail servers in the US to remove and copy backdoors from them. These are the compromised servers hacked by Hafnium in March, the Chinese state-sponsored group discovered by Microsoft.
According to security analysts, the four vulnerabilities chained together let the hackers steal the contents of the exchange servers run on company networks that they compromised. Microsoft repaired and patched the vulnerabilities, but the backdoors on the already compromised servers were not closed.
Microsoft's oversight let other hacking groups begin targetting the servers within a short time to deploy ransomware. Besides, although the patches were issued, not all users were applying them onto the servers. Due to this, the FBI became involved.
An announcement by Sophos Group said that threat actors are targetting exchange servers seeking to take advantage of one of the exploits, ProxyLogon, to install cryptomining code on the servers.
This week Microsoft released patches for four new critical Exchange Server vulnerabilities that have been credited to the National Security Agency. It is a timely and vital reminder that IT teams should be ready to run updates as soon as they are available.
A Second Zero-Day Chromium Exploit Code Released on Twitter
A new zero-day remote code execution exploit for Chromium was put up on Twitter; after a previous one was remediated. It affects Microsoft Edge, Google Chrome, and experts say most other Chromium-based browsers.
When detailed data about an exploit or vulnerability is released ahead of the software developers fixing it, it's called a zero-day vulnerability. A serious risk is posed to users when threat actors leverage these exploits before a fix is available.
A PoC exploit for chromium-based browsers was released this week in a Tweet of a GitHub link by security researcher Rajvardhan Agarwal to the exploit code for a zero-day exploit.
The exploit works by disabling the sandbox that then will cause the Windows Notepad application to open. The release's timing was impeccable because it came out just a day after Google released Chrome 89.0.4389.238 that fixes a different zero-day vulnerability.
Google delayed the release of Chrome 90 for Desktop to release the fix for the previous zero-day exploit. It was being released on April 13th, but Google moved it to the following day due to the patch for the exploit being pushed first.
Data of 1.3 Million Clubhouse Users Exposed
The latest tech giant to suffer a significant data breach is the chat app Clubhouse when the data for 1.3 million users was leaked online this week.
CyberNews reported that hackers published an SQL database from the chat app in the popular Raid Forum. According to the report, the member advertised that the database contained User IDs, name photo, URL, username, Instagram id, Twitter id, number of followers, and the number of people the user follows.
Clubhouse claims the report was false and misleading. Further, Clubhouse says the data was obtained through their API. According to the company, they were not hacked or breached. Besides, they say that the referred to data is public profile information available to anyone on the app.
While this could mean that the data doesn't include email addresses or passwords, there are concerns that it still could be used to target Clubhouse users for phishing and other nefarious purposes. The bigger question is when Clubhouse operates as a closed shop, how is opening up its user data via an API so that this info can be taken and published in a forum?
Clubhouse isn't alone in its security problems. Recently, a cache of 500 million LinkedIn profiles was published online. Facebook has also had its share of issues when an incident affected 533 million users in 106 countries.
That's a Wrap for News You Might've Missed
I hope this update has been helpful. MSP360 is your resource for MSP news. Stay home, stay safe and healthy, and remember to check back every week for more highlights.