Chinese State-Sponsored Hacking Group Used Four Zero-Days to Hack Exchange Servers
Google fixes 47 Chrome flaws, 1.7M Oxfam Australia user records exposed in breach, Malaysia Airlines frequent flyer program hacked over a nine-year period, Dairy giant Lactalis breached, more
If you have colleagues who might benefit from Metacurity, talk to the relevant people in your organization about saving 50% off all subscriptions so that everyone can stay up-to-date on the latest infosec news.
Microsoft said that it had detected a “highly-skilled and sophisticated” Chinese state-sponsored hacking group known as Hafnium targeting U.S. organizations to steal data. The hackers used four zero-day vulnerabilities chained together to gain access to Microsoft Exchange servers, steal email, and plant further malware for increased access to the network.
Hafnium needs access to an on-premise Microsoft Exchange server on port 443 for these attacks to work. The industry sectors that the group mostly targets include infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. Microsoft has released emergency out-of-band security updates for all supported Microsoft Exchange versions. (Lawrence Abrams / Bleeping Computer)
Related: Microsoft on the Issues, Anomali Blog, SC Magazine, Rapid7, Dark Reading: Operations, Petri, gHacks, Microsoft Security Response Center, GeekWire Original, Microsoft, TechCrunch, The Hacker News, Rapid7, Redmond Magazine, Business Insider, TechNadu, WRAL Tech Wire, NDTV Gadgets360.com, ZDNet Security, Reddit - cybersecurity, Tenable Blog, Security Affairs, Infosecurity Magazine, TechDator, Inforisk Today, Govcert.uk.gov, ETTelecom.com, Gadgets Now, The Hill: Cybersecurity, Digital Journal, Business Standard, Deutsche Welle, CTVNews.ca, France24, SiliconANGLE, Asia One China, VentureBeat, Gizmodo, Associated Press Technology, The Register, CNN.com, Courthouse News Service, Tech Xplore, TechCentral, Forbes, Krebs on Security, The Record
Kevin Beaumont @GossiTheDog.@HuntressLabs reporting they are seeing webshells being dropped with this (allows access after patching) https://t.co/7ROvEog7O2 https://t.co/8VTd7DcytT
Google rolled out fixes 47 security fixes in its Windows, Linux, and Mac version of Chrome, the most severe of which concerns an "object lifecycle issue in audio."
That flaw, which has been abused in the wild and is tracked as CVE-2021-21166, is one of the two security bugs reported last month by Alison Huffman of Microsoft Browser Vulnerability Research on February 11. (Ravie Lakshmanan / The Hacker News)
The Oxfam Australia charity confirmed a data breach that exposed its supporters' personal data after Bleeping Computer reported that a threat actor was selling a stolen Oxfam Australia database containing 1.7 million user records.
Oxfam said that although no passwords were compromised, the database accessed by the hackers included names, addresses, dates of birth, emails, phone numbers, gender, and in some cases, donation history. (Lawrence Abrams / Bleeping Computer)
Malaysia Airlines said that its frequent flyer program Enrich had been hacked via one of its third-party IT service providers over a nine-year period from March 2010 to June 2019.
The frequent flyer member data stolen during the breach include the date of birth, gender, contact details, frequent flyer number, frequent flyer status, and frequent flyer tier level. The airline said it has no evidence the data was misused. (SHAHRIN AIZAT NOORSHAHRIZAM / Malay Mail)
The world’s leading dairy group Lactalis disclosed a cyberattack after unknown threat actors have breached some of the company's systems.
The France-based group said only a limited number of computers on its network were compromised during the attack, and it has taken all impacted systems offline. (Sergiu Gatlan / Bleeping Computer)
Microsoft announced that its Teams remote collaboration and conference tool will support end-to-end encryption for one-to-one Teams calls.
IT will have discretion over which users can use E2EE. E2EE for Teams 1:1 ad-hoc VoIP calls (as the feature is known officially) will be available in preview to commercial customers later in the first half of this calendar year. (Mary Jo Foley / ZDNet)
Researchers at Cisco Talos say that The ObliqueRAT malware is now cloaking its payloads as seemingly-innocent image files hidden on compromised websites.
The new tactic has helped ObliqueRAT operators avoid detection during the malware’s targeting of various organizations in South Asia where attackers tried to exfiltrate data from victims. (Lindsey O’Donnell / Threatpost)
Google is teaming with two insurance giants, Allianz and Munich Re, to cover cyber breaches and related risks for businesses that use its cloud services.
The two companies' initial targets are U.S.-based companies with annual revenue of between $500 million and $5 billion. (Tom Sims / Reuters)