Connect with us

Tech

Two Microsoft Exchange zero-days exploited in the wild. – The CyberWire

Published

 on


Microsoft warns of Exchange Server vulnerabilities.

Late Friday Microsoft disclosed that two zero-days afflicted three versions of its widely used Exchange Server. Redmond’s initial disclosure said:

“Microsoft is investigating two reported zero-day vulnerabilities affecting Microsoft Exchange Server 2013, Exchange Server 2016, and Exchange Server 2019. The first one, identified as CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, and the second one, identified as CVE-2022-41082, allows Remote Code Execution (RCE) when PowerShell is accessible to the attacker.  

“Currently, Microsoft is aware of limited targeted attacks using these two vulnerabilities. In these attacks, CVE-2022-41040 can enable an authenticated attacker to remotely trigger CVE-2022-41082. It should be noted that authenticated access to the vulnerable Exchange Server is necessary to successfully exploit either vulnerability.

Genius Dog 336 x 280 - Animated

“We are working on an accelerated timeline to release a fix. Until then, we’re providing mitigations and the detections guidance below to help customers protect themselves from these attacks.”

Microsoft’s Security Response Center shared an initial set of mitigations and tools to evaluate the risk, including indicators of compromise, in its “Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server.” Late Sunday the Microsoft Security Response Center added this caution: “We strongly recommend Exchange Server customers to disable remote PowerShell access for non-admin users in your organization.”

GTSC initially discovered the zero-days (and their exploitation).

In the course of security monitoring and incident response services its SOC team was performing early in August, Hanoi-based GTSC “discovered that a critical infrastructure was being attacked” through its Microsoft Exchange application. They shared their discovery with the Zero Day Initiative and Microsoft, which led to the fixes Redmond released Friday.

GTSC summarized the attackers’ activity as follows: “We recorded attacks to collect information and create a foothold in the victim’s system. The attack team also used various techniques to create backdoors on the affected system and perform lateral movements to other servers in the system. We detected webshells, mostly obfuscated, being dropped to Exchange servers. Using the user-agent, we detected that the attacker uses Antsword, an active Chinese-based opensource cross-platform website administration tool that supports webshell management.” The company provided its customers with temporary containment measures they could use to protect themselves until Microsoft was able to make a patch available.

Who’s responsible for the observed exploitation isn’t clear, but GTSC sees strong circumstantial evidence that the threat actor or actors behind it are Chinese. “We suspect these exploits come from Chinese attack groups, based on the webshell codepage of 936, a Microsoft character encoding for simplified Chinese.”

Sophos points out what those temporary measures might amount to, and sees this as a kind of “silver lining” in the cloud the incident casts over Exchange;

“The bugs can’t be triggered by just anyone.” That is, only an authenticated attacker can initiate them. “Sure, any remote user who has already logged into their email account over the internet, and whose computer is infected by malware, could in theory have their account subverted to launch an attack that exploits these bugs. But just having your Exchange server accessible over the internet is not enough on its own to expose you to attack, because so-called unauthenticated invocation of these bugs is not possible.

“Blocking PowerShell Remoting can limit attacks. According to Microsoft, blocking TCP ports 5985 and 5986 on your Exchange server will limit (if not actually prevent) attackers from chaining from the first vulnerability to the second. Although attacks might be possible without relying on triggering PowerShell commands, intrusion reports so far seem to suggest that PowerShell execution was a necessary part of the attack.”

The zero-days are first cousin to ProxyShell; organizations that found themselves vulnerable to ProxyShell should be especially on their guard.

CISA adds both issues to its Known Exploited Vulnerabilities Catalog.

Late Friday the US Cybersecurity and Infrastructure Security Agency (CISA) added both CVE-2022-41082 and CVE-2022-41040 to its Known Exploited Vulnerabilities Catalog. It characterized CVE-2022-41082 as follows: “Microsoft Exchange Server contains an unspecified vulnerability which allows for authenticated remote code execution. Dubbed “ProxyNotShell,” this vulnerability is chainable with CVE-2022-41040 which allows for the remote code execution.” CVE-2022-41040, a server-side request forgery vulnerability, is described thusly: “Microsoft Exchange Server allows for server-side request forgery. Dubbed “ProxyNotShell,” this vulnerability is chainable with CVE-2022-41082 which allows for remote code execution.” In both cases CISA advises organizations to apply the mitigations Microsoft has provided. US Federal executive civilian agencies have until October 21st to take action.

Michael Assraf CEO & Co-founder of Vicarius, was struck by how quick CISA was to add the two vulnerabilities to its Catalog. “CISA is typically late to the party for many of the KEV additions, but it seems like the invitation was delivered early,” he wrote, and went on to offer his summary of the vulnerabilities and their implications:

“Two zero-days in Microsoft Exchange servers were discovered that when chained together, can allow remote code execution. However, the advisory states that authenticated access to the servers are necessary in order to exploit. Thus, it is likely attackers will first run a phishing/social engineering campaign to gain authorization. So if you have Exchange servers, it is important to place all of the suggested mitigations in effect from Microsoft’s guidance. But what’s equally, if not more, important is to double down on efforts to recognize and report phishing in your organization.

“The other vulnerability is a command injection flaw in Atlassian Bitbucket reported back in August. A patch is available for this CVE, and a PoC exploit is also circulating out in the wild. As Bitbucket is a code repository, some sensitive intellectual property could be at risk as well as other components connected to the larger Jira/Trello framework. A malicious actor leveraging this kind of attack is most likely after admin-level control so they can sink their teeth further into the network.”

Adblock test (Why?)



Source link

Continue Reading

Tech

Makeover: How to achieve that perfect flick, no matter your eye shape – Brantford Expositor

Published

 on


Nadia Albano offers up her tips on how to achieve a classic look

Genius Dog 336 x 280 - Animated

Article content

A winged eyeliner is a classic look loved by many, and surprisingly easy to do.

Advertisement 2

Article content

Here are a few easy steps, and tips, to help you get that perfect flick no matter your eye shape.

Step 1: PrimerThe first and most important step is to prep the eyelid with a smudge proof base. I?m using Charlotte Tilbury?s Matte ? Eyes to Mesmerize in Nude Cashmere because it goes on smoothly, is long wearing and lasts up to 12 hours. Photo: Nadia Albano. For Nadia’s makeover column on Dec. 4, 2022. [PNG Merlin Archive]
Step 1: PrimerThe first and most important step is to prep the eyelid with a smudge proof base. I?m using Charlotte Tilbury?s Matte ? Eyes to Mesmerize in Nude Cashmere because it goes on smoothly, is long wearing and lasts up to 12 hours. Photo: Nadia Albano. For Nadia’s makeover column on Dec. 4, 2022. [PNG Merlin Archive] Photo by Nadia Albano /jpg

Step 1: Primer

The first and most important step is to prep the eyelid with a smudge proof base. I’m using Charlotte Tilbury’s Matte — Eyes to Mesmerize in Nude Cashmere because it goes on smoothly, is long wearing and lasts up to 12 hours.

Step 2: Liner

I used Smashbox — Always On Waterproof Gel Eyeliner in Fishnet to draw on my liner. tarting at the middle of my eyelid, I traced a thin line along my lash, which progressively grew thicker toward the outer corner of my eye. I then connected the line from the inner corner to the middle of the eye. The key to a perfect liner is to use short and clean strokes, a sharp eyeliner and a fine angled liner brush to extend the outer wing.

Advertisement 3

Article content

Tip: For hooded eyes try creating the outer wing where the hood starts first and work your way inward. For round eyes start from the outer corner of the eye and create a sharper angle toward the middle of the lid. For small eyes try keeping your liner and wing thin and short. Use a skin toned eyeliner to draw a line just below the wing and to tight line, making the eyes appear larger and brighter.

Step 3: Mascara and brows

Curling the lashes and coating them with black mascara will enhance the look, as will filling in your eyebrows. I’m using Benefit Cosmetics — Roller Lash Curling Mascara in black and on my brows, I used Benefit — 24-Hour Brow Setter Clean Brow Gel with Benefit — Precisely My Brow Pencil in #4.

Step 4: Lips and blush

Advertisement 4

Article content

I lightly contoured my face with Tarte Amazonion Clay Waterproof Bronzing Powder, then swept a hint of Benefit Cosmetics — Dandelion blush on my cheeks. To pull the look together, I lined my lips with NYX — Suede Matte Lip Liner in Sandstorm then layered it with Glo Skin Beauty — Cream Glaze Crayon in Chiffon.

The completed look.
The completed look. Photo by Nadia Albano /jpg

The completed look


More news, fewer ads: Our in-depth journalism is possible thanks to the support of our subscribers. For just $3.50 per week, you can get unlimited, ad-lite access to The Vancouver Sun, The Province, National Post and 13 other Canadian news sites. Support us by subscribing today: The Vancouver Sun | The Province.

Advertisement 1

Comments

Postmedia is committed to maintaining a lively but civil forum for discussion and encourage all readers to share their views on our articles. Comments may take up to an hour for moderation before appearing on the site. We ask you to keep your comments relevant and respectful. We have enabled email notifications—you will now receive an email if you receive a reply to your comment, there is an update to a comment thread you follow or if a user you follow comments. Visit our Community Guidelines for more information and details on how to adjust your email settings.

Adblock test (Why?)



Source link

Continue Reading

Tech

‘Fortnite’ Leaked Skins: Mr. Beast, Geralt Of Rivia And More Coming To Chapter 4 – Forbes

Published

 on


The Fortnite Chapter 4, Season 1 leaks have begun just hours before the game’s big live-event kicks off.

Screenshots of what appears to be the new cinematic trailer have leaked online and show off a few familiar faces.

Mr. Beast

Mr. Beast appears to be coming to the game, possibly as a Battle Pass skin, possibly as an Item Shop addition. He will join other YouTube celebrities and streamers like Ninja as well as big movie superstars like The Rock, all of whom have come to the battle royale game in some fashion. This isn’t a surprise as Epic Games have talked about a future Mr. Beast collaboration in the past.

Genius Dog 336 x 280 - Animated

Geralt Of Rivia

Will we get horseback riding this season? That’s Geralt of Rivia from The Witcher, but he’s accompanied by his steed, Roach. Mounts would spice things up a bit for the next Chapter. (Flying mounts especially).

The timing here is good for CD Projekt Red. The Polish game developer releases the PS5 and Xbox Series X versions of The Witcher 3 this month on December 14th and is free for previous owners of the game.

DOOM Guy

The classic space marine from the DOOM franchise appears to be another collaboration. He’s fighting a Cacodemon, which would be a cool new NPC enemy time.

Who would win in a fight? DOOM Guy or Master Chief?

If you look closely throughout the leaked trailer, you can spot others: Toy Story, perhaps, and the Teenage Mutant Ninja Turtles. We’ll know more when Chapter 4, Season 1 launches.

More Chapter 4 Season 1 Updates:

Adblock test (Why?)



Source link

Continue Reading

Tech

Watch The Paradigm Create The New ‘Fortnite’ Chapter 4 Map In ‘A New Beginning’ Cinematic Trailer – Forbes

Published

 on


Update:

The actual cinematic trailer is live now so I’m updating this post with the official—and nicer looking—video (above).

This was the final segment in today’s Fractured live-event which you can read about here.

Genius Dog 336 x 280 - Animated

Original Story:

The cinematic trailer for Fortnite’s upcoming Chapter 4, Season 1 has leaked online just hours before the big Chapter 3, Season 4 ‘Fractured’ live event.

Obviously big spoilers ahead and in the video.

Basically, it appears that Brie Larson’s Paradigm has lost the battle against the mysterious oozing Chrome that has taken over the map during the ‘Paradise’ season.

She’s forced to destroy the map entirely and piece together a new one, telling the players that she can’t help them anymore. From here on, they have to help themselves.

I admit, I’m a bit lost in the game’s current narrative, which they haven’t really fleshed out much recently. This propels us into a new Chapter narratively also, though it’s unclear what comes next even after watching the trailer.

I suppose Christmas stuff comes next! The Days Of Fortnite event, Christmas presents and so forth, all on a brand new map. That should be fun!

ore Chapter 4 Season 1 Updates:

Adblock test (Why?)



Source link

Continue Reading

Trending