Tag Archive for: Exchange

Sonic Foundry’s Global Learning Exchange™ Announces Partnership with EC-Council University

/in


Partnership will provide Global Learning Exchange students with access to globally recognized cyber security certification programs.

Sonic Foundry, Inc. (NASDAQ: SOFO), the trusted leader in video capture, management and streaming solutions, today announced that its Global Learning Exchange™ (GLX) business, which provides students around the world with cost-effective, locally supported access to top-tier online learning solutions, has finalized a partnership agreement with EC-Council University (ECCU), the education arm of The International Council of Electronic Commerce Consultants (EC-Council) and the globally-recognized leader in cyber security education and technical certification.

This partnership will provide Global Learning Exchange students with access to an extensive menu of cyber security certifications, including Certified Ethical Hacker, Certified Network Defender, and Certified Hacking Forensic Investigator. These certifications are endorsed by the U.S. National Security Agency (NSA), the Committee on National Security Systems (CNSS), and other leading security bodies, ensuring that students who successfully complete their coursework will enter the market with a widely recognized credential in one of the world’s fastest-growing job sectors. Additionally, ECCU certifications are often transferable as course credits for Bachelors and Masters-level degree programs in cyber security and computer science.

Sonic Foundry CEO Joe Mozden, Jr. commented, “From day one, Global Learning Exchange has focused on providing students with access to future-oriented, career-focused education programs. Cyber security is one of the fastest-growing fields in the global job market, and ECCU clearly represents the global standard for cyber security education. We are thrilled to announce ECCU as an official Global Learning Exchange partner and we can’t wait to introduce prospective students to its rich variety of certification programs.”

ECCU President Lata Bavisi added, “Today’s cyber workforce is sorely under-resourced. Industry estimates indicate that the number of unfilled jobs in cybersecurity will continue to increase. By partnering with GLX, EC-Council…

Source…

Many Exchange servers still vulnerable to ProxyNotShell flaw

/in


Approximately 60,000 IP addresses with internet-facing Exchange Server instances are still vulnerable to ProxyNotShell flaw CVE-2022-41082, according to cybersecurity nonprofit Shadowserver Foundation.

ProxyNotShell refers to a pair of Exchange Server zero-day vulnerabilities first disclosed in September that were chained together by threat actors in a series of targeted attacks. One flaw, CVE-2022-41040, is a server-side request forgery flaw, and the other, CVE-2022-41082, is a remote code execution bug. The name ProxyNotShell is a reference to ProxyShell, a now-infamous series of flaws disclosed in 2021.

Microsoft did not patch ProxyNotShell until its November Patch Tuesday release. Until then, the company urged customers to mitigate the vulnerabilities by applying URL Rewrite instructions for the Autodiscover endpoint at the center of the exploit chain.

However, CrowdStrike published a blog post last month revealing that a new exploit chain, referred to as “OWASSRF,” bypassed Microsoft’s URL Rewrite mitigations. OWASSRF combines ProxyNotShell bug CVE-2022-41082 with elevation of privilege flaw CVE-2022-41080, and it has been used in several Play ransomware attacks in recent weeks.

CrowdStrike urged organizations to apply the November Patch Tuesday fix, which addresses the new chain. OWASSRF is considered particularly dangerous because it affects organizations that applied mitigations under the impression that patching ProxyNotShell was not necessary. CrowdStrike and Rapid7 have both observed an increase in Exchange Server compromises where OWASSRF was the suspected cause.

Shadowserver, a cybersecurity nonprofit dedicated to data collection and analysis, has been scanning for IP addresses with instances of Microsoft Exchange Server that are likely vulnerable to CVE-2022-41082. On Dec. 21, the day after CrowdStrike’s research went live, Shadowserver found 83,946 vulnerable IP addresses. As of Jan. 2, that number dropped to 60,865.

A chart from Shadowserver showing the number of IP addresses with Exchange Server instances that are likely vulnerable to CVE-2022-41082.
As of Jan. 2, approximately 60,865 instances of Microsoft Exchange Server remained vulnerable to the OWASSRF exploit chain.

Shadowserver CEO Piotr Kijewski told TechTarget Editorial that compared with other recent Exchange Server security…

Source…

Microsoft’s third mitigation update for Exchange Server zero-day exploit bypassed within hours

/in


Microsoft has published its third update for its mitigation of an exploit abusing two zero-day vulnerabilities in Microsoft Exchange Server.

It marks the latest step towards providing a fix for the exploit, dubbed ‘ProxyNotShell’, in what has been a confusing week for system admins attempting to understand the threat.

Security researcher Kevin Beaumont highlighted on Friday that there is already a bypass for the Microsoft-provided mitigation. It means every one of the company’s attempts to prevent the exploit from harming customers has been circumvented within hours of publication.

The issue is in the way Microsoft’s signatures detect the exploit. Signatures monitor the w3wp.exe internet information services (IIS) module but for customers of Windows Server 2016 and above, w3wp.exe is excluded automatically by Exchange Server when IIS is installed.

“The only way to correct this is to turn off automatic exclusions,” he said, but Microsoft states explicitly in its documentation to not do this.

The original vulnerability disclosure for the ProxyNotShell exploit was atypical in nature and the information regarding potential fixes has been fragmented and confusing to follow for many. 

Discovered last week by security researchers at Vietnam-based company GTSC, the pair of zero-days has received a number of attempted fixes – the first of which was bypassed “easily”.

GTSC said in its report that it had noticed in-the-wild exploitation of both vulnerabilities for at least a month before publishing its findings.

The security issues are related to, but different from, the ProxyShell exploit which was developed in 2021 and are not protected by the patch Microsoft provided for ProxyShell that year. 

Tracked as CVE-2022-41040 and CVE-2022-41082, they each received a CVSSv3 severity score of 8.8/10. Microsoft Exchange versions 2013, 2016, and 2019 are affected.

Exploitation requires access to an authenticated user account but initial tests indicated that any email user’s account, regardless of the level of privileges they had, could be used to launch an attack. 

Microsoft Exchange Server customers are advised to monitor the official mitigation page and apply new ones as they become…

Source…

Week in review: MS Exchange zero-days exploited, AD attack paths, developing secure APIs

/in


OPIS

SpyCast: Cross-platform mDNS enumeration tool
SpyCast is a cross-platform mDNS enumeration tool that can work either in active mode by recursively querying services or in passive mode by only listening to multicast packets.

Attackers use novel technique, malware to compromise hypervisors and virtual machines
Unknown attackers wielding novel specialized malware have managed to compromise VMware ESXi hypervisors and guest Linux and Windows virtual machines, Mandiant threat analysts have discovered.

To encrypt or to destroy? Ransomware affiliates plan to try the latter
Researchers from Symantec, Cyderes and Stairwell have recently analyzed a new version of the Exmatter data exfiltration tool and have spotted a new capability: data corruption.

MS SQL servers are getting hacked to deliver ransomware to orgs
Cybercriminals wielding the FARGO (aka Mallox, aka TargetCompany) ransomware are targeting Microsoft SQL (MS SQL) servers, AhnLab’s ASEC analysis team has warned.

3 ways to gauge your company’s preparedness to recover from data loss
Where you store your data backup is nearly as important as creating copies in the first place. Storing your data in the cloud does not mean it is secure.

Two Microsoft Exchange zero-days exploited by attackers (CVE-2022-41040, CVE-2022-41082)
Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers.

Phishing attacks skyrocketing, over 1 million observed
The APWG’s Phishing Activity Trends Report reveals that in the second quarter of 2022, the APWG observed 1,097,811 total phishing attacks — the worst quarter for phishing that APWG has ever observed.

RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled.

The various ways ransomware impacts your organization
Despite increased investment in tools to fight ransomware, 90% of organizations were affected by ransomware in some capacity over the past 12 months, according to SpyCloud’s 2022 Ransomware Defense…

Source…