Powerful threat prediction, prevention, detection, and response along with compliance in a scalable, simple managed solution.
Whether you have 10 locations or 10,000+, Acumera’s combination of edge computing, networking, security, and 24x7 support gives you the flexibility to manage and scale your distributed networks while unlocking unlimited possibilities for innovation. As network security leaders and edge originators, Acumera combines the immediacy of localized computing with the power of the cloud, enabling real-time computation to deliver value to your business. Read More
Accelerate business growth through our award-winning partner program.
Last Updated: April 2, 2021
Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert on active exploitation of vulnerabilities in Microsoft Exchange Server products which are used by Hafnium-attack-group and China Chopper Web Shell attacks, and other Advanced Persistence Threats.
Microsoft has detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments.
After successful exploitation activities, Attackers can gain access to email accounts and install additional malware/ scanning tools to remain persisted on the network.
Note: Exchange Online is not affected.
The following CVEs allow for remote code execution.
If any exploit attempts are observed with lateral movement activities, Netsurion’s EventTracker SOC recommends the following actions.
Recommended mitigation steps by CISA:
(Updated March 4, 2021): Disconnect vulnerable Exchange servers from the internet until a patch can be applied.
Existing P1 Alerts:
Indicators of Compromise
EventTracker SOC | EventTracker Enterprise SOC
Group Email : firstname.lastname@example.org
T: 877-333-1433 Extn - 3803 (OR) 1- 410-953-6776 Option 2 or Dial Extn – 3803
Flexibility and security within the IT environment are two of the most important factors driving business today. Netsurion’s managed cybersecurity platforms enable companies to deliver on both.
Netsurion Managed Threat Protection combines our ISO-certified security operations center (SOC) with our own award-winning cybersecurity platform to better predict, prevent, detect, and respond to threats against your business. Netsurion Secure Edge Networking delivers our purpose-built edge networking platform with flexible managed services to multi-location businesses the need optimized network security, agility, resilience, and compliance for all branch locations.
Whether you need technology with a guiding hand or a complete outsourcing solution, Netsurion has the model to help drive your business forward. To learn more visit netsurion.com or follow us on Twitter or LinkedIn. Netsurion is #19 among MSSP Alert’s 2020 Top 250 MSSPs.