CISA Issues Warning Over Microsoft Exchange Server Vulnerabilities

Microsoft has warned that hackers are already using zero-day Exchange Server exploits to break into victims’ networks and steal data and that more attacks are likely to come.

Microsoft has given more details about how the vulnerabilities have already been exploited, starting with attacks in August.

In a small number of targeted attacks, the CVE-2022-41040 and CVE-2022-41082 vulnerabilities were linked to give attackers “hands-on-keyboard access.” These vulnerabilities were employed for surveillance into the Active Directory and to steal data. The names of the victims have not been made public.

For the attack to succeed, the intruder must be a confirmed user, but these credentials can be obtained through phishing scams, brute force, or buying stolen credentials.

Even though there are no clear signs yet of who is behind these attacks, Microsoft’s Security Threat Intelligence Team (MSTIC) suspects that these attacks are the work of a single group.

Microsoft says it is working on what it calls an “accelerated timeline” to fix the security hole, but the fix hasn’t come out yet.

Since the vulnerability has been made public, it is likely that hackers are already working to take advantage of it before a fix is available. As a result, Microsoft has warned that “overall exploitation of these vulnerabilities will increase.”

Previous Exchange Server flaws were used in a wide range of cyberattacks, such as ransomware operations and crypto-jacking attacks. This is because attackers rushed to take advantage of the flaws before organizations could apply the patch.

Another warning came from The United States Cybersecurity & Infrastructure Security Agency (CISA), which also stated that attackers could use the latest Microsoft Exchange Server flaws to illegally access and steal user data.

Even though there isn’t yet a patch, Microsoft has advised on how to deal with the threat, such as telling Exchange Server customers that non-admin users shouldn’t be able to access PowerShell remotely.

Product Releases from Amazon’s Hardware 2022 Event

A number of exciting products were announced at Amazon’s Hardware 2022 event. These announcements include two brand-new Eero home networking products and the news that the next-generation Echo Dot devices will feature Eero capabilities.

The first product is the Eero PoE 6 access point. Due to PoE (Power over Ethernet) technology’s popularity among enterprises and home network enthusiasts, this is a fascinating announcement by Amazon. PoE installations are popular because they allow you to connect your equipment with a single cable. This technology should also give customers more mounting options for Eero access points.

According to Amazon, the Eero PoE 6 provides coverage for up to 2,000 square feet, connections, and support for 100 connected devices.

The Eero PoE 6 is priced at $299.99. Starting in October 2022, Amazon will begin selling Eero PoE systems to certified professional installers, followed by regular customers early next year.

The second Eero product announced is the Eero PoE Gateway that will power your Eero PoE. The Eero gateway will be able to support numerous Eero PoE 6 devices as well as other PoE devices, such as security cameras.

The Eero PoE Gateway features ten Ethernet ports to connect your PoE devices, and it’s priced at $649.99.

As a result of its more elaborate setup, Eero’s PoE devices won’t be a suitable fit for everyone. However, it could be an ideal solution for a new home build or renovation.

It is worth noting that additional Eero services are available to prevent your network from losing internet access. One of those services is the Eero internet backup which might be the right choice for those who live in a remote area. This service can use a mobile hotspot or another Wi-Fi connection to keep all the devices operational even when your primary internet connection fails.

To use internet backup, you must subscribe to Eero+ for $9.99 per month or $99 per year. However, considering everything else included with the service, this may be a worthwhile inversion for certain households. The internet backup is a rebranded version of Eero’s Secure+ service, so all the same features are available here – including robust parental controls, network analysis, Malwarebytes, and more.

Eero+ is already available for the existing Eero mesh. However, if you were seeking to upgrade your home internet to one of the top Wi-Fi 6 mesh systems, you might find that Eero+ is enough to convince you to get an Eero kit instead.

Malware-as-a-Service Gaining Popularity

Malware as a Service (MaaS) has gained popularity over the past few years as a method of spreading malware. Typically, MaaS is provided at a monthly, annual, or lifetime subscription price. Once a threat actor obtains access to the malware, they can target individuals through various tactics.

A relatively new MaaS has emerged, called Erbium. Erbium is spread quickly across the internet disguised as cheats and hacks for popular video games.

Due to the fact that the Erbium malware subscription is affordable,  has excellent customer service, and a wide array of skills at a competitive price, it is attractive to threat actors. Additionally, due to the growing popularity of Erbium, the membership fee increased from $9 a week to $100 a month or $1,000 a year in late August 2022.

The development of Erbium appears to be in its early stages, however, it has been detected in several countries worldwide, including the United States, France, Colombia, Spain, Italy, Vietnam, and Malaysia.

The Erbium malware is exceptionally versatile in gathering data from infected devices. In addition to extracting information about the browser, the malware also extracts passwords, cookies, credit card numbers, auto-fill information, cryptocurrency wallet information, and two-factor authentication credentials without the user being aware of it.

Installing an antivirus program on your computer is an effective way to keep it safe from malicious software. Additionally, it is also essential to ensure that you’re updating your operating system and software regularly and downloading applications only from credible sites.

Tesla Introduces Optimus Robot Prototype

Tesla introduces the humanoid Optimus robot prototype and claims to be aiming for a price of under $20,000.

After the event started, Tesla’s eagerly anticipated humanoid robot was unveiled. The prototype walked unfettered across the stage. Tesla’s CEO, Elon Musk, stated that the team is working to make the robot accessible as soon as possible for less than a car at under $20,000.

According to Musk, Optimus is being developed to be a strong robot that can be produced in large quantities. During the event, a video showed the robot moving packages throughout a workplace and watering a plant, among other simple chores.

Tesla also displayed a fully built prototype showing the design of a potential final product. This prototype had a slick, cutting-edge design similar to what was showcased at the event last year.

The Optimus’ hands are designed to have a complete range of motion in their fingers. However, the humanoid movements are not restricted to the hands; the entire robot’s operation is fashioned after a human body. According to a Tesla engineer, the robot will have a human form, a broad range of motion, and strength. The Optimus will be programmed to have human brain-like capabilities, including vision processing, decision-making on the fly, and communicating; this is made possible by Tesla employing autopilot software and a battery pack from its vehicles in the robot.

CEO Elon Musk was passionate about the positive impact Optimus could bring to society and the economy. He stated, “It’ll be a fundamental transformation for civilization as we know it.”

When questioned about an exact timeframe, Musk responded that Optimus deliveries will be “probably within three years and not more than five years.”

The public has been hesitant toward technology since the humanoid robot announcement. After all, the scenario does resemble the ending of a sci-fi horror film in which machines might take over. However, Musk said that despite his attempts to get it out as fast as possible, safety is still a top priority in response to these worries.

It’s anyone’s guess whether a Tesla Bot will ever become a reality since Tesla has a history of fanciful ideas that never materialized. But the company is not where it is today because it decided to produce everything it invented.

Firefox 105.0 Update, The End of Low Memory Crashes and Other Features

The most recent version of Firefox, version 105, was made available for download on September 20, 2022. This version is a minor update that does not offer as many new features as previous versions.

However, the most striking improvement in Firefox 105 is that Mozilla has drastically decreased the number of out-of-memory browser crashes the Windows and Linux users experience.

When the system’s memory becomes low, the improved protection guarantees that the browser’s primary process is not disrupted. In addition, to free up RAM, Firefox 105 will stop content processes in pages that have not been used for an extended period. When the content processes are terminated, only the webpage, rather than the entire browser, becomes unresponsive.

Mozilla’s software developers have also improved the browser’s performance in several ways. Firefox 105 supports multi-finger gestures that allow users to quickly and easily switch between touchpad platforms. There have also been enhancements made to the touchpad scrolling experience on macOS. A new printing option has been added that enables users to print directly from the current page without printing excessive irrelevant information.

Mozilla offers some developer-focused improvements, including optimizing searching in large arrays. This enhancement, along with others in Firefox 105, is aimed at increasing the functionality and efficiency of developers. Furthermore, Firefox 105 Stable resolves seven security concerns classified by Firefox as high vulnerabilities.

On September 23, 2022, Mozilla released an update, Firefox 105.0.1, which addresses a bug reported in the original 105 version. In most circumstances, Firefox will update automatically. However, you can manually verify that you have the most updated version by selecting Menu > Help > About Firefox to perform a manual check for the update.

The next version of Firefox, version 106 and ESR 102.4, is expected to be available for download on October 18, 2022.