fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Exploit Released for Microsoft Exchange RCE Bug, Patch Now

Exploit Released for Microsoft Exchange RCE Bug, Patch Now

Proof-of-concept exploit code has been released online over the weekend for an actively exploited high severity vulnerability impacting Microsoft Exchange servers.

The security bug tracked as CVE-2021-42321 impacts on-premises Exchange Server 2016 and Exchange Server 2019 (including those used by customers in Exchange Hybrid mode) and was patched by Microsoft during this month’s Patch Tuesday.

Successful exploitation allows authenticated attackers to execute code remotely on vulnerable Exchange servers.

On Sunday, almost two weeks after the CVE-2021-42321 patch was issued, researcher Janggggg published a proof-of-concept exploit for the Exchange post-auth RCE bug.

“This PoC just pop mspaint.exe on the target, can be use to recognize the signature pattern of a successful attack event,” the researcher said.

Also read: What is Pentest Report? Here’s A Walk-through

Admins warned to patch immediately

“We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019,” Microsoft said.

“Our recommendation is to install these updates immediately to protect your environment,” the company said, urging Exchange admins to patch the bug exploited in the wild.

If you haven’t yet patched this security vulnerability in your on-premises servers, you can generate a quick inventory of all Exchange servers in your environment that need updating using the latest version of the Exchange Server Health Checker script.

To check if any of your vulnerable Exchange servers have already been hit by CVE-2021-42321 exploitation attempts, you have to run this PowerShell query on each Exchange server to check for specific events in the Event Log:

Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }
Exchange Server update paths
Exchange Server CVE-2021-42321 update paths (Microsoft)

On-premises Exchange servers under attack

Exchange admins have dealt with two massive waves of attacks since the start of 2021, targeting the ProxyLogon and ProxyShell security vulnerabilities.

State-backed and financially motivated threat actors used ProxyLogon exploits to deploy web shells, cryptominers, ransomware, and other malware starting with early March.

In these attacks, they targeted more than a quarter of a million Microsoft Exchange servers, belonging to tens of thousands of organizations around the world.

Four months later, the US and its allies, including the EU, the UK, and NATO, officially blamed China for these widespread Microsoft Exchange hacking attacks.

Also Read: The PDPA Data Breach August 2020: A Recap of 8 Alarming Cases

In August, threat actors also began scanning for and breaching Exchange servers by exploiting ProxyShell vulnerabilities after security researchers reproduced a working exploit.

Even though payloads dropped using ProxyShell exploits were harmless in the beginning, attackers later switched to deploying LockFile ransomware payloads across Windows domains hacked using Windows PetitPotam exploits.

With this latest vulnerability (CVE-2021-42321), researchers are already seeing attackers scan for and attempt to compromise vulnerable systems.

As Microsoft Exchange has become a popular target for threat actors to gain initial access to a targets’ networks, it is strongly advised to keep servers up-to-date with the latest security patches. 

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us