Here’s how hackers are targeting a bug in Microsoft email servers | Tech News
Home Tech Tech News Here’s how hackers are targeting a bug in Microsoft email servers

Here’s how hackers are targeting a bug in Microsoft email servers

In some cases, the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use.

By: INDO ASIAN NEWS SERVICE
| Updated on: Aug 20 2022, 19:51 IST
Icon
The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative.
The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative. (AP)
The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative.
The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro’s Zero Day Initiative. (AP)

Several state-sponsored hacking groups are exploiting a vulnerability in Microsoft Exchange email servers that the tech giant patched in February, a cyber security firm has revealed. London-based Volexity saw this vulnerability -- CVE-2020-0688 -- exploited in the wild by advanced persistent threat (APT) actors.

The vulnerability was discovered by an anonymous security researcher and reported to Microsoft by way of Trend Micro's Zero Day Initiative.

"Two weeks after the security updates were released, the Zero Day Initiative published a blog post providing more details on the vulnerability. The post made it clear that an attacker could exploit a vulnerable Exchange server if the three criteria are not met," said the Volexity Threat Research team.

ALSO READ: Malicious coronavirus domains flood the web as curiosity about the virus grows

"The Exchange Server had not been patched since February 11, 2020; The Exchange Control Panel (ECP) interface was accessible to the attacker and the attacker has a working credential that allows them to access the Exchange Control Panel in order to collect the ViewState Key," the security researchers noted.

Volexity has observed multiple APT actors exploiting or attempting to exploit on-premise Exchange servers.

In some cases, the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use.

ALSO READ: 7 in 10 organisations saw hacking attempts via IoT

Many organisations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a compromised password.

"This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or old service account," said security researchers.

This issue further underscores why changing passwords periodically is a good best practice, regardless of security measures like 2FA. Microsoft was yet to react to the Volexity report.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 09 Mar, 18:01 IST
Tags:
Trending: google wallet to launch in india: what is it and how will it be different from google pay 20 years of mac os x: in pics how to change whatsapp font style and font size in chat window new iphone update, ios 17.5 beta 2, brings web distribution to eu developers- what it means beware! your whatsapp account can be hacked easily; here’s how this cybcercrime works this horrifying whatsapp scam can hijack your account with just a phone call did facebook really change its logo? see if you can spot the difference how to restore whatsapp chat history on android: check tips and tricks use of whatsapp plus, gb whatsapp got your whatsapp account banned? here is how to fix it amazon music now has a ‘car mode’: here's how to use it
NEXT ARTICLE BEGINS

Tips & Tricks

WhatsApp banned
WhatsApp banned my number. What’s the solution? Step-by-step guide to ‘unban’ your account
Consider Tonnage
Don't forget these 5 things while buying ACs online
Productivity
Otter AI: How to use this AI meeting assistant app to automatically take notes, transcripts, more
Pixel 8 Pro's Pro
Know how to master Pro Controls on the Google Pixel 8 Pro - check top 4 tips
ChatGPT Plus
How to edit images generated by DALL-E in ChatGPT: Step-by-step guide

Editor’s Pick

Digi Yatra
Digi Yatra users, delete the old app right now- Here’s how to download the new app and use it at airports
iPhone 15
iPhone 16 leaks summarised: Colours, A-series chip and what more to expect from Apple in 2024
STScI-01HFQ5YXZ04PF608HQB0KRTF3S
10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
HDFC Bank alerts about a few common ‘bad habits’ of smartphone users that make it easy for them to fall prey to hacking attempts and scams.
Online scams: 5 habits of smartphone users that make life easy for hackers, warns HDFC Bank
Moto Edge 50 Pro
Motorola Edge 50 Pro review: Should you buy this new AI smartphone under 35,000?

Trending Stories

Dbrand
MKBHD takes tough stand after Dbrand makes racist comment on Indian customer [Update]
GTA_6
GTA 6 leaks: What we know so far about Grand Theft Auto 6
STScI-01HFQ5YXZ04PF608HQB0KRTF3S
10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
Google Vids
Google Vids- All details about this new AI video app and how to use it
iPhone 13
Apple iPhone 13 available at discounted price of Rs. 52,990 on Amazon- Check details
keep up with tech

Gaming

GTA 6 trailer: Top 5 iconic cars spotted in the Grand Theft Auto 6’s Vice City
GTA 6: Top 5 iconic cars spotted in the trailer set to dominate vice city's streets
Garena Free Fire MAX redeem codes for April 18
Garena Free Fire MAX Redeem Codes for April 18: OB44 update brings exciting changes!
Garena Free Fire redeem codes for April 18
Garena Free Fire Redeem Codes for April 18: Tips and tricks to win every battle early
GTA 6: Take-Two Interactive trims workforce and scraps projects, will it delay the launch?
GTA 6: Take-Two Interactive trims workforce and scraps projects, will it delay the launch?
Garena Free Fire MAX Redeem Codes for April 17
Garena Free Fire MAX Redeem Codes for April 17: Nab bonus diamonds with top-up event!

    Trending News

    MKBHD takes tough stand after Dbrand makes racist comment on Indian customer [Update]
    Dbrand
    GTA 6 leaks: What we know so far about Grand Theft Auto 6
    GTA_6
    10 stellar images shot by NASA’s $10 billion James Webb Space Telescope
    STScI-01HFQ5YXZ04PF608HQB0KRTF3S
    Google Vids- All details about this new AI video app and how to use it
    Google Vids
    Apple iPhone 13 available at discounted price of Rs. 52,990 on Amazon- Check details
    iPhone 13

    Trending Gadgets

    Mobiles Laptops Tablets