This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protection from HAFNIUM

Is the protection against the newest Exchange 0 day exploit available or better since what time was that available? This would be helpful for research for Indicators of Compromise (IOCs) in the logs. Or maybe no protection against that is available and I can skip the UTM.

More information can be found here https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Best

Alex

This thread was automatically locked due to age.

Top Replies

Steve Weißflog over 3 years ago +2

I think because there is no "promotion" on Sophos side it's not safe/secure at the moment. I think just OWA will be safe if you use WAF together with Reverse Authentication. I checked also other vendors…

Parents

0 LuCar Toni over 3 years ago

See IPS pattern:

https://lists.astaro.com/ASGV9-IPS-rules.html#221

https://docs.sophos.com/releasenotes/index.html

Recommended mitigation as always: Patch Systems and look for IoCs (EDR).

__________________________________________________________________________________________________________________
Cancel
Vote Up +1 Vote Down

Cancel
0 LuCar Toni over 3 years ago in reply to LuCar Toni

https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 LuCar Toni over 3 years ago in reply to LuCar Toni

https://news.sophos.com/en-us/2021/03/05/hafnium-advice-about-the-new-nation-state-attack/

__________________________________________________________________________________________________________________
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data