UPDATE: MS Exchange server patches and UAC issues per Bleeping Computer
A heads up for those installing the Exchange server patches to check if IAC or User Account Control is enabled. The patch may look like it installed but doesn’t actually fix the problem. Security expert Kevin Beaumont advised to validate build numbers. The issue has to do with certain Exchange-related services not being stopped by the security update. For manual patch applications Microsoft recommends installing as Admin from the command line. Wishing you all success!
UPDATE: Three new SolarWinds Malware strains found per The Hacker News
We knew there’d be more, lots more. On March 4 FireEye and Microsoft announced their finding of three more malware types in the massive supply chain attack: Goldmax or SUNSHUTTLE, GoldFinder (I am singing Goldfinger in my head with you now) and Sibot. Goldmax appears to be another sophisticated second stage backdoor to allow the attackers, now dubbed “Nobelium” by Microsoft, to cloak malicious traffic using regular network traffic while downloading more malware and uploading stolen goodies.
The sophistication and crafting of the malware speaks to the resources and focus of this attacker. State-sponsored adversaries ate determined and equipped to bypass defenses and detections in place. What we have to work with is our awareness that these attacks happen, and that constant vigilance and monitoring are key components of ensuring we do defense in depth.
Closing note: Robocalls are more than a nuisance- they are a threat. Per ZDNet, the FTC and 38 states took down a massive operation that defrauded victims of $110 million. If you’d like to learn more, I talk about the exponential increases in size and abuse of trust, as well as how to deal with them on CSuite with Claudette McGowan