A surge of breaches against Microsoft Exchange Server appear to have rolled out in phases, with signs also pointing to other hackers using the same vulnerabilities after Microsoft announced a patch.
If successful, it could thwart the hurdle that keeps the pervasive privacy and security technology out of general use.
The latest details confirm a trend SC Media reported earlier in the week, that security investigators were finding substantially more instances of breached Microsoft Exchange servers than Microsoft’s original report of “limited and targeted” attacks may have let on.
Microsoft released details Thursday on later-stage malware the company says was used by the group behind the SolarWinds espionage campaign that breached several government agencies and private firms.
In its blog post on critical Exchange Server patches Tuesday, Microsoft pointed to “limited and targeted” exploitation of the vulnerabilities in the wild. But new data suggests that the breaches may not be limited or targeted at all.
Customers on Google Cloud are now able to use a diagnostic tool called “Risk Manager” to evaluate cyber hygiene. In doing so, and in sharing the results with Munich Re and Allianz, the insurers will offer expanded coverage options.
On a series of three blog posts to be released Tuesday, Microsoft said targeted hacking from a group operating out of China that the company calls Hafnium, linked together chains of vulnerabilities to garner access.
Amid tensions along their border, the new RedEcho group is breaching power infrastructure in India.
Continuing a discussion kicked off earlier this week in the Senate, House lawmakers confirmed that legislation is in the works, pushing for answers on the balance between liability protection and the duty to protect consumers.
Historically, ransomware was not seen as government’s problem any more than shoplifting: a crime against businesses that federal law enforcement saw as beyond its domain. But that may be changing.
