fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Urges Exchange Admins to Patch Bug Exploited in the Wild

Microsoft Urges Exchange Admins to Patch Bug Exploited in the Wild

Microsoft warned admins today to immediately patch a high severity Exchange Server vulnerability that may allow authenticated attackers to execute code remotely on vulnerable servers.

The security flaw tracked as CVE-2021-42321 impacts Exchange Server 2016 and Exchange Server 2019, and it is caused by improper validation of cmdlet arguments according to Redmond’s security advisory.

CVE-2021-42321 only affects on-premises Microsoft Exchange servers, including those used by customers in Exchange Hybrid mode (Exchange Online customers are protected against exploitation attempts and don’t need to take any further action).

“We are aware of limited targeted attacks in the wild using one of the vulnerabilities (CVE-2021-42321), which is a post-authentication vulnerability in Exchange 2016 and 2019,” Microsoft explained.

“Our recommendation is to install these updates immediately to protect your environment.”

For a quick inventory of all Exchange servers in your environment behind on updates (CUs and SUs), you can use the latest version of the Exchange Server Health Checker script.

Exchange Server update paths
Exchange Server update paths (Microsoft)

If you want to check and see if any of your Exchange servers were hit by CVE-2021-42321 exploitation attempts, you have to run the following PowerShell query on each Exchange server to check for specific events in the Event Log:

Get-EventLog -LogName Application -Source "MSExchange Common" -EntryType Error | Where-Object { $_.Message -like "*BinaryFormatter.Deserialize*" }

In September, Microsoft has added a new Exchange Server feature named Microsoft Exchange Emergency Mitigation (EM) that provides automated protection for vulnerable Exchange servers.

It does that by automatically applying interim mitigations for high-risk security bugs to secure on-premises servers against incoming attacks and give admins additional time to apply security updates.

Also Read: PDPA Meaning: Know Its Big Advantages In Businesses

While Redmond said that it would use this new feature to mitigate actively exploited flaws like CVE-2021-42321, today’s advisory and the blog post regarding this month’s Exchange Server security updates don’t include any mentions of Exchange EM being put to use.

On-premises Exchange servers under attack

Since the start of 2021, Exchange admins have dealt with two massive waves of attacks targeting the ProxyLogon and ProxyShell vulnerabilities.

Starting with early March, multiple state-backed and financially motivated threat actors used ProxyLogon exploits to deploy web shells, cryptominers, ransomware, and other malware while targeting over a quarter of a million Microsoft Exchange servers, belonging to tens of thousands of organizations worldwide.

Four months later, US and allies, including the European Union, the United Kingdom, and NATO, officially blamed China for this widespread Microsoft Exchange hacking campaign.

Also Read: What Is PDPA And What Are The 5 Things You Should Know About

In August, attackers also began scanning for and hacking Exchange servers using the ProxyShell vulnerabilities after security researchers managed to reproduce a working exploit.

While, in the beginning, payloads dropped on Exchange servers exploited using ProxyShell exploits were harmless, threat actors later switched to deploying LockFile ransomware payloads delivered across Windows domains hacked using Windows PetitPotam exploits.

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us