fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft: Exchange ‘Extended Protection’ Needed to Fully Patch New Bugs

Microsoft: Exchange ‘Extended Protection’ Needed to Fully Patch New Bugs

Microsoft says that some of the Exchange Server flaws addressed as part of the August 2022 Patch Tuesday also require admins to manually enable Extended Protection on affected servers to fully block attacks.

The company patched 121 flaws today, including the DogWalk Windows zero-day exploited in the wild and several Exchange vulnerabilities (CVE-2022-21980CVE-2022-24477, and CVE-2022-24516) rated as critical severity and allowing for privilege escalation.

Remote attackers can exploit these Exchange bugs to escalate privileges in low-complexity attacks after tricking targets into visiting a malicious server using phishing emails or chat messages.

“Although we are not aware of any active exploits in the wild, our recommendation is to immediately install these updates to protect your environment,” the Exchange Server Team warned.

Also Read: NDA Data Protection: The Importance, Its Meaning And Laws

However, Microsoft says that admins also need to enable Extended Protection (EP) after applying today’s security updates to make sure that threat actors won’t be able to breach vulnerable servers.

EP is a feature that enhances Windows Server auth functionality to mitigate authentication relay or “man in the middle” attacks.

“Customers vulnerable to this issue would need to enable Extended Protection in order to prevent this attack,” Redmond said in advisories published Tuesday.

“Please note that enabling Extended Protection (EP) is only supported on specific versions of Exchange (please see documentation for a full list of prerequisites).”

Exchange Server Aug 2022 patches
Exchange Server Aug 2022 patches (Microsoft)

script provided by Microsoft is available to enable this feature, but admins are advised to “carefully” evaluate their environments and review the issues mentioned in the script documentation before toggling it on their Exchange servers.

Also Read: Invasion of privacy elements and its legal laws to comply

Microsoft has issued security updates for multiple Exchange Server builds:

  • Exchange Server 2013 CU23
  • Exchange Server 2016 CU22 and CU23
  • Exchange Server 2019 CU11 and CU12

Since Redmond has also tagged all three Exchange vulnerabilities as “Exploitation More Likely,” admins should patch these flaws as soon as possible.

“Microsoft analysis has shown that exploit code could be created in such a way that an attacker could consistently exploit this vulnerability. Moreover, Microsoft is aware of past instances of this type of vulnerability being exploited,” the company says.

“This would make it an attractive target for attackers, and therefore more likely that exploits could be created. As such, customers who have reviewed the security update and determined its applicability within their environment should treat this with a higher priority.”

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us