The US Cybersecurity and Infrastructure Security Agency (CISA) is urging "ALL organizations across ALL sectors" to address Microsoft Exchange Server vulnerabilities. CISA has provided a set of guidelines designed to walk IT security staffs and organizations' leaders through the process of fixing the vulnerabilities. Exploitation is ongoing, attackers may have established themselves in their victims' systems, and there's more to an effective response than simply patching.
Organizations affected by both the Hafnium attack against Microsoft Exchange Server and the Holiday Bear campaign that centered on a SolarWinds Orion supply chain compromise are finding their security teams feeling overtaxed, FCW writes. That doesn’t in itself make either incident a “resource attack,” but resources are being affected nonetheless.
The New York Times may have quietly redacted its perhaps excessively muscular headline from “cyberstrike” to “retaliation,” as well as muting some of its text, but the US Government continues to suggest that it’s mulling a range of responses to Holiday Bear’s romp through SolarWinds. Computing cites various sources who speculate that the US response will be both “seen and unseen,” with the (mostly) unseen coming first, visible enough to Mr. Putin and his intelligence services, but not to most of the rest of us.
An essay in Foreign Affairs argues that intelligence agencies face a bear market for secrets, and that they should adapt to work in the growing and increasingly transparent world of OSINT. (Among other things, doing so would necessarily involve overcoming the widespread human tendency to confuse cost with value.)