Do this: Apply the latest Microsoft updates.
Why: The U.S. Cybersecurity and Infrastructure Security Agency is warning of active Microsoft Exchange exploitation attempts that leverage the latest ProxyShell vulnerabilities patched earlier this year. If successfully exploited, attackers are able to bypass ACL controls, elevate privileges, and issue remote commands.
Additional Info: https://thehackernews.com/2021/08/microsoft-exchange-under-attack-with.html
Using Fortinet's FortiWeb?
Do this: Disable the FortiWeb device’s management interface from untrusted networks, especially the internet. FortiNet has not released a patch as of yet.
Why: "An unpatched OS command-injection security vulnerability has been disclosed in Fortinet’s web application firewall (WAF) platform, known as FortiWeb. It could allow privilege escalation and full device takeover, researchers said."
Additional Info: https://threatpost.com/unpatched-fortinet-bug-firewall-takeovers/168764/
Send Us Your Comments
What did you think of this article? Send us a note to let us know what you liked, would like to see more of, or what we can do better. And don't be surprised if we reach back out with a small 'thank you' gift for your feedback.