BleepingComputer reports that Microsoft's mitigations for the actively exploited Microsoft Exchange zero-day flaws, tracked as CVE-2022-41040 and CVE-2022-41082, have been deemed by cybersecurity experts to be significantly inadequate to curb attacks.
Microsoft on Friday recommended that on-premises Exchange servers have their remote PowerShell access disabled for non-admin users, as well as advised that known attack patterns be blocked through an IIS Manager rule as it works on a fix for the vulnerabilities.
However, such a preventive approach could be easily bypassed by threat actors, according to security researcher Jang. ANALYGENCE Senior Vulnerability Analyst Will Dormann concurred, saying the "@" in the URL block provided by Microsoft was specific and provided insufficient protection.
Researchers at GTSC, who initially identified the bugs, also confirmed the findings of Jang, who suggested a new URL block to cover a broader scope of attacks.
Meanwhile, organizations have been warned by security researcher Kevin Beaumont regarding the vulnerability of on-premises Exchange servers to potential attacks exploiting the flaw.
SiliconAngle reports that mounting security alert fatigue has prompted Torq to introduce its new HyperSOC system based on its Hyperautomation Platform using artificial intelligence to enable security operation center response automation, management, and monitoring in a bid to bolster the investigation and remediation of cybersecurity threats.
Moldovan botnet operator Alexander Lefterov, also known as Alipatime, Alipako, and Uptime, has been indicted by the U.S. Department of Justice for his involvement in widespread attacks against U.S.-based computers, BleepingComputer reports.