TZUTC: -0500   
   MSGID: 25.consprcy@1:2320/105 2bfe4c7f   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   One of the biggest flaws exploited by Salt Typhoon hackers has had a patch   
   available for years   
      
   Date:   
   Mon, 27 Jan 2025 15:30:28 +0000   
      
   Description:   
   The group behind the notorious Treasury hack regularly exploits this   
   vulnerability, but it had a simple fix.   
      
   FULL STORY   
   ======================================================================   
    - A security vulnerability in Microsoft Exchange servers remains largely   
   unpatched   
    - A fix was issued four years ago, but some users clearly didn't update   
    - This flaw may have aided the hacking group Salt Typhoon   
      
   Critical security vulnerabilities seem to be a regular occurrence in   
   technology reporting, with countless patches and updates to keep track of -   
   but this Microsoft Exchange Server flaw might be one to take very seriously.    
      
   Most of us will be familiar with the major incident in which 9 US telecom   
   giants were breached in what appeared to be a Chinese state sponsored   
   cyber-espionage campaign. The attack, attributed to hacking group Salt   
   Typhoon, is said to have, at least in part, exploited a known critical   
   security flaw in Microsoft Exchange Server.    
      
   The vulnerability, nicknamed ProxyLogon, was disclosed by Microsoft in 2021,   
   and a patch has been available for 4 years. Despite this, cyber-risk   
   management company Tenable has calculated in nearly 30,000 instances affected   
   by ProxyLogon, 91% remain unpatched.   
      
   CISA guidance    
      
   The US Cybersecurity and Infrastructure Security Agency (CISA) previously   
   released in-depth guidance on strengthening visibility and hardening systems   
   and devices in response to the breach, and have emphasized end-to-end   
   encryption for secure communications.    
      
   The ProgyLogon is one of five commonly exploited vulnerabilities used by Salt   
   Typhoon. Others include Ivanti Connect Secure Command Injection and   
   Authentication Bypass vulnerabilities, as well as a Sophos Firewall Code   
   Injection Vulnerability.    
      
   In light of this, the recommendation and advice for any security teams out   
   there is to always patch where available, and keep as up to date as possible   
   on any software for potential vulnerabilities or fixes.    
      
   In light of the vulnerabilities exposed by Salt Typhoon, we need to take   
   action to secure our networks said Federal Communications Commission   
   Chairwoman Jessica Rosenworcel.    
      
   Our existing rules are not modern. It is time we update them to reflect   
   current threats so that we have a fighting chance to ensure that   
   state-sponsored cyberattacks do not succeed. The time to take this action is   
   now. We do not have the luxury of waiting.   
      
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/one-of-the-biggest-flaws-exploited-by-s   
   alt-typhoon-hackers-has-had-a-patch-available-for-years   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426