I am nervous as I read the note from Cybersecurity and Infrastructure Security Agency, CISA, that at least thirty thousand organizations have been hacked via Microsoft's email software vulnerabilities. I am a user of Exchange for my work, as you probably are too. 😔
The attackers are a Chinese state-sponsored group called Hafnium, which focuses on stealing emails from victims' organizations. 📭
They exploit at least four newly discovered vulnerabilities in Microsoft Exchange Servers and install a "web shell" hacking tool on the server's victims, giving them administrative access. 💣
Microsoft has identified the attack and has issued updates, including patches to address the issue. They have also released a script on Git-Hub,
Test-ProxyLogon.ps1 that you can use to check if your servers are compromised. 🔎
Find the link to Git-Hub in the comments below. ⬇️
Looking at how much focus attackers are putting on Microsoft products, are you considering additional solutions to reinforce your Microsoft assets' security? 🧯
Links: Charlie Osborne's article: https://www.zdnet.com/article/check-to-see-if-youre-vulnerable-to-microsoft-exchange-server-zero-days-using-this-tool/
Link to Git-Hub that you can use to check if your exchange servers are compromised:
Comentarios