The Record reports that Microsoft Exchange Server patching has gone "extraordinarily well," with approximately 92% of Exchange Servers secured against the ProxyLogon vulnerabilities. The success is largely due to Microsoft's release of an easy-to-use script to apply mitigations. Redmond says around 30,000 servers remain vulnerable.
Threatpost stresses that patching alone won't secure systems that have already been compromised. CyberNews quotes Brandon Wales, acting director of the US Cybersecurity and Infrastructure Security Agency, as saying in a webinar this week, "We know that multiple adversaries have compromised networks prior to patches being applied. And if you apply a patch, your system may still be compromised, the adversary can still be inside of your network, still be able to utilize you to attack others and disrupt your operations....You should not have a false sense of security. You should fully understand the risk. In this case, how to identify whether your system is already compromised, how to remediate it, and whether you should bring in a third party if you are not capable of doing that."
Ars Technica says the BlackKingdom ransomware operators are among those exploiting the flaws.
Acer sustains ransomware attack.
Taiwanese computer manufacturer Acer has suffered a REvil ransomware attack, with the attackers demanding $50 million in payment, BleepingComputer reports. BleepingComputer notes that this is the highest known ransom demand to date, and the ransom note claims that it will double to $100 million if the ransom isn't paid by the deadline.
Vitali Kremez told BleepingComputer that a REvil affiliate had targeted a Microsoft Exchange Server belonging to Acer, though it's not yet clear if this was the cause of the attack. "Advanced Intel's Andariel cyberintelligence system detected that one particular REvil affiliate pursued Microsoft Exchange weaponization," Kremez said.
Acer hasn't confirmed the attack, but told BleepingComputer in a statement:
"Acer routinely monitors its IT systems, and most cyberattacks are well defensed. Companies like us are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries. We have been continuously enhancing our cybersecurity infrastructure to protect business continuity and our information integrity. We urge all companies and organizations to adhere to cyber security disciplines and best practices, and be vigilant to any network activity abnormalities."