CISA encourages all organizations to fix Microsoft Exchange vulnerabilities in the wake of massive exploitation campaigns targeting the software. (Coolcaesar, CC BY-SA 4.0 https://creativecommons.org/licenses/by-sa/4.0, via Wikimedia Commons)The Cybersecurity and Infrastructure Security Agency (CISA) on Wednesday issued a supplemental direction to Emergency Directive (ED) 21-02, which lays out hardening, forensic triage and reporting requirements designed to mitigate vulnerabilities found in the wake of the massive Microsoft Exchange vulnerability hacks that have affected tens of thousands of organizations.The update directs federal departments and agencies to run newly developed tools to investigate whether their Microsoft Exchange servers have been compromised: Microsoft’s Test-ProxyLogon.ps1 script and Safety Scanner MSERT. Agencies must also ensure their exchange servers are provisioned with a firewall, fully updated, supported by Microsoft, and safeguarded by anti-malware programs, among other listed protections.Although ED 21-02 mainly applies to federal civilian executive branch agencies, CISA encourages state and local governments, critical infrastructure companies and other private-sector organizations to review the notice and consult the following resources for additional information:
“If there ever was a question of the impact and risk associated with these vulnerabilities, it should clearly be answered now,” said Tim Wade, technical director of the CTO Team at Vectra. “CISA has instructed organizations with insufficient cybersecurity expertise to fully disconnect their on-premises Exchange infrastructure until such a time as instructions for rebuilding and reprovisioning are provided. Given the importance of email for modern business, these directives indicate that there are organizations that may be implicitly instructed to stand down from the full execution of their primary function unless and until remediation occurs.”
Active exploitation of the nearly half a decade-old high-severity SonicWall SMA100 remote-access appliance operating system command injection flaw, tracked as CVE-2021-20035, has been disclosed by SonicWall upon notification from one of its partners, Cybersecurity Dive reports.
Updates have been issued by Apple to address a pair of zero-day vulnerabilities affecting iOS, macOS, iPadOS, tvOS, and visionOS, which was leveraged in a highly advanced and targeted iPhone attack, according to BleepingComputer.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news