T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360
The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as “urgent,” warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.
“Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207,” CISA warned over the weekend.
“CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.”
These three security flaws (patched in April and May) were discovered by Devcore security researcher Orange Tsai, who used them to compromise a Microsoft Exchange server in April’s Pwn2Own 2021 hacking contest:
Actively exploited by multiple threat actors
This warning comes after similar ones alerting organizations to defend their networks from the wave of attacks that hit tens of thousands of organizations worldwide in March, with exploits targeting four zero-day Microsoft Exchange bugs known as ProxyLogon.
Even though Microsoft fully patched the ProxyShell bugs in May 2021, they didn’t assign CVE IDs for the three security vulnerabilities until July, thus preventing some organizations who had unpatched servers from discovering that they had vulnerable systems on their networks.
After additional technical details were recently disclosed, both security researchers and threat actors could reproduce a working ProxyShell exploit.
Then, just as it happened in March, attackers began scanning for and hacking Microsoft Exchange servers using the ProxyShell vulnerabilities.
After breaching unpatched Exchange servers, threat actors drop web shells that allow them to upload and execute malicious tools.
While, in the beginning, the payloads were harmless, attackers have begun deploying LockFile ransomware payloads delivered across Windows domains compromised using Windows PetitPotam exploits.
So far, US-based security firm Huntress Labs said it found over 140 web shells deployed by attackers on more than 1,900 compromised Microsoft Exchange servers until…