1. Forum
  2. FidoNet
  3. POLITICS

  • Salt Typhoon exploit had

    From Mike Powell@1:2320/105 to All on Tue Jan 28 17:31:00 2025
    One of the biggest flaws exploited by Salt Typhoon hackers has had a patch available for years

    Date:
    Mon, 27 Jan 2025 15:30:28 +0000

    Description:
    The group behind the notorious Treasury hack regularly exploits this vulnerability, but it had a simple fix.

    FULL STORY ======================================================================
    - A security vulnerability in Microsoft Exchange servers remains largely unpatched
    - A fix was issued four years ago, but some users clearly didn't update
    - This flaw may have aided the hacking group Salt Typhoon

    Critical security vulnerabilities seem to be a regular occurrence in
    technology reporting, with countless patches and updates to keep track of -
    but this Microsoft Exchange Server flaw might be one to take very seriously.

    Most of us will be familiar with the major incident in which 9 US telecom giants were breached in what appeared to be a Chinese state sponsored cyber-espionage campaign. The attack, attributed to hacking group Salt
    Typhoon, is said to have, at least in part, exploited a known critical
    security flaw in Microsoft Exchange Server.

    The vulnerability, nicknamed ProxyLogon, was disclosed by Microsoft in 2021, and a patch has been available for 4 years. Despite this, cyber-risk
    management company Tenable has calculated in nearly 30,000 instances affected by ProxyLogon, 91% remain unpatched.

    CISA guidance

    The US Cybersecurity and Infrastructure Security Agency (CISA) previously released in-depth guidance on strengthening visibility and hardening systems and devices in response to the breach, and have emphasized end-to-end encryption for secure communications.

    The ProgyLogon is one of five commonly exploited vulnerabilities used by Salt Typhoon. Others include Ivanti Connect Secure Command Injection and Authentication Bypass vulnerabilities, as well as a Sophos Firewall Code Injection Vulnerability.

    In light of this, the recommendation and advice for any security teams out there is to always patch where available, and keep as up to date as possible
    on any software for potential vulnerabilities or fixes.

    In light of the vulnerabilities exposed by Salt Typhoon, we need to take
    action to secure our networks said Federal Communications Commission
    Chairwoman Jessica Rosenworcel.

    Our existing rules are not modern. It is time we update them to reflect
    current threats so that we have a fighting chance to ensure that state-sponsored cyberattacks do not succeed. The time to take this action is now. We do not have the luxury of waiting.


    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/one-of-the-biggest-flaws-exploited-by-s alt-typhoon-hackers-has-had-a-patch-available-for-years

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)