Join us on LinkedIn Follow us on Twitter Like us on Facebook Follow us on Instagram
 
  OCTOBER RESEARCH STORE SUBSCRIBE LOG IN
AddControlToContainer_DynamicNavigation3
The Legal Description > News > New York issues cybersecurity alert

New York issues cybersecurity alert

Email A Friend Printer Friendly Version
0 comments
Cybersecurity, Regulatory Updates
Wednesday, March 10, 2021

The New York State Department of Financial Services (NYSDFS) issued an industry letter to its regulated entities following a discovery of cybersecurity vulnerabilities in Microsoft Exchange Server.

The industry letter states, “In recent days, thousands of organizations were comprised via zero-day vulnerabilities in Microsoft Exchange Server. On March 2, 2021, Microsoft made patches available for these vulnerabilities but many organizations were compromised either before the patches were available or before the patches were applied.”

The four vulnerabilities were discovered in the Microsoft Exchange servers from 2013 and later and appear to host web versions of Microsoft’s email program on their own machines instead of cloud providers. That day it also released several security updates for vulnerabilities affecting the on-premises versions of the Microsoft Exchange Server.

“Microsoft stated that these exploits ‘require[] the ability to make an untrusted connection to Exchange server port 443. This can be protected against by restricting untrusted connections or by setting up a VPN to separate the exchange server from external access.’ The other vulnerabilities that were also fixed in the March 2nd updates were CVE-2021-26412, CVE-2021-26854, and CVE-2021-27078 and, according to Microsoft, are ‘not related to known attacks,’” the letter stated.  

NYSDFS urged regulated entities with vulnerable Microsoft Exchange services to patch or disconnect vulnerable servers. It also urged them to use tools provided by Microsoft to identify and remediate any compromise exploiting the zero-day vulnerabilities.

It noted the U.S. Department of Homeland Security Cybersecurity  and Infrastructure Security Agency (CISA) issued Emergency Directive 21-02 which recommended immediately patching the vulnerabilities and preserving forensic of the cyber event.

“CISA reported that the threat actors deployed web shells on the compromised servers to establish persistent access to the victims network,” the letter stated. “Web shells can allow attackers to steal data and perform additional malicious actions, installing the patches alone will not remove malicious web shells that were deployed before patching. We therefore recommend carefully considering the steps proposed in the CICA Emergency Directive to identify exploited servers and find web shells.

“Regulated entities should immediately assess the risk to their systems and consumers and take steps necessary to address vulnerabilities and customer impact,” the letter continued. “The assessment should identify internal use of vulnerable Microsoft Exchange products and any use of these products by critical third parties. Regulated entities should also continue to track developments in this compromise and respond quickly to new information.”

Today's other top stories
Trump reverses Biden-era cybersecurity policy, rolls back regulations
U.S. Attorney’s office announces largest recorded crypto scam seizure
Massachusetts lawyer faces suspension for over $40K in undisclosed commissions
NYSDFS cautions industry to comply with sanctions
California insurance commissioner outlines overhaul of FAIR Plan


COMMENT BOX DISCLAIMER:
October Research is not responsible for the comments posted on its websites by readers. We will do our best to remove comments that include profanity or personal attacks or other inappropriate comments.
Comments:

Be the first to leave a comment.

Leave your comment
Please enter a comment.
CAPTCHA Validation
CAPTCHA
Code:
Please enter the word displayed in the image above. Please enter the word displayed in the image above.
: 
Please enter your name.
: 
Please enter your email address.
This field must contain a valid email address.
Your Email is for reporting purposes only. It will NOT be displayed.
Popularity:
This article has been viewed 1556 times.
News by Topic   News by Edition   In-depth Reports   Events   Subscribe
Court Report
Cybersecurity
Excess Equity
Industry News
Legislative Developments
Regulatory Updates
Remote Online Notarization
The Blotter
The TRID Journey
 
May 26, 2025
June 9, 2025
June 23, 2025
Archives
 
2025 State of the Industry
Cybersecurity Today
Technology as a Compliance Tool
Real Estate Compliance Outlook
Title Insurance Alternatives
eClosing Security
Attorney State Perspectives
Technology as a Compliance Tool
Archives
 
 
National Settlement Services Summit (NS3)
Women's Leadership Summit (WLS)
Webinars
 
Newsletter Subscriptions
Free Email Updates
Try a Free Edition
  About   Library   Other Publications  
 
The Legal Description
Contact / Editors
Advertise
Request a Media Kit
Social Media
Are You An Expert?
Subscriber Agreement
 
Blog - Tuesdays with Mary
Cybersecurity Central
Court Cases
Keys to Real Estate Podcast
Legislation
Position Papers
Regulations
RON Resource Center
 
The Title Report
RESPA News
Valuation Review
Dodd Frank Upate
 
                 
Copyright © 2000-2025 The Legal Description
An October Research, LLC publication
3046 Brecksville Road, Suite D, Richfield, OH 44286
(330) 659-6101, All Rights Reserved
www.thelegaldescription.com | Privacy Policy
VISIT OUR OTHER WEBSITES
> The Title Report
> RESPA News
> Dodd Frank Update
> Valuation Review
> NS3 The Summit
> Women's Leadership Summit
> October Research, LLC
> The October Store


Loading... Loading...
Featuring:
  • Delivery 3X a week plus breaking news as it happens
  • Comprehensive title insurance industry news
  • Recent acquisitions, mergers, real estate stats
  • Exclusive in-depth coverage of the industry's hottest stories
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Comprehensive Dodd-Frank coverage
  • The latest information from the CFPB
  • Full coverage of Congressional hearings
  • Updates on all agency actions
  • Analysis of controversial provisions
  • Release of newest studies and reports
Sign up today and...
  • Be one of the first to know where NS3 is being held
  • Learn about NS3 speakers and sessions
  • Save on registration with Super-Early Bird rates
  • Discover the networking opportunities NS3 offers
  • Find out if CE credits will be offered for your area
  • And much more
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Preview the latest RESPAnews.com Top Story
  • RESPA related headline news
  • Quote of the Week
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • Legal, regulatory and legislative information impacting the settlement services industry
  • News from HUD, Congress, state legislatures and other regulatory agencies
  • Follow the lobbying efforts of all the major national real estate services organizations.
Featuring:
  • Delivery 2X a week plus breaking news as it happens
  • The industry's only full-time newsroom
  • Relevant, up-to-date appraisal industry news
  • Covering the hottest stories and industry trends
NEWS BY TOPIC
NEWS BY EDITION
IN-DEPTH REPORTS
EVENTS
LIBRARY
FREE EMAIL UPDATES
ABOUT
SUBSCRIBE
Court Report
Cybersecurity
Excess Equity
Industry News
Legislative Developments
Regulatory Updates
Remote Online Notarization
State AG Enforcement
The Blotter
Current Edition
June 9, 2025
May 26, 2025
May 12, 2025
April 28, 2025
Archives
2025 Voice of the Title Agent
2025 State of the Industry
Cybersecurity Today
2024 Title Technology
eClosing Innovations
Real Estate Compliance Outlook
Title Insurance Alternatives
Archives
National Settlement
Services Summit (NS3)
Women's Leadership
Summit (WLS)
Webinars
2025 Economic Outlook Series
Evolving Realtor Relationships
CFPB's Shake-Up & Its Impact
Artificial Intelligence for Title
Industry and Regulatory Outlook
RESPA Updates You Need to Know
Strategies post-NAR settlement
Evolving Consumer Relationships
Fraud Threats Facing Title
Excess Equity
2024 Economic Forecast Series
Securing Your Cyber Network
Webinar Archives
State AG Enforcement
Keys to Real Estate Podcast
Blog - Tuesdays with Mary
Excess Equity Watch
Cyber Solutions Showcase
Cybersecurity Central
eClosing Solutions Showcase
Executive Interview Series
RON Resource Center
Case Law
Legislation
Position Papers
Regulations
By Year
By State
2012
2011
Alabama
Alaska
Arizona
Arkansas
California
Colorado
Connecticut
Delaware
Florida
Georgia
Hawaii
Idaho
Illinois
Indiana
Iowa
Kansas
Kentucky
Louisiana
Maine
Maryland
Massachusetts
Michigan
Minnesota
Mississippi
Missouri
Montana
Nebraska
Nevada
New Hampshire
New Jersey
New Mexico
New York
North Carolina
North Dakota
Ohio
Oklahoma
Oregon
Pennsylvania
Rhode Island
South Carolina
South Dakota
Tennessee
Texas
Utah
Vermont
Virginia
Washington
West Virginia
Wisconsin
Wyoming
Comment Letters
White Papers
Testimony
The Legal Description
Contact Us
Advertise
Request a Media Kit
Are You An Expert?
Subscriber Agreement
Social Media