On December 10, 2020, Orange Tsai, a Taiwanese security researcher, discovered a pre-authentication proxy vulnerability (CVE-2021-26855) in Microsoft Exchange Servers that allows a remote actor to bypass authentication and receive admin server privileges.
On March 2, Microsoft released critical security updates for four crucial zero-day vulnerabilities discovered in Exchange Servers. Within one week, at least 30,000 U.S. organizations and hundreds of thousands of organizations worldwide had fallen victim to an automated campaign run by HAFNIUM that provides the attackers with remote control over the affected systems.
In this session of SecPod Labs Intelligence Series, Veerendra GG and Pooja Shetty, will discuss:
1. What is Proxyogon Vulnerability and how can it impact your security
2. What made ProxyLogon so contagious and spread like a wildfire
3. Steps you can take to remediate the risk of being attacked
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
ProxyLogon - MS Exchange Server Vulnerabilities - JS Edited.pptx
1. SecPod Labs Intelligence Series
PROXYLOGON: MS
EXCHANGE SERVER
VULNERABILITIES
Webcasts
27th May 2021
Pooja Shetty
Security Intelligence Team Lead
Jagsir
Director - Marketing
Veerendra
Director - Security Intelligence
19. KEEP YOUR ENDPOINTS
SECURE FROM
ATTACKERS!
TRY SANERNOW FREE.
For enquiries, contact us at:
Email: info@secpod.com | Tech Support: support@secpod.com
Phone: (+1) 918 625 3023 (US) | (+91) 80 4121 4020 (IN)
30-DAY UNLIMITED ACCESS ON 10 DEVICES
WWW.SECPOD.COM
Editor's Notes
1) Jagsir: Brief about agenda and intro.
2) Jagsir: What is ProxyLogon?
3) Jagsir: Q: Why email servers being targeted
4) Veeru: a. Brief on why email server are critical, what is the impact etc (1 Slide)
b. MS Exchange Stats (2 slides)
2) Veeru: Quick intro, Brief about ProxyLogon(Time line slide?)
5) Jagsir: How threat actors are using ProxyLogon vulnerability
6) Pooja: a. Quick intro, ProxyLogon Technical details
b. Malwares being deployed during ProxyLogon attack + (Veeru: if required add points)
7) Jagsir: How we can defend against ProxyLogon Attacks
8) Pooja: a. Solution: Patching and deploying Mitigation
b. Saner demo
9) Jagsir: Will applying solution solve all problems caused by ProxyLogon
10) Pooja : No. Full investigation is required and brief about what can go wrong if not done properly and few points on what things to be checked. (Slide?)
11) Jagsir: Business Impact Questions?
Veeru + Pooja: Depending on the questions
10) Veeru : No. Full investigation is required and brief about what can go wrong if not done properly and few points on what things to be checked. (Slide?)
It is PoC code that is also reportedly the subject of Microsoft's latest investigation. Microsoft is examining whether concept attack code sent privately by the company to partners of the Microsoft Active Protections Program (Mapp) was leaked, whether deliberately or accidentally.
12) Jagsir: Questions from audience:
Veeru + Pooja: Depending on the questions