Connect with us

Tech

Microsoft says two new Exchange zero-day bugs under active attack, but no immediate fix – TechCrunch

Published

 on


Microsoft has confirmed two unpatched Exchange Server zero-day vulnerabilities are being exploited by cybercriminals in real-world attacks.

Vietnamese cybersecurity company GTSC, which first discovered the flaws as part of its response to a customer’s cybersecurity incident in August 2022, said the two zero-days have been used in attacks on their customers’ environments dating back to early August 2022.

Microsoft’s Security Response Center (MRSC) said in a blog post late on Thursday that the two vulnerabilities were identified as CVE-2022-41040, a server-side request forgery (SSRF) vulnerability, while the second, identified as CVE-2022-41082, allows remote code execution on a vulnerable server when PowerShell is accessible to the attacker.

Genius Dog 336 x 280 - Animated

“At this time, Microsoft is aware of limited targeted attacks using the two vulnerabilities to get into users’ systems,” the technology giant confirmed.

Microsoft noted that an attacker would need authenticated access to the vulnerable Exchange Server, such as stolen credentials, to successfully exploit either of the two vulnerabilities, which impact on-premise Microsoft Exchange Server 2013, 2016 and 2019.

Microsoft hasn’t shared any further details about the attacks and declined to answer our questions. Security firm Trend Micro gave the two vulnerabilities severity ratings of 8.8 and 6.3 out of 10.

However, GTSC reports that cybercriminals chained the two vulnerabilities to create backdoors on the victim’s system and also move laterally through the compromised network. “After successfully mastering the exploit, we recorded attacks to collect information and create a foothold in the victim’s system,” said GTSC.

GTSC said it suspects a Chinese threat group may be responsible for the ongoing attacks because the webshell codepage uses character encoding for simplified Chinese. The attackers have also deployed the China Chopper webshell in attacks for persistent remote access, which is a backdoor commonly used by China state-sponsored hacking groups.

Security researcher Kevin Beaumont, who was among the first to discuss GTSC’s findings in a series of tweets on Thursday, said he is aware of the vulnerability being “actively exploited in the wild” and that he “can confirm significant numbers of Exchange servers have been backdoored.”

Microsoft declined to say when patches would become available, but noted in its blog post that the upcoming fix is on an “accelerated timeline.”

Until then, the company is recommending that customers follow the temporary mitigation measures shared by GTSC, which involves adding a blocking rule in IIS Manager. The company noted that Exchange Online Customers do not need to take any action at the moment because the zero-days only impact on-premise Exchange servers.

Adblock test (Why?)



Source link

Continue Reading

Tech

LastPass Suffers Second Major Data Breach in Four Months | – Spiceworks News and Insights

Published

 on


On Wednesday, LastPass confirmed it was breached, a fallout of the August 2022 incident wherein portions of source code and some proprietary LastPass technical information were compromised. The recent breach came to light after the company noticed unusual activity in a third-party cloud storage service it shares with GoTo, its parent company.

In a blog post, LastPass CEO Karim Toubba said the still unknown threat actors accessed “certain elements” of the password manager’s customer information. Toubba didn’t talk about the type of information that was compromised but assured that the passwords of more than 33 million company users and more than 100,000 business accounts remain unaffected.

The August 2022 breach, wherein the hackers had access to LastPass accounts for four days, compromised the source code and some proprietary technical information. What the threat actors obtained in the previously compromised data to breach LastPass again is unknown.

Genius Dog 336 x 280 - Animated

“Since the company claims that the current hack is based on data compromised in the previous hack, this raises the question: Why did they not learn from the earlier hack and correct the root cause?” Mike Walters, VP of vulnerability and threat research at Action1, told Spiceworks. “The trend of repeated hacks, where the company fails to eliminate the consequences of the breach for months, is frustrating.”

In both LastPass breaches this year, the threat actors failed to access customer passwords thanks to the Zero Knowledge security model it has implemented that no one except the customer has access to the password or any other data stored in the company’s digital vault.

The password manager solutions vendor is working with Mandiant to ascertain the precise reason behind the hack. “We are working diligently to understand the scope of the incident and identify what specific information has been accessed,” Toubba said. LastPass’s previous August 2022 breach came through a compromised developer account that had access to the company’s developer environment.

Walters added, “To avoid this mistake, you should take decisive steps to investigate the security incident, as well as to find and fix any and all security vulnerabilities. Namely, carefully examine the investigation report and conduct an in-depth analysis of all architectural issues. Implement robust network segmentation and complete visibility into network traffic and user behavior. Ensure you receive alerts about any abnormal events.”

“Also, validate that your IDS/IPS, Endpoint Protection, EDR, NGFW, Sandbox, Honeypot, and RMM systems are in place and fine-tuned according to your business needs.  Finally, you need to have a SOC center for incident response.”

Let us know if you enjoyed reading this news on LinkedIn, Twitter, or Facebook. We would love to hear from you!

Image source: Shutterstock

MORE ON DATA BREACHES

Adblock test (Why?)



Source link

Continue Reading

Tech

‘The Callisto Protocol’ Reviews Are In, And They Are Concerning – Forbes

Published

 on


We have reached the last few high profile releases of the year, and The Callisto Protocol was a game that many were looking forward to, a survival horror outing that seemed like it would be a spiritual successor to Dead Space.

But now that reviews are coming in, it seems to be falling short of that series, and while reviews are…okay, a few major critics and outlets have given it unusually low scores. The Callisto Protocol is currently sitting at a 76 Metascore, a ways off from the 86 of Dead Space, the 90 of Dead Space 2, and closer to the 78 of Dead Space 3, which was viewed as a series low point, before Visceral was eventually dismantled.

My friend Skillup, whose tastes I trust pretty explicitly at this point, positively roasted the game in his review:

Genius Dog 336 x 280 - Animated

Elsewhere, we’re seeing a number of high profile outlets in gaming give The Callisto Protocol some of its lowest scores:

IGN – 7/10 – “The Callisto Protocol is a satisfyingly gory spiritual successor to the Dead Space series, but it’s ultimately more of a striking modern mimic than a scary new mutation.”

Game Informer – 6/10 – “These various problems aside, though, The Callisto Protocol is still doing a lot of what Dead Space did, for better and worse. And to that end, there are moments of fun, even if, in contrast, they’re light on genuine terror. I’m okay with The Callisto Protocol being another version of its spiritual predecessor, but it struggles to nail even the basics. As a result, I’m underwhelmed, annoyed, and disappointed. If you wanted anything more out of this second crack at making a new sci-fi IP in survival horror, or something markedly different that acknowledges just how far gaming has come since 2008, The Callisto Protocol is not your answer.”

VGC – 6/10 – “The Callisto Protocol delivers the violence, intensity and horror that lives up to its Dead Space predecessor, but with deeper strategic combat. However, a cliché story and lack of original ideas means that it has one tentacle stuck in the past.”

That isn’t to say there isn’t any praise. Here’s a somewhat shocking perfect 10/10 score from Dextero:

“A wonderfully exhausting exercise in futility is probably the best way of describing The Callisto Protocol as no matter the strength of my own resolve, I was constantly on edge and reveling in those fleeting moments where the game allowed me to breathe following yet another life-threatening fight. The constant fear and dread incited by the phenomenal visual and sound design are only complemented by the compelling story. The Callisto Protocol is, hopefully, the start of an exciting new franchise, and is another sign that survival horror is anything but dead.”

The Callisto Protocol is being released about two months ahead of the Dead Space remake from EA, but so far, it does seem like you may be better sticking off with the original than the “spiritual successor” here. It may find its fans, but this is not shaping up to be a last minute industry megahit, if most of these reviews are to be believed. We’ll see what fans make of it as it heads to the wild.

Follow me on Twitter, YouTube, Facebook and Instagram. Subscribe to my free weekly content round-up newsletter, God Rolls.

Pick up my sci-fi novels the Herokiller series and The Earthborn Trilogy.

Adblock test (Why?)



Source link

Continue Reading

Tech

Pokémon Scarlet And Violet Patch Divides Players Over Whether Anything's Fixed – Kotaku

Published

 on


GameXplain

Others are reporting greater render distances, improved shadows, fading light changes, and fade-in rather than pop-in for NPCs.

However, Nintendúo World’s side-by-side framerate test seems to show each version out-performing the other in different places. Although I’d argue there’s definitely some improvement when entering towns in 1.1.0:

Nintendúo World

Genius Dog 336 x 280 - Animated

One more for luck? This side-by-side comparison by Reyvanlatino (which unfortunately plays the music from both simultaneously, but just out of time) makes them look absolutely identical to me:

Reyvanlatino

So yeah, it’s pretty difficult to know exactly what’s happening here, and why different people are recording such different experiences.

Read More: Pokémon Scarlet And Violet: The Kotaku Review

In my own very unscientific comparison, I played the same area on my son’s original Switch with the 1.1.0 patch and on my OLED without the patch, and to my eyes the patched version seemed noticeably smoother. But, my eyes are notorious idiots, and either way, it was far from a revelatory experience.

It’s so hard to know what’s your imagination versus what’s a genuine improvement, but Pokémon still popped in, and it was still freezing up for half a second at random points. (Still, at least I caught a bunch of the Violet paradox monsters to trade to myself later.) If things are improved, they’re absolutely definitely not improved enough.

We asked Nintendo yesterday if they could be more specific about what had been patched, and didn’t even receive a response. So we’ve asked again today, not least because it seems like they could have something to boast about here. We’ll obviously update should they find time to reply. Although perhaps they’re relying on people’s hopeful imaginations to fill in where they did not?

Meanwhile, come on Digital Foundry, pull your fingers out and give us the definitive answers.

 

Adblock test (Why?)



Source link

Continue Reading

Trending