Register
Promote YOUR BRAND

MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Microsoft Exchange hack and advice for threat hunting

Microsoft Exchange hack and advice for threat hunting

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Following Microsoft’s news about Hafnium, the Australian Cyber Security Centre (ACSC) advises organisations using Microsoft Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):

CVE-2021-26855 – server-side request forgery (SSRF) vulnerability in Exchange.
CVE-2021-26857 – insecure deserialization vulnerability in the Unified Messaging service.
CVE-2021-26858 – post-authentication arbitrary file write vulnerability in Exchange.
CVE-2021-27065 – post-authentication arbitrary file write vulnerability in Exchange.
If successfully exploited, these CVEs would allow an unauthenticated attacker to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system.

A large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC is encouraging these organisations to do so urgently.

We cross to the US and speak with Mat Gangwer, Senior Director, Sophos Managed Threat Response and review the Microsoft Exchange hack and threat hunting advice.

Full article, including updated ESET research: https://australiancybersecuritymagazi…

#Exchangehack#microsoft#cybersecurity#cyberbreach#exchange#CVE#Sophos

OTHER VIDEOS IN THIS SERIES

asean-01
Deepfake fraud threats to financial institutions
December 18, 2024
Group-IB has released a fascinating case investigation on deep fake fraud. Watch Now
bug
Hack the Hacker Series - Release of ITMOAH 2024
December 13, 2024
Learn what ethical hackers can teach us about the next era of artificial intelligence. Watch Now
chie-1112-2
Unified SASE with increasing focus on channels in the APAC region
December 11, 2024
We speak with Craig Patterson, Senior Vice President of Global Channels at Aryaka Networks, where he leads the company’s channel strategy worldwide, enabling alignment across partner sales and marketing teams and programs in North America, Europe, Africa and the Middle East (EMEA) and Asia-Pacific (APAC). Watch Now
chie-1112-1
How the data center industry and its ecosystems are adapting to AI
December 11, 2024
We speak with Paul Tyrer, Global VP of IT Channel Ecosystem, Schneider Electric about the impact of AI on Data Centers in the coming years. Generative AI is expected to grow by US$158.6 billion by 2028, according to #canalys Watch Now

MySecurity MarketPlace, powered by MySecurity Media is a dedicated marketplace connecting industry and enterprise professionals to the latest events, education, technology and media platforms across a global domain.

LATEST EVENT LISTED

Oman Motor Show
Oman Motor Show
Border Technology Summit ANZ MP
Border Technology Summit ANZ
Oman AI Summit
Oman AI Summit

CONNECT WITH US

X-twitter Facebook-f Linkedin-in Instagram Youtube Podcast Google-play Apple

CONTACT US

© My Security Media. All Right Reserved 2019.

Privacy Policy | Terms & Conditions | Competition T&Cs