Register
Promote YOUR BRAND

MYSEC.TV

Home   /   RESOURCES   /   MYSEC.TV   / Microsoft Exchange hack and advice for threat hunting

Microsoft Exchange hack and advice for threat hunting

Tech & Sec Weekly
SHARE:

IN THIS VIDEO

Following Microsoft’s news about Hafnium, the Australian Cyber Security Centre (ACSC) advises organisations using Microsoft Exchange to urgently patch the following Common Vulnerabilities and Exposures (CVEs):

CVE-2021-26855 – server-side request forgery (SSRF) vulnerability in Exchange.
CVE-2021-26857 – insecure deserialization vulnerability in the Unified Messaging service.
CVE-2021-26858 – post-authentication arbitrary file write vulnerability in Exchange.
CVE-2021-27065 – post-authentication arbitrary file write vulnerability in Exchange.
If successfully exploited, these CVEs would allow an unauthenticated attacker to write files and execute code with elevated privileges on the underlying Microsoft Windows operating system.

A large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC is encouraging these organisations to do so urgently.

We cross to the US and speak with Mat Gangwer, Senior Director, Sophos Managed Threat Response and review the Microsoft Exchange hack and threat hunting advice.

Full article, including updated ESET research: https://australiancybersecuritymagazi…

#Exchangehack#microsoft#cybersecurity#cyberbreach#exchange#CVE#Sophos

OTHER VIDEOS IN THIS SERIES

bug-1
Configuration compromise leads to 90 bounties - Hack the Hacker Series
May 23, 2025
We speak with Ethical Hacker Juan Francisco ‘Fran’ Bolivar and Sajeeb Lohani, Global TISO for Bugcrowd. Watch Now
apd-7
Space economy commercialization, future foresight, and digital transformation
May 19, 2025
We speak with Rajeeshwaran Moorthy of Space Marketplace at the World Police Summit 2025, held at the Dubai World Trade Centre 13-15 May. Watch Now
apd-6
Reducing deaths and injuries through evidence-based road policing and public safety strategies
May 19, 2025
We speak with Associate Professor Lyndel Bates, School of Criminology and Criminal Justice and the Griffith Criminology Institute at Griffith University at the World Police Summit 2025, held at the Dubai World Trade Centre 13-15 May. Watch Now
apd-5
Contactless multimodal biometric software for digital identity
May 19, 2025
We speak with CEO and Founder, Kenneth King at the World Police Summit 2025, held at the Dubai World Trade Centre 13-15 May. Watch Now

MySecurity MarketPlace, powered by MySecurity Media is a dedicated marketplace connecting industry and enterprise professionals to the latest events, education, technology and media platforms across a global domain.

LATEST EVENT LISTED

'Cyber Revolution Summit 700x480 BR
Cyber Revolution Summit
2nd International Conference on Artificial Intelligence
2nd International Conference on Artificial Intelligence & Data Science
CYDES 2025
CYDES 2025

CONNECT WITH US

X-twitter Facebook-f Linkedin-in Instagram Youtube Podcast Google-play Apple

CONTACT US

© My Security Media. All Right Reserved 2019.

Privacy Policy | Terms & Conditions | Competition T&Cs