This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Protection from HAFNIUM

Is the protection against the newest Exchange 0 day exploit available or better since what time was that available? This would be helpful for research for Indicators of Compromise (IOCs) in the logs. Or maybe no protection against that is available and I can skip the UTM.

More information can be found here https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/

Best 

Alex



This thread was automatically locked due to age.
Parents Reply Children
  • I hope so :-)

    But a small, contemporary notification from Sophos (somewhere: twitter, nakedsecurity...) that just tells "pattern are Up2date now" in case of such big exploits would be great...

    I also asked in Support-Chat today and the guy told me to ask my territory manager instead of direct linking to IPS-List...

  • Hi Steve,

    again: if you rely on AV or IPS or WAF alone you are doing it wrong!

    • HOST AV/ML/C2 detections can assist you finding known post-exploitation artefacts (webshells...)
    • GW IPS/ATP detections can visualize ongoing exploitation or exfiltration attempts (lateral movement)
    • EDR/XDR can help you find further evidence or assist your inverstigation/forensics

    btw. why are we even still in the Web Protection Forum?

    My Sophos Contact just dropped me the following

    Webshell related: Troj/WebShel-L/M/N, Troj/ASPDoor-T, Troj/AspScChk-A

    Other payloads: ATK/Pivot-B, AMSI/PowerCat-A, AMSI/PSRev-A, C2/ATP and CIXA CredGuard

    I personally have seen ATK/Pivot-B and Troj/AspScChk-A at compromised customers sites so far

    www.virustotal.com/.../detection (26/59 at 2021-03-06)

    www.virustotal.com/.../detection (20/61 at 2021-03-06)

    Regards

    Steven