Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Safeguard endpoints 24/7 by isolating and remediating threats to prevent lateral spread.
Investigation and enhanced threat detection across multi-cloud or hybrid environments.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
Join us for a live security brefing with (ISC)2 members.
Join Tim Segato, Director, Product Management and Ryan Westman, Manager,…
Ask questions and hear from Cybersecurity experts from eSentire,…
Active exploitation of previously disclosed Microsoft Exchange vulnerabilities has been observed against researcher honeypots in the wild. Affected versions include Microsoft Exchange Server’s 2013, 2016, and 2019. Patches have been available since May .
A known vulnerability in Microsoft Exchange allows attackers to commit arbitrary file upload and execution . In combination with previously reported authentication and privilege escalation vulnerabilities (patched in April) , this cluster of bugs is known as ProxyShell. This attack was first demonstrated on August 5, 2021, in a BlackHat presentation , followed by scanning for vulnerable devices. Within a week of the disclosure, researchers reported active exploitation against their honeypots . Microsoft has made patches available for all three vulnerabilities .
The attack chain starts with CVE-2021-31207, an authentication bypass vulnerability. From there, a threat actor can elevate privileges with CVE-2021-34523. Finally, with a foothold in the system and escalated privileges, remote code execution can be achieved with CVE-2021-34473. The publicly released PoC relies on abuse of Autodiscover, mapi, and PowerShell in the victim’s environment .