At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Microsoft Exchange Server Flaws Now Exploited for BEC Attacks

    Exchange_shutterstock_1938943597

    Threat actors are using a couple of dangerous, new tactics to exploit the so-called ProxyShell set of vulnerabilities in on-premises Exchange Servers that Microsoft patched earlier this year — and were the targets of widespread attacks in July.

    In multiple recent incident response engagements, Mandiant researchers found attackers had abused ProxyShell to drop Web shells on vulnerable systems in a different — and more difficult to detect — manner than used in previous attacks. In some attacks, threat actors skipped Web shells entirely and instead created their own hidden, privileged mailboxes, giving them the ability to take over accounts and create other problems.

    As many as 30,000 Internet-facing Exchange Servers remain vulnerable to these attacks because they have not been patched, Mandiant said. Full article at DarkReading.

    Find out which of your users’ emails are exposed before bad actors do.

    Many of the email addresses and identities of your organization are exposed on the internet and easy to find for cybercriminals. With that email attack surface, they can launch social engineering, spear phishing and ransomware attacks on your organization. KnowBe4’s Email Exposure Check Pro (EEC) identifies the at-risk users in your organization by crawling business social media information and now thousands of breach databases.

    EECPro-1

    Here’s how it works:

    • The first stage does deep web searches to find any publicly available organizational data
    • The second stage finds any users that have had their account information exposed in any of several thousand breaches
    • You will get a summary report PDF as well as a link to the full detailed report
    • Results in minutes!
    Get Your Free Report

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/email-exposure-check-pro-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top