fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

CISA Warns Admins To Urgently Patch Exchange ProxyShell Bugs

The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as “urgent,” warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities.

“Malicious cyber actors are actively exploiting the following ProxyShell vulnerabilities: CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207,” CISA warned over the weekend.

“CISA strongly urges organizations to identify vulnerable systems on their networks and immediately apply Microsoft’s Security Update from May 2021—which remediates all three ProxyShell vulnerabilities—to protect against these attacks.”

Also Read: Vulnerability Management for Cybersecurity Dummies

These three security flaws (patched in April and May) were discovered by Devcore security researcher Orange Tsai, who used them to compromise a Microsoft Exchange server in April’s Pwn2Own 2021 hacking contest:

Actively exploited by multiple threat actors

This warning comes after similar ones alerting organizations to defend their networks from the wave of attacks that hit tens of thousands of organizations worldwide in March, with exploits targeting four zero-day Microsoft Exchange bugs known as ProxyLogon.

Even though Microsoft fully patched the ProxyShell bugs in May 2021, they didn’t assign CVE IDs for the three security vulnerabilities until July, thus preventing some organizations who had unpatched servers from discovering that they had vulnerable systems on their networks.

Also Read: The Financial Cost of Ransomware Attack

After additional technical details were recently disclosed, both security researchers and threat actors could reproduce a working ProxyShell exploit.

Then, just as it happened in March, attackers began scanning for and hacking Microsoft Exchange servers using the ProxyShell vulnerabilities.

After breaching unpatched Exchange servers, threat actors drop web shells that allow them to upload and execute malicious tools.

While, in the beginning, the payloads were harmless, attackers have begun deploying LockFile ransomware payloads delivered across Windows domains compromised using Windows PetitPotam exploits.

So far, US-based security firm Huntress Labs said it found over 140 web shells deployed by attackers on more than 1,900 compromised Microsoft Exchange servers until Friday.

Shodan is also tracking tracking ten of thousands of Exchange servers vulnerable to attacks using ProxyShell exploits, most of them located in the US and in Germany.

Also Read: Top 3 Common Data Protection Mistakes, Revealed

“New surge in Microsoft Exchange server exploitation underway,” NSA Cybersecurity Director Rob Joyce also warned over the weekend. “You Must ensure you are patched and monitoring if you are hosting an instance.”

The NSA has also reminded defenders this weekend that the guidance published in March on hunting for web shells is still applicable to these ongoing attacks.

Detailed information on how to identify Microsoft Exchange servers that need patching against ProxyShell and how to detect exploitation attempts can be found in the blog post published by security researcher Kevin Beaumont.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us