We have been working over the last few years to move all of our clients from Microsoft Exchange 2016 and 2019 servers onto more modern and hopefully more secure platforms. Once Microsoft stops cyber security support for these servers, the threat actors will attack any that are still online. Microsoft: …
On-premises Exchange Server Vulnerability
On-premises Exchange servers are still out there and they make great targets for threat actors, especially those with unpatched flaws. There is a new PowerShell based malware called PowerExchange and being linked to an Iranian threat group APT34 that backdoors Microsoft Exchange servers. New PowerExchange malware backdoors Microsoft Exchange servers …
Continue reading “On-premises Exchange Server Vulnerability”
I know why you cannot send email anymore…
…if you run your own onsite Exchange server. Keeping onsite Exchange servers up to date and patched was a labour intensive task, when our support team used to do it – now we no longer support any on premise Exchange servers it is a relief for the team. But for …
Continue reading “I know why you cannot send email anymore…”
More security advisories
The US government Cybersecurity and Infrastructure Security Agency (CISA) is an excellent resource for keeping up with security advisories. Adobe and Microsoft Patch Tuesday are the latest advisories as well as additions to CISA’s Known Exploited Vulnerabilities Catalog. Both of these Microsoft exploits are addressed in the Microsoft Patch Tuesday …
Do you operate an Exchange Server? Is it patched and up to date?
There is an actively exploited zero-day flaw being reported, that Microsoft has not yet patched – so have a look at GTSC’s blog post: Warning: New attack campaign utilized a new 0-day RCE vulnerability on Microsoft Exchange Server | GTSC (gteltsc.vn) The post also includes some temporary mitigation whilst waiting …
Continue reading “Do you operate an Exchange Server? Is it patched and up to date?”
