Security Spotlight: US Government Agencies Take Action Against Exchange Vulnerabilities and Social Media Giants Leak Data

This article was originally published by Bitglass here

Written by Jeff Birnbaum, Bitglass

Here are the top security stories from recent weeks.

• FBI Removes Web Shells from Compromised Exchange Servers Without Notifying Owners
• CISA Requires Federal Agencies to Patch Exchange Servers for Vulnerabilities Discovered by NSA by Friday April 16
• Personal Data of 533 Million Facebook Accounts Leaked
• National Cyberattack Affects Entire University of California System with Data Breach of Personal Information
• 1.3 Million Clubhouse Users’ Data Posted to Hacker Forum

FBI Removes Web Shells from Compromised Exchange Servers Without Notifying Owners

In a court-approved operation, the FBI removed web shells providing remote access to Microsoft Exchange servers without first notifying the owners of the servers. The backdoors were installed by threat actors earlier in the year using a group of ProxyLogon vulnerabilities. These vulnerabilities have since been patched by Microsoft, who has also since released tools to help victims remove the web shells. The FBI states they proceeded with their operation for fear that owners of still-compromised US-based servers did not have the ability to remove the web shells themselves. A Houston court granted the FBI a search warrant for the web shell removal and allowed a delay providing notice to server owners.

CISA Requires Federal Agencies to Patch Exchange Servers for Vulnerabilities Discovered by NSA by Friday April 16

A series of vulnerabilities for Microsoft Exchange was discovered earlier by the NSA allowing remote code execution. Microsoft released a security update patching these vulnerabilities this Tuesday, and the US Cybersecurity and Infrastructure Security Agency (CISA) has required federal agencies to patch their servers by Friday. While there has not been any indication these vulnerabilities were used in any attacks, CISA requested this action to prevent another large scale attack on Exchange servers similar to the ProxyLogon vulnerability attacks.

Personal Data of 533 Million Facebook Accounts Leaked

533 million Facebook records including Facebook IDs, full names, phone numbers, birthdates, locations have been leaked online. While the data is from 2019 according to Facebook and part of a dataset already available for sale via a Telegram bot, the leaked phone numbers are particularly concerning if abused. Leaked email addresses have been loaded to Have I Been Pwned, run by security expert Troy Hunt, allowing users to check if their email was part of the leaked dataset.

National Cyberattack Affects Entire University of California System with Data Breach of Personal Information

The University of California is the latest institution affected by an earlier cyberattack on third-party vendor Accellion, which provided a file transfer service to the organization. Attackers had exploited four vulnerabilities in Accellion’s file transfer system FTA to gain personal information including phone numbers and Social Security numbers. The UC system joins other higher education institutions including Stanford University’s School of Medicine, as well as large corporations including grocery giant Kroger, as victims of the attack.

1.3 Million Clubhouse Users’ Data Posted to Hacker Forum

The personal data of 1.3 million users of Clubhouse, the iOS invite-only social media app, was posted on a hacker forum. Leaked information includes names, user IDs, photo URL, Twitter and Instagram handles, dates, and profile of who invited the member. Clubhouse, however, denies a breach or hack happened, stating the data is all public profile information available to anyone via their app or API. Security researchers noted that anyone can download Clubhouse members’ public profile information on a mass scale, raising user privacy concerns.