Microsoft Continues to Take Unprecedented Steps to Resolve the Exchange Vulnerabilities

NetStandard’s Security Minute Series

Since the release of ransomware targeting the new Exchange vulnerabilities (which Scott discussed last week), the number of attacks has grown by 10X. This has become the most significant software vulnerability in a very long time: Exploits on Organizations Worldwide Grow Tenfold after Microsoft’s Revelation of Four Zero-days – Check Point Software
Microsoft continues to take unprecedented steps to resolve the Exchange vulnerabilities. In addition to releasing patches for multiple unsupported versions, Microsoft has now gone to the step of releasing a tool to automatically mitigate the issue with one click: One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021 – Microsoft Security Response Center
Buffalo Public Schools suffered a ransomware attack last weekend, which forced them to cancel at least one day of school. The FBI is investigating: Buffalo Public Schools was victim of ransomware attack | Education | buffalonews.com
As more and more people start using two-factor authentication (which is a very good thing!), SMS text messages continue to be attacked. We already knew about SIM swapping, but it turns out it was easier than we ever knew – you can just intercept SMS messages without swapping the entire SIM: Can We Stop Pretending SMS Is Secure Now? — Krebs on Security

• There are some security professionals, including the author of the article above, Brian Krebs, who are publicly telling people that SMS is insecure. In my opinion, statements like this are technically true but may be counterproductive. SMS-based two-factor authentication is not as secure as app-based 2FA, but is still better than nothing. Regular people are better off with SMS-based 2FA than with just using a password alone.

Microsoft continually releases new tools to help manage and work with Windows. Some of them can be very helpful for IT folk. Here’s a good collection of some of the more useful tools released over the past year: Best Microsoft tools created for Windows 10 power users (bleepingcomputer.com)
CISA has released a big write-up on the various attack methods seen in the SolarWinds and M365 attacks. Good info for anyone interested in learning more about how attackers move through an environment. 
If you know anyone using Cisco Small Business routers, there is a new critical vulnerability out. Make sure you review this alert: Cisco Small Business RV132W and RV134W Routers Management Interface Remote Command Execution and Denial of Service Vulnerability
On another note…

• In 2020, cybercrime cost over $4.2 billion in the US
• A malware campaign is specifically targeting Xcode developers, creating macOS backdoors on victims’ computers. If you use a Mac or do any iOS development, be careful: New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor – SentinelLabs (sentinelone.com)
• You can build a supercomputer in only 20 weeks now: This powerful supercomputer was built in just 20 weeks, with a bit of help from a tiny robot | ZDNet