On April 13, Microsoft released its monthly patches for vulnerabilities found within their products. In their release announcement, Microsoft strongly recommends prioritizing the CVE 2021 28481 security update which affects Exchange servers 2013, 2016, and 2019. This vulnerability allows hackers access to mailboxes to read or even exfiltrate sensitive information.

Systems Engineering is aware of the FBI and CISA joint security advisory indicating threat actors are potentially using multiple Common Vulnerabilities and Exposures (CVE) to exploit Fortinet operating systems, known as FortiOS. The advisory calls out three vulnerabilities that may be used to gain access to business networks to begin data exfiltration or data encryption attacks. Vulnerabilities include;

Systems Engineering is aware of multiple vulnerabilities within Cisco Jabber Client software. These vulnerabilities affect Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for Mobile platforms. Vulnerabilities include:

Qualys Cloud Platform is the incident response and breach prevention vendor used at Systems Engineering to perform monthly external vulnerability scan for our customers. Recently, Qualys released a statement relating to a previously identified zero-day exploit in one of their third-party solutions (Accellion FTA).

UPDATE MARCH 8, 2021

Systems Engineering learned of the Exchange on-premises server vulnerability on Tuesday, March 2nd, and activated our incident response plan.  

UPDATE FOR THURSDAY, JANUARY 21

As you may have seen in the headlines, Malwarebytes recently announced it was targeted by the same threat actor who attacked SolarWinds. After an extensive investigation, Malwarebytes reported their Microsoft Office 365 and Azure environments were targeted, but they found “no evidence of unauthorized access or compromise in any internal on-premises and production environments.”