Microsoft Exchange hit by massive cyberattack victimizing over 300,000 business and government agencies

It has been widely reported that the emailing and calendaring application, Microsoft Exchange has been aggressively hacked, affecting business and government agencies in the United States, stealing administrator passwords, and exploiting critical vulnerabilities.

Microsoft stated that it continues to see increased use of these vulnerabilities in attacks targeting unpatched systems by multiple malicious actors beyond HAFNIUM.

“We’re concerned that there are a large number of victims,” the White House press secretary, Jen Psaki, said during a press briefing on Friday. The attack “could have far-reaching impacts. This is an active threat. Everyone running these servers – government, private sector, academia – needs to act now to patch them,” she added.

Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. Meanwhile, the U.S.

government’s cybersecurity agency issued an emergency warning, amid concerns that the hacking campaign had affected and impacted tens of thousands of US organizations. The warning urged federal agencies to immediately patch their systems.

bbc.com

Not your keys…Not your emails

The traditional identity systems of today are fragmented, insecure, and vulnerable. Cyber attackers mostly prey upon weak or outdated cybersecurity systems and lenient data security protocols.

Nonencrypted data is mostly the culprit of data breach incidences. Attackers pry on outdated software, weak passwords, drive-by downloads, security flaw of an existing antivirus, or targeted malware attacks. In all these cases they break into the system and hack the nonencrypted data of users.

Decentralized identities give users back control over their personal data, give these identities the verifiable assurance of blockchain technologies, and enable users to make assertions about their data.

Cyberwar shield against hacks, data breaches, and cyberattacks

Pravica is built with Blockchain technology and backed by Bitcoin, which provides numerous privacy and security benefits to individuals, organizations, and governmental entities. It is a decentralized, interoperable, and immutable information infrastructure that is extremely hard to hack into.

Pravica users sign up with their decentralized identity that is secured by Bitcoin and based on BNS from Stacks. The basic premise of a decentralized identity is that you create and control your ID on a blockchain.

Once you create your ID, it lives on the blockchain, cryptographically tied to you. So long as you control the cryptographic keys linked to your decentralized identity, you remain in control.

Pravica.io

No email, phone number or any personal information is ever needed, collected, or accessed at any point of time to retrieve your account.

Because a blockchain is an open, distributed ledger that is replicated across many computers and has no centralized point of access, it is immune to attacks.

Pravica emails, messages, and data files are stored in the blockchain, rather than centralized servers, so there is no means of data collection or access to private information.

With the new protocols used to build Pravica, all forms of communication (audio & video) are end-to-end encrypted, protected, inaccessible, and invulnerable to assaults.

Attackers cannot edit or overwrite a blockchain network; any wrongly changed node will be countered by the remainder of the network, which makes cracking a blockchain network almost virtually impossible.

Pravica with a backbone built on Blockchain technology and backed by Bitcoin is ushering in a new generation of decentralized services, designed to maintain users’ security and privacy so that criminals could not steal or use their data or identity fraudulently.