Cyber risk and advisory programs that identify security gaps and build strategies to address them.
MDR that provides improved detection, 24/7 threat hunting, end-to-end coverage and most of all, complete Response.
Our team delivers the fastest response time in the industry. Threat suppression within just 4 hours of being engaged.
Be protected by the best from Day 1.
24/7 Threat Investigation and Response.
Expert hunting, research and content.
Defend brute force attacks, active intrusions and unauthorized scans.
Protect assets from ransomware, trojans, rootkits and more.
Intelligence and visibility across AWS, O365, DevOps and more.
Configuration escalations, policy and posture management.
Detects malicious insider behavior leveraging Machine Learning models.
eSentire will be participating in the Avant Partner Summit.
Join eSentire and Telarus for a day of golfing.
Insurance firms, agencies and brokers are now a lucrative target for…
Active exploitation of previously disclosed Microsoft Exchange vulnerabilities has been observed against researcher honeypots in the wild. Affected versions include Microsoft Exchange Server’s 2013, 2016, and 2019. Patches have been available since May .
A known vulnerability in Microsoft Exchange allows attackers to commit arbitrary file upload and execution . In combination with previously reported authentication and privilege escalation vulnerabilities (patched in April) , this cluster of bugs is known as ProxyShell. This attack was first demonstrated on August 5, 2021, in a BlackHat presentation , followed by scanning for vulnerable devices. Within a week of the disclosure, researchers reported active exploitation against their honeypots . Microsoft has made patches available for all three vulnerabilities .
The attack chain starts with CVE-2021-31207, an authentication bypass vulnerability. From there, a threat actor can elevate privileges with CVE-2021-34523. Finally, with a foothold in the system and escalated privileges, remote code execution can be achieved with CVE-2021-34473. The publicly released PoC relies on abuse of Autodiscover, mapi, and PowerShell in the victim’s environment .