This Month Includes New Patches for Microsoft Exchange

photo-1587614203256-c0349650a9af-1920w

NetStandard’s Security Minute Series 

This past week was Patch Tuesday! This month includes new patches for Microsoft Exchange. The new Exchange vulnerabilities are not known to be exploited in the wild….yet….though with the increased attack focus on Exchange these days, exploits will surely come soon. Patch now! April 2021 Security Updates – Release Notes – Security Update Guide – Microsoft
As IT professionals, we often get messages from recruiters about new job opportunities. Be careful with these – a spearphishing campaign is using fake job offers to distribute a backdoor trojan named more_eggs. Don’t be a victim! eSentire | Hackers Spearphish Professionals on LinkedIn with Fake Job…
A Kansas man was indicted for allegedly hacking into the Ellsworth County water system and tampering with the water supply. This is a different case from the one in Florida a couple months ago, and shows that attacks on US infrastructure are becoming more common: INDICTMENT: KANSAS MAN INDICTED FOR TAMPERING WITH A PUBLIC WATER SYSTEM | USAO-KS | Department of Justice
The managed services provider CompuCom, with customers including Target, Citibank, and Wells Fargo, was hit with the DarkSide ransomware in March. The company is expecting a loss of over $20 million dollars from the incident: CompuCom MSP expects over $20M in losses after ransomware attack (bleepingcomputer.com)
Speaking of DarkSide, the ransomware group recently gave an interview that sheds some light on how the group thinks: A chat with DarkSide (databreaches.net)
The Clop ransomware is on the rise, targeting a wide variety of industries. Palo Alto released a very detailed writeup of how it works and how to defend against it: Threat Assessment: Clop Ransomware (paloaltonetworks.com)
Shall we play a game? Microsoft has released a toolkit called CyberBattleSim, which is essentially a game simulating a security breach. The results are used to improve machine learning models to better automate network security: Gamifying machine learning for stronger security and AI models – Microsoft Security

Think it’s always safe to open txt files in email? Think again: a-txt-file-can-steal-all-your-secrets (360totalsecurity.com)
On another note…

NetStandard

NetStandard

For over 25 years, NetStandard has been providing a wide range of technical solutions to various industries in the Kansas City metro area.