• chevron_right

      How an unpatched Microsoft Exchange 0-day likely caused one of the UK’s biggest hacks ever

      news.movim.eu / ArsTechnica · Wednesday, 9 August, 2023 - 21:58

    Building with Microsoft logo.

    Enlarge / Building with Microsoft logo. (credit: Getty Images)

    It’s looking more and more likely that a critical zero-day vulnerability that went unfixed for more than a month in Microsoft Exchange was the cause of one of the UK’s biggest hacks ever—the breach of the country’s Electoral Commission, which exposed data for as many as 40 million residents.

    Electoral Commission officials disclosed the breach on Tuesday. They said that they discovered the intrusion last October when they found “suspicious activity” on their networks and that “hostile actors had first accessed the systems in August 2021.” That means the attackers were in the network for 14 months before finally being driven out. The Commission waited nine months after that to notify the public.

    The compromise gave the attackers access to a host of personal information, including names and addresses of people registered to vote from 2014 to 2022. Spokespeople for the Commission said the number of affected voters could be as high as 40 million. The Commission has not yet said what the cause of the breach or the means of initial entry was.

    Read 9 remaining paragraphs | Comments

    • chevron_right

      Microsoft issues emergency patches for 4 exploited 0days in Exchange

      Dan Goodin · news.movim.eu / ArsTechnica · Tuesday, 2 March, 2021 - 22:00

    The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

    Enlarge (credit: Getty Images )

    Microsoft is urging customers to install emergency patches as soon as possible to protect against highly skilled hackers who are actively exploiting four zeroday vulnerabilities in Exchange Server.

    The software maker said hackers working on behalf of the Chinese government have been using the previously unknown exploits to hack on-premises Exchange Server software that is fully patched. So far, Hafnium, as Microsoft is calling the hackers, is the only group it has seen exploiting the vulnerabilities, but the company said that could change.

    “Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” Microsoft Corporate Vice President of Customer Security & Trust Tom Burt wrote in a post published Tuesday afternoon . “Promptly applying today’s patches is the best protection against this attack.”

    Read 6 remaining paragraphs | Comments

    index?i=d8pZZrv1KPM:cv7rZMuBGOE:V_sGLiPBpWUindex?i=d8pZZrv1KPM:cv7rZMuBGOE:F7zBnMyn0Loindex?d=qj6IDK7rITsindex?d=yIl2AUoC8zA