SoylentNews

Freeman [soylentnews.org] writes:

https://arstechnica.com/security/2023/08/how-an-unpatched-microsoft-exchange-0-day-likely-caused-one-of-the-uks-biggest-hacks-ever/ [arstechnica.com]

It’s looking more and more likely that a critical zero-day vulnerability that went unfixed for more than a month in Microsoft Exchange was the cause of one of the UK’s biggest hacks ever—the breach of the country’s Electoral Commission, which exposed data for as many as 40 million residents.

Electoral Commission officials disclosed [electoralcommission.org.uk] the breach on Tuesday. They said that they discovered the intrusion last October when they found “suspicious activity” on their networks and that “hostile actors had first accessed the systems in August 2021.” That means the attackers were in the network for 14 months before finally being driven out. The Commission waited nine months after that to notify the public.
[...]
Some online sleuthing independently done by TechCrunch reporter Zack Whittaker [techcrunch.com] and researcher Kevin Beaumont [doublepulsar.com] suggests that a pair of critical vulnerabilities in Microsoft Exchange Server, which large organizations use to manage email accounts, was the cause.

Original Submission