adplus-dvertising
Connect with us

Tech

Two Microsoft Exchange zero-days exploited in the wild. – The CyberWire

Published

 on


Microsoft warns of Exchange Server vulnerabilities.

Late Friday Microsoft disclosed that two zero-days afflicted three versions of its widely used Exchange Server. Redmond’s initial disclosure said:

“Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.  

“Currently, Microsoft is aware of limited targeted attacks using these two vulnerabilities. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability.

“We are working on an accelerated timeline to release a fix. Until then, we’re providing mitigations and the detections guidance below to help customers protect themselves from these attacks.”

Microsoft’s Security Response Center shared an initial set of mitigations and tools to evaluate the risk, including indicators of compromise, in its “Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server.” Late Sunday the Microsoft Security Response Center added this caution: “We strongly recommend Exchange Server customers to disable remote PowerShell access for non-admin users in your organization.”

GTSC initially discovered the zero-days (and their exploitation).

In the course of security monitoring and incident response services its SOC team was performing early in August, Hanoi-based GTSC “discovered that a critical infrastructure was being attacked” through its Microsoft Exchange application. They shared their discovery with the Zero Day Initiative and Microsoft, which led to the fixes Redmond released Friday.

GTSC summarized the attackers’ activity as follows: “We recorded attacks to collect information and create a foothold in the victim’s system. The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system. We detected webshells, mostly obfuscated, being dropped to Exchange servers. Using the user-agent, we detected that the attacker uses Antsword, an active Chinese-based opensource cross-platform website administration tool that supports webshell management.” The company provided its customers with temporary containment measures they could use to protect themselves until Microsoft was able to make a patch available.

Who’s responsible for the observed exploitation isn’t clear, but GTSC sees strong circumstantial evidence that the threat actor or actors behind it are Chinese. “We suspect these exploits come from Chinese attack groups, based on the webshell codepage of 936, a Microsoft character encoding for simplified Chinese.”

Sophos points out what those temporary measures might amount to, and sees this as a kind of “silver lining” in the cloud the incident casts over Exchange;

“The bugs can’t be triggered by just anyone.” That is, only an authenticated attacker can initiate them. “Sure, any remote user who has already logged into their email account over the internet, and whose computer is infected by malware, could in theory have their account subverted to launch an attack that exploits these bugs. But just having your Exchange server accessible over the internet is not enough on its own to expose you to attack, because so-called unauthenticated invocation of these bugs is not possible.

“Blocking PowerShell Remoting can limit attacks. According to Microsoft, blocking TCP ports 5985 and 5986 on your Exchange server will limit (if not actually prevent) attackers from chaining from the first vulnerability to the second. Although attacks might be possible without relying on triggering PowerShell commands, intrusion reports so far seem to suggest that PowerShell execution was a necessary part of the attack.”

The zero-days are first cousin to ProxyShell; organizations that found themselves vulnerable to ProxyShell should be especially on their guard.

CISA adds both issues to its Known Exploited Vulnerabilities Catalog.

Late Friday the US Cybersecurity and Infrastructure Security Agency (CISA) added both CVE-2022-41082 and CVE-2022-41040 to its Known Exploited Vulnerabilities Catalog. It characterized CVE-2022-41082 as follows: “Microsoft Exchange Server contains an unspecified vulnerability which allows for authenticated remote code execution. Dubbed “ProxyNotShell,” this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.” CVE-2022-41040, a server-side request forgery vulnerability, is described thusly: “Microsoft Exchange Server allows for server-side request forgery. Dubbed “ProxyNotShell,” this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.” In both cases CISA advises organizations to apply the mitigations Microsoft has provided. US Federal executive civilian agencies have until October 21st to take action.

Michael Assraf CEO & Co-founder of Vicarius, was struck by how quick CISA was to add the two vulnerabilities to its Catalog. “CISA is typically late to the party for many of the KEV additions, but it seems like the invitation was delivered early,” he wrote, and went on to offer his summary of the vulnerabilities and their implications:

“Two zero-days in Microsoft Exchange servers were discovered that when chained together, can allow remote code execution. However, the advisory states that authenticated access to the servers are necessary in order to exploit. Thus, it is likely attackers will first run a phishing/social engineering campaign to gain authorization. So if you have Exchange servers, it is important to place all of the suggested mitigations in effect from Microsoft’s guidance. But what’s equally, if not more, important is to double down on efforts to recognize and report phishing in your organization.

“The other vulnerability is a command injection flaw in Atlassian Bitbucket reported back in August. A patch is available for this CVE, and a PoC exploit is also circulating out in the wild. As Bitbucket is a code repository, some sensitive intellectual property could be at risk as well as other components connected to the larger Jira/Trello framework. A malicious actor leveraging this kind of attack is most likely after admin-level control so they can sink their teeth further into the network.”

Adblock test (Why?)

728x90x4

Source link

Continue Reading

Tech

Building Homes Faster with our Latest 3D Construction Printer

Published

 on

Copenhagen, 22.10.2024 – COBOD International, the global leader in 3D construction printing technology, proudly introduces the BOD3 3D Construction Printer for 3D printing of real concrete. Equipped with an extendable ground-based track system, the BOD3 advances the construction process by eliminating printer downtime between multiple buildings on the same site, setting a new benchmark for productivity and efficiency. The BOD3 is the most advanced solution for high-volume low-rise construction and a very effective alternative to conventional construction methods.

The heart and key feature of the new BOD3 3D printer is the advanced extendable ground-based track system. This system enables limitless extension along the Y-axes (length), expanding the printable area to cover 2 or 3 buildings, and reducing setup time to a single installation for multi-building projects. It’s a game-changer, allowing continuous, uninterrupted printing across large sites, increasing efficiency for high volume and mass production at an unmatchable scale.

 

Render of COBOD BOD3 3D Construction Printer.

Render of COBOD BOD3 3D Construction Printer.

The BOD3, COBOD’s third printer model, is the outstanding achievement of years of dedicated research, development, and close collaboration with customers. It is a vital advancement in automated construction technology, directly addressing the urgent global demand for faster, smarter, more efficient and sustainable building solutions. Like every COBOD 3D printer, the BOD3’s modular design offers customization, allowing it to easily adapt to any customer’s size wishes in addition to complying with the various sizes of construction sites anywhere in the world.

The BOD3 follows COBOD’s vision to build smarter through automation. Its operational stand combines the control and monitoring of both the 3D printer and supplementary equipment in one user-friendly system. The Advanced Hose Management System (AHMS) transports 3D printable material from the materials delivery system to the printhead via hoses secured within E-chains, minimizing physical labor and optimizing material flow. With the addition of the dual dosing system for additives, operators can better control the concrete and adapt it to onsite environmental conditions. By introducing additives directly at the printhead, the system reduces drying time between layers, speeding up the overall construction process. Designed for easy operation and precision, the BOD3 can be operated by a small, trained, and certified team, reducing the costs of projects.

Incorporating the innovative Universal X-Carriage, the BOD3 is ready for future COBOD advancements and technologies, like the introduction of additional tools for the printer aimed at insulating, painting, sanding, etc. This ensures long-term versatility and performance that will keep the BOD3 at the forefront of the industry for years to come.

 

Universal X-Carriage with Printhead

Universal X-Carriage with Printhead.

Already deployed to the global market, the BOD3 is currently active in Indonesia, by Modula Tiga Dimensi, Angola, by Power2Build, and Bahrain, by Ab’aad 3D. The customers report faster project execution with near-zero downtime between individual buildings on the same site. The projects showcase the BOD3’s ability to speed up construction and print with real concrete, with 99% locally sourced materials and 1% of innovative D.fab, a co-developed solution by COBOD and Cemex to make concrete 3D printable.

Henrik Lund-Nielsen, Founder and General Manager of COBOD, commented on the BOD3: “The global housing crisis demands a more efficient construction solution that is faster, more efficient, and scalable. The BOD3 is our answer to this challenge. Drawing on years of research and expertise, we’ve designed the BOD3 with innovative features, making it our most cost-effective and efficient model yet for multiple low-rise buildings. Its design supports high-volume, linear production of houses, enabling mass production without compromising quality. The fact that six units have already been sold before its official launch speaks volumes about the BOD3’s market demand and the trust our customers place in our technology.

Michael Holm, Chief Innovation Officer at COBOD, states, “The advanced ground-based track system was developed as a response to our customers’ needs to increase efficiency and productivity. Now the 3D construction printer can be easily extended, and multiple consecutive structures can be printed with minimal repositioning and zero downtime between projects, making 3D construction printing more efficient than ever before.

 

The BOD3 is now available for purchase worldwide; for more information, please visit our website, www.cobod.com, or contact us at info@cobod.com.

 

RELEVANT LINKS

 

ABOUT COBOD

COBOD stands as the global leader in supplying 3D printers for the construction sector, with over 80 printers distributed across North and Latin America, Europe, the Middle East, Africa, and Asia-Pacific. Driven by a mission to revolutionize construction through multifunctional robots based on 3D printing, COBOD envisions automating half of the construction processes to achieve faster, cost-effective, sustainable results with enhanced design versatility.

From residential, commercial, and public buildings, COBOD’s 3D printers have been instrumental in erecting 1- to 3-story structures across all six inhabited continents. The innovative technology also extends to fabricate large-scale data centers, wind turbine towers, tanks, and more.

Embracing an open-source material approach, COBOD collaborates with global partners, including customers, academia, and suppliers. The company, backed by prominent shareholders such as General Electric, CEMEX, Holcim, and PERI, operates from its main office in Copenhagen, Denmark, and regional competence centers in Miami, Florida, and Kuala Lumpur, Malaysia. COBOD’s dynamic team comprises over 100 professionals from 25 diverse nationalities.

 

ABOUT MODULA TIGA DIMENSI

PT Modula Tiga Dimensi is a joint venture between Bakrie & Brothers (BNBR) and COBOD. BNBR focuses on offering and providing solutions for housing backlog problems currently encountered by the country.

Teaming up with COBOD International, the company is now set to adopt the latest 3D printing construction technology and is ready to offer the Indonesian market a new and better solution to housing obstructions.

 

ABOUT POWER2BUILD
Reshaping the construction sector and adapting it to urgent human needs.

Power2Build is a technology company for the construction industry, prepared to establish partnerships with private, public, and non-governmental organizations (NGOs) so that they can make the transition to Build 4.0 through 3DCP.

We offer our clients value-added services and high-quality projects, always with a multidisciplinary approach that brings together the necessary experience to deal with complex issues.

Continue Reading

Tech

Slack researcher discusses the fear, loathing and excitement surrounding AI in the workplace

Published

 on

 

SAN FRANCISCO (AP) — Artificial intelligence‘s recent rise to the forefront of business has left most office workers wondering how often they should use the technology and whether a computer will eventually replace them.

Those were among the highlights of a recent study conducted by the workplace communications platform Slack. After conducting in-depth interviews with 5,000 desktop workers, Slack concluded there are five types of AI personalities in the workplace: “The Maximalist” who regularly uses AI on their jobs; “The Underground” who covertly uses AI; “The Rebel,” who abhors AI; “The Superfan” who is excited about AI but still hasn’t used it; and “The Observer” who is taking a wait-and-see approach.

Only 50% of the respondents fell under the Maximalist or Underground categories, posing a challenge for businesses that want their workers to embrace AI technology. The Associated Press recently discussed the excitement and tension surrounding AI at work with Christina Janzer, Slack’s senior vice president of research and analytics.

Q: What do you make about the wide range of perceptions about AI at work?

A: It shows people are experiencing AI in very different ways, so they have very different emotions about it. Understanding those emotions will help understand what is going to drive usage of AI. If people are feeling guilty or nervous about it, they are not going to use it. So we have to understand where people are, then point them toward learning to value this new technology.

Q: The Maximalist and The Underground both seem to be early adopters of AI at work, but what is different about their attitudes?

A: Maximalists are all in on AI. They are getting value out of it, they are excited about it, and they are actively sharing that they are using it, which is a really big driver for usage among others.

The Underground is the one that is really interesting to me because they are using it, but they are hiding it. There are different reasons for that. They are worried they are going to be seen as incompetent. They are worried that AI is going to be seen as cheating. And so with them, we have an opportunity to provide clear guidelines to help them know that AI usage is celebrated and encouraged. But right now they don’t have guidelines from their companies and they don’t feel particularly encouraged to use it.

Overall, there is more excitement about AI than not, so I think that’s great We just need to figure out how to harness that.

Q: What about the 19% of workers who fell under the Rebel description in Slack’s study?

A: Rebels tend to be women, which is really interesting. Three out of five rebels are women, which I obviously don’t like to see. Also, rebels tend to be older. At a high level, men are adopting the technology at higher rates than women.

Q: Why do you think more women than men are resisting AI?

A: Women are more likely to see AI as a threat, more likely to worry that AI is going to take over their jobs. To me, that points to women not feeling as trusted in the workplace as men do. If you feel trusted by your manager, you are more likely to experiment with AI. Women are reluctant to adopt a technology that might be seen as a replacement for them whereas men may have more confidence that isn’t going to happen because they feel more trusted.

Q: What are some of the things employers should be doing if they want their workers to embrace AI on the job?

A: We are seeing three out of five desk workers don’t even have clear guidelines with AI, because their companies just aren’t telling them anything, so that’s a huge opportunity.

Another opportunity to encourage AI usage in the open. If we can create a culture where it’s celebrated, where people can see the way people are using it, then they can know that it’s accepted and celebrated. Then they can be inspired.

The third thing is we have to create a culture of experimentation where people feel comfortable trying it out, testing it, getting comfortable with it because a lot of people just don’t know where to start. The reality is you can start small, you don’t have to completely change your job. Having AI write an email or summarize content is a great place to start so you can start to understand what this technology can do.

Q: Do you think the fears about people losing their jobs because of AI are warranted?

A: People with AI are going to replace people without AI.

The Canadian Press. All rights reserved.

Source link

Continue Reading

Tech

Biden administration to provide $325 million for new Michigan semiconductor factory

Published

 on

 

WASHINGTON (AP) — The Biden administration said Tuesday that it would provide up to $325 million to Hemlock Semiconductor for a new factory, a move that could help give Democrats a political edge in the swing state of Michigan ahead of election day.

The funding would support 180 manufacturing jobs in Saginaw County, where Republicans and Democrats were neck-in-neck for the past two presidential elections. There would also be construction jobs tied to the factory that would produce hyper-pure polysilicon, a building block for electronics and solar panels, among other technologies.

Commerce Secretary Gina Raimondo said on a call with reporters that the funding came from the CHIPS and Science Act, which President Joe Biden signed into law in 2022. It’s part of a broader industrial strategy that the campaign of Vice President Kamala Harris, the Democratic nominee, supports, while Republican nominee Donald Trump, the former president, sees tariff hikes and income tax cuts as better to support manufacturing.

“What we’ve been able to do with the CHIPS Act is not just build a few new factories, but fundamentally revitalize the semiconductor ecosystem in our country with American workers,” Raimondo said. “All of this is because of the vision of the Biden-Harris administration.”

A senior administration official said the timing of the announcement reflected the negotiating process for reaching terms on the grant, rather than any political considerations. The official insisted on anonymity to discuss the process.

After site work, Hemlock Semiconductor plans to begin construction in 2026 and then start production in 2028, the official said.

Running in 2016, Trump narrowly won Saginaw County and Michigan as a whole. But in 2020 against Biden, both Saginaw County and Michigan flipped to the Democrats.

The Canadian Press. All rights reserved.

Source link

Continue Reading

Trending