Firewall News

Top Menu

  • Home
  • Our Blog
  • Contact Us

Main Menu

  • Software Updates
  • Alerts & Bugs
  • Out of the Box
  • Home
  • Our Blog
  • Contact Us

Firewall News

Firewall News

  • Software Updates
    • WatchGuard logo

      TDR 6.0.0 is now integrated into WatchGuard Cloud

      04/01/2021
      0
    • Sophos Logo

      XG Firewall 17.5 MR14 Released

      30/07/2020
      0
    • Sophos Logo

      Sophos Firewall Manager SFM 17.1 MR4 Released

      27/07/2020
      0
    • Sophos Logo

      Sophos Enterprise console - Endpoint Security and Control v10.8.9 for Windows has ...

      16/07/2020
      0
    • Sophos Logo

      Sophos iView v3 MR-2 Released

      07/07/2020
      0
    • Sophos Logo

      SD-RED Firmware 3.0.002 Pattern Update

      06/07/2020
      0
    • Sophos Logo

      XG Firewall 17.5 MR13 Released

      06/07/2020
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for old firmware v17 and v17.1 for XG Firewall

      03/07/2020
      0
    • WatchGuard logo

      Fireware 12.5.4 Now Available

      01/07/2020
      0
  • Alerts & Bugs
    • Sophos Logo

      Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

      29/03/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Updates

      03/03/2022
      0
    • WatchGuard logo

      WatchGuard Support Alert

      23/02/2022
      0
    • Sophos Logo

      Sophos: Important Product Lifecycle Reminder

      03/02/2022
      0
    • Sophos Logo

      Sophos: Product Lifecycle Information: Extended Support for Windows 7 and Windows Server ...

      31/01/2022
      0
    • Sophos Logo

      End-of-Life (EoL) announcement for Sophos SSL VPN Client

      29/11/2021
      0
    • WatchGuard logo

      WatchGuard: macOS Monterey 12.0.1 Does Not Support the AuthPoint Logon App

      09/11/2021
      0
    • Sophos Logo

      Sophos UTM Manager (SUM) End of Distribution

      04/11/2021
      0
    • WatchGuard logo

      WatchGuard: End of Sale Notice: AP420

      01/11/2021
      0
  • Out of the Box
    • WatchGuard’s Firebox T80 Earns 5-Star Rating in SC Labs Review

      17/11/2020
      0
    • WatchGuard Wins Big in CRN 2020 Tech Innovator Awards

      16/11/2020
      0
    • Coronavirus scams: what to look for and how to stop them

      02/04/2020
      0
    • Dell SonicWALL TZ 300

      Out the Box - Dell SonicWALL TZ 300

      05/07/2016
      0
    • Dell SonicWALL TZ SOHO

      Out the Box - Dell SonicWALL TZ SOHO

      05/07/2016
      0
    • WatchGuard Firebox T50

      WatchGuard Firebox T50

      31/03/2016
      0
    • WatchGuard Firebox M200

      WatchGuard Firebox M200

      31/03/2016
      0
Alerts & BugsSophos
Home›Alerts & Bugs›Sophos: Hafnium ALERT: Recommendations to remediate Exchange Server vulnerability

Sophos: Hafnium ALERT: Recommendations to remediate Exchange Server vulnerability

By admin
13/03/2021
944
0
Share:
Sophos Logo

On March 2nd, zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server 2013, 2016, and 2019 were publicly disclosed. These vulnerabilities are being actively exploited in the wild by Hafnium and other threat actors.

Sophos strongly recommends you take this threat seriously and act immediately, if you have not already done so. Whether that is educating your customers using the links below, or taking action if you manage their infrastructure. Sophos is regularly updating the Hafnium articles with the latest information and detections.
• HAFNIUM: Advice about the new nation-state attack  
• Protecting Sophos Customers from Hafnium  
• Serious Security: Webshells explained in the aftermath of HAFNIUM attacks  
• Naked Security Podcast S3 Ep23: Hafnium happenings, I see you, and Pythonic poison  

Actions to take if you manage customer infrastructure

Security best practices state you should assume your customers are impacted and act accordingly. At a minimum you should:  
• Backup Exchange/IIS Server logs then patch all Exchange servers  
ο Patching only ensures that your customer cannot be breached again. If they have already been breached, they will continue to be vulnerable even after patching  
• If your customer has a Sophos EDR product, perform a threat hunt by running queries to determine the possible exposure  
• Remove web shells and change passwords on all Exchange Servers  
• Ensure endpoint protection is deployed on all endpoints and servers  

The Sophos Managed Threat Response (MTR) team has published detailed guidance on how to respond to Hafnium. If you or your customers need expert assistance to determine exposure or remediate the situation, there are services available to help:  
• Managed Threat Response (MTR) – a managed security service that can perform threat hunting to identify adversarial activity in your environment and neutralize the situation  
• Rapid Response (RR) – If you have identified an active attack in your environment and need immediate assistance to neutralize the attack, this service is available
Previous Article

WatchGuard: Hafnium Exploit: Important Information You Need ...

Next Article

Advisory: Sophos Central Maintenance scheduled for Saturday, ...

0
Shares
  • 0
  • +
  • 0
  • 0
  • 0
  • 0

Related articles More from author

  • Sophos Logo
    Alerts & BugsSophos

    Advisory: Cyberoam Firewall Remote Code Execution Vulnerability

    16/03/2020
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Sophos XG Firewall: Access server is coredumping in some cases if CAA is used

    21/11/2019
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Sophos: Important Product Lifecycle Updates

    03/03/2022
    By admin
  • WatchGuard logo
    Alerts & BugsWatchGuard

    End of Life for Old Versions of spamBlocker Engine

    08/02/2021
    By admin
  • Sophos Logo
    Alerts & BugsSophos

    Sophos – PMX 6.4.8 upgrade and ignore_policy_error option

    11/09/2019
    By admin
  • SonicWall Logo
    Alerts & BugsSonicWALL

    Security Advisory: SonicOS Vulnerability In Firewall Web Management Interface

    15/06/2021
    By admin

  • Fortinet NSS Labs
    News

    FortiGate NGFW Consistently Delivers in NSS Lab’s 2018 DCSG Group Tests

  • Sophos Logo
    Alerts & BugsSophos

    SOPHOS Security Update for Users of Web Application Firewall (WAF) in SFOS

  • Sophos Logo
    Software UpdatesSophos

    Sophos SFOS 16.05.7 MR7 Released

Timeline

  • 29/03/2022

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

  • 03/03/2022

    Sophos: Important Product Lifecycle Updates

  • 01/03/2022

    Shoring up your cybersecurity posture in light of ongoing crisis

  • 23/02/2022

    WatchGuard Support Alert

  • 03/02/2022

    Sophos: Important Product Lifecycle Reminder

Sponsored Links

Latest Comments

  • Paul Sillars
    on
    21/06/2016
    I received this in an email this morning, it was the first I heard about it ...

    Dell Software Group sold to help fund looming EMC deal

  • Paul Sillars
    on
    20/06/2016
    This is going to be an interesting one to watch. Especially after today's announcement that ...

    Ingram Micro gets distribution access to Dell’s security range in Australia

Find us on Facebook

Firewall.News Logo

This site serves more as a reference point for some of the major security vendor's updates and product/press releases

It will never be a definitive list, but it helps our customers keep up to date and also allows us to express our comment and observations as well.

About us

  • PO Box 451, North Lakes, Queensland, 4509, Australia
  • [email protected]
  • Recent

  • Popular

  • Comments

  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Sophos Logo

    Sophos: Important Product Lifecycle Updates

    By admin
    03/03/2022
  • Shoring up your cybersecurity posture in light of ongoing crisis

    By admin
    01/03/2022
  • WatchGuard logo

    WatchGuard Support Alert

    By admin
    23/02/2022
  • Dell SonicWALL Supermassive

    Ingram Micro gets distribution access to Dell’s security range in Australia

    By admin
    14/06/2016
  • Francisco Partners and Elliott Management to Acquire the Dell Software Group

    Dell Software Group sold to help fund looming EMC deal

    By admin
    21/06/2016
  • WatchGuard Firebox M500 – The Cure for HTTPS Performance Headaches

    By admin
    05/03/2015
  • Sophos Logo

    Advisory: Sophos Central Maintenance scheduled for Saturday, April 2nd, 2022

    By admin
    29/03/2022
  • Paul Sillars
    on
    21/06/2016

    Dell Software Group sold to help fund looming EMC deal

    I received this in ...
  • Paul Sillars
    on
    20/06/2016

    Ingram Micro gets distribution access to Dell’s security range in Australia

    This is going to ...

Follow Me

  • Contact
  • About Us
  • Home