AVN 64.74 Decreased By ▼ -0.26 (-0.4%)
BAFL 31.23 Increased By ▲ 0.08 (0.26%)
BOP 4.82 Increased By ▲ 0.11 (2.34%)
CNERGY 3.86 Decreased By ▼ -0.02 (-0.52%)
DFML 14.11 Increased By ▲ 0.41 (2.99%)
DGKC 41.69 Increased By ▲ 0.42 (1.02%)
EPCL 46.36 Decreased By ▼ -0.33 (-0.71%)
FCCL 11.41 Decreased By ▼ -0.01 (-0.09%)
FFL 5.06 Increased By ▲ 0.02 (0.4%)
FLYNG 5.78 Decreased By ▼ -0.04 (-0.69%)
GGL 9.92 Decreased By ▼ -0.03 (-0.3%)
HUBC 64.23 Increased By ▲ 0.13 (0.2%)
HUMNL 5.61 Decreased By ▼ -0.04 (-0.71%)
KAPCO 27.84 Increased By ▲ 0.04 (0.14%)
KEL 2.15 Increased By ▲ 0.02 (0.94%)
LOTCHEM 24.52 Increased By ▲ 0.22 (0.91%)
MLCF 21.75 Increased By ▲ 0.35 (1.64%)
NETSOL 84.19 Decreased By ▼ -0.01 (-0.01%)
OGDC 87.30 Decreased By ▼ -0.64 (-0.73%)
PAEL 10.95 Increased By ▲ 0.05 (0.46%)
PIBTL 4.24 Increased By ▲ 0.06 (1.44%)
PPL 76.63 Decreased By ▼ -1.07 (-1.38%)
PRL 13.69 Increased By ▲ 0.07 (0.51%)
SILK 0.90 Increased By ▲ 0.01 (1.12%)
SNGP 41.52 Decreased By ▼ -0.41 (-0.98%)
TELE 5.95 Increased By ▲ 0.08 (1.36%)
TPLP 15.77 Decreased By ▼ -0.01 (-0.06%)
TRG 111.25 Decreased By ▼ -1.05 (-0.93%)
UNITY 13.92 Decreased By ▼ -0.03 (-0.22%)
WTL 1.14 Increased By ▲ 0.01 (0.88%)
BR100 4,046 Decreased By -1.8 (-0.05%)
BR30 14,434 Decreased By -33.1 (-0.23%)
KSE100 40,620 Decreased By -53.1 (-0.13%)
KSE30 15,170 Decreased By -20 (-0.13%)
Follow us

SAN FRANCISCO: Microsoft on Tuesday moved to defend against a dangerous new threat to Exchange email servers while the fight continued against hackers taking advantage of a flaw patched last month.

The US Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, called on government departments to immediately install the latest software update released by Microsoft.

“These vulnerabilities pose an unacceptable risk to the Federal enterprise and require an immediate and emergency action,” CISA said in a notice.

“This determination is based on the likelihood of the vulnerabilities being weaponized, combined with the widespread use of the affected software across the Executive Branch and high potential for a compromise of integrity and confidentiality of agency information.”

Both CISA and Microsoft said it did not appear that hackers had taken advantage of the newly discovered weakness to break into Exchange email systems.

“Although we are not aware of any active exploits in the wild, our recommendation is to install these updates immediately to protect your environment,” Microsoft said in a post about the patch.

CISA and Microsoft said that the vulnerabilities were different from those fixed last month, when the US tech company disclosed that a state-sponsored hacking group operating out of China was exploiting security flaws in its Exchange email services to steal data from business users.

The company said the hacking group, which it has named “Hafnium,” is a “highly skilled and sophisticated actor.”

Hafnium has in the past targeted US-based companies including infectious disease researchers, law firms, universities, defense contractors, think tanks and NGOs.

The potentially devastating hack is believed to have affected at least 30,000 Microsoft email servers in government and private networks and has prompted calls for a firm response to state-sponsored attacks which could involve “hacking back” or other measures.

Microsoft in March released updates to fix the security flaws, which apply to on-premises versions of the software rather than cloud-based versions, and urged customers to apply them.

US Justice Department officials on Tuesday announced that, with backing from a court, they purged “malicious web shells” hackers had planted in hundreds of computers running Exchange Server software.

Web shells are bits of computer code that allow hackers to reach into computers remotely, and had been planted early this year by taking advantage of a weakness in Exchange, according to a Justice Department release.

“Today’s operation removed one early hacking group’s remaining web shells, which could have been used to maintain and escalate persistent, unauthorized access to US networks,” Justice Department officials said.

Comments

Comments are closed.

Microsoft defends against new threat to Exchange

'Higher than expectations': Pakistan's headline inflation clocks in at 27.6% in January

Rupee sustains losses, settles at 268.83 against US dollar

Fawad Chaudhry released from Adiala jail

Imran says governor KP's letter to ECP regarding delay in polls raises 'suspicions’

Cannot rule out internal assistance for Peshawar bombing: police

Peshawar attack: ‘Who brought the terrorists back?’, asks PM Shehbaz

Adani abandons $2.5 billion share sale in big blow to Indian tycoon

Hyundai-Nishat jacks up car prices by up to Rs500,000 in Pakistan

Maryam Nawaz says PML-N will clean sweep upcoming elections

PSX sees range-bound session, KSE-100 falls 0.13%