Blog - Cyber Security Informer

cisa-emergency-directive-microsoft-hack

Blog

CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack

Heimadal Security

APRIL 12, 2024

A new emergency directive from CISA requires U.S. federal agencies to address the risks associated with the Russian hacking group APT29’s compromise of several Microsoft business email accounts. On April 2, Federal Civilian Executive Branch (FCEB) agencies received Emergency Directive 24-02.

Risk

Risk Hacking Passwords Accountability

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Security Affairs

MARCH 6, 2021

After the disclosure of Microsoft Exchange zero-days, MS Exchange Server team has released a script to determine if an install is vulnerable. The US CISA’s emergency directive orders federal agencies to urgently update or disconnect MS Exchange on-premises installs. ” states Microsoft.

InfoSec

InfoSec Hacking Cybersecurity Accountability

Join 29,000+

Insiders

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Trending Sources

CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes

SC Magazine

APRIL 1, 2021

CISA encourages all organizations to fix Microsoft Exchange vulnerabilities in the wake of massive exploitation campaigns targeting the software. The post CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes appeared first on SC Media. Coolcaesar, CC BY-SA 4.0 link] , via Wikimedia Commons).

Firewall

Firewall Government Media Cybersecurity

Webinars

Reimagining Cybersecurity Training: Driving Real Impact on Security Culture

MORE WEBINARS

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

Security Affairs

MARCH 7, 2021

Thousands of organizations may have been victims of cyberattacks on Microsoft Exchange servers conducted by China-linked threat actors since January. At least tens of thousands of Microsoft customers may have been hacked by allegedly China-linked threat actors since January, including business and government agencies.

Hacking

Hacking Accountability Government Small Business

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Security Affairs

OCTOBER 30, 2020

Microsoft researchers are warning that threat actors are continuing to actively exploit the ZeroLogon vulnerability in attacks in the wild. Microsoft is warning that threat actors are actively exploiting the ZeroLogon vulnerability in the Netlogon Remote Protocol. At the end of September, Microsoft issued a similar warning.

Authentication

Authentication Advertising Architecture Cybercrime

Microsoft Exchange attacks cause panic as criminals go shell collecting

Malwarebytes

MARCH 9, 2021

Only last week we posted a blog about multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. January 2021, DEVCORE send an advisory and exploit to Microsoft through the MSRC portal. January 27, 2021, Dubex shares its findings with Microsoft.

Small Business

Small Business Antivirus VPN Software

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

Krebs on Security

DECEMBER 14, 2020

.” In response to the intrusions at Treasury and Commerce, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) took the unusual step of issuing an emergency directive ordering all federal agencies to immediately disconnect the affected Orion products from their networks.

Hacking

Hacking Antivirus Telecommunications Software

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

CyberSecurity Insiders

MARCH 5, 2021

On December 13 2020, multiple vendors such as FireEye and Microsoft reported emerging threats from a nation-state threat actor who compromised SolarWinds, and trojanized SolarWinds Orion business software updates in order to distribute backdoor malware called SUNBURST. It also appeared in the recent CISA Emergency Directive 20-01.

DNS

DNS Education Malware Telecommunications

APT trends report Q3 2021

SecureList

OCTOBER 26, 2021

Since then, we have identified additional documents operated by ReconHellcat; and a new campaign emerged from August through to September with an evolved infection chain. This campaign was also covered by researchers at Zscaler in a blog post. dotm) for persistence, instead of the previously used Microsoft Word add-ons (.wll).

Malware

Malware Government Surveillance Spyware

Advanced threat predictions for 2023

SecureList

NOVEMBER 14, 2022

Last June, Google’s TAG team released a blog post documenting attacks on Italian and Kazakh users that they attribute to RCS Lab, an Italian offensive software vendor. One glaring example is Iran, which faced a series of spectacular hacks and sabotages. Overall, we count this prediction as having turned out to be accurate.

Firmware

Firmware Surveillance Mobile Telecommunications

CISA Issues Emergency Directive and Orders Agencies to Mitigate the Risks of the Microsoft Hack

Microsoft releases IOC Detection Tool for Microsoft Exchange Server flaws

Webinars

Trending Sources

CISA encourages everyone to follow updated guidance for Microsoft Exchange fixes

Webinars

Chinese hackers allegedly hit thousands of organizations using Microsoft Exchange

Threat actors are actively exploiting Zerologon flaw, Microsoft warns

Microsoft Exchange attacks cause panic as criminals go shell collecting

U.S. Treasury, Commerce Depts. Hacked Through SolarWinds Compromise

SolarWinds SUNBURST Backdoor DGA and Infected Domain Analysis

APT trends report Q3 2021

Advanced threat predictions for 2023

Stay Connected