Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft: ProxyShell Bugs “Might Be Exploited,” Patch Servers Now!

Microsoft: ProxyShell Bugs “Might Be Exploited,” Patch Servers Now!

Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions.

ProxyShell is a collection of three security flaws (patched in April and May) discovered by Devcore security researcher Orange Tsai, who exploited them to compromise a Microsoft Exchange server during the Pwn2Own 2021 hacking contest:

Although Microsoft fully patched the ProxyShell bugs by May 2021, they didn’t assign CVE IDs for the vulnerabilities until July, preventing some orgs with unpatched servers from discovering that they had vulnerable systems on their networks.

Also Read: Compliance With Singapore Privacy Obligations; Made Easier!

Microsoft silent on active attacks

Security researchers and the US Cybersecurity and Infrastructure Security Agency (CISA) have already warned admins to patch their Exchange servers to defend against ongoing attacks using ProxyShell exploits that started in early August.

However, despite all previous warnings of active attacks, Microsoft failed to inform customers that their on-premises Exchange servers are under attack until today.

“This past week, security researchers discussed several ProxyShell vulnerabilities, including those which might be exploited on unpatched Exchange servers to deploy ransomware or conduct other post-exploitation activities,” The Exchange Team said. [emphasis ours]

“If you have installed the May 2021 security updates or the July 2021 security updates on your Exchange servers, then you are protected from these vulnerabilities. Exchange Online customers are also protected (but must make sure that all hybrid Exchange servers are updated).”

Microsoft says that customers must install AT LEAST ONE of the supported latest cumulative updates and ALL applicable security updates to block ProxyShell attacks.

Per Microsoft, Exchange servers are vulnerable if any of the following conditions are true:

  • The server is running an older, unsupported CU;
  • The server is running security updates for older, unsupported versions of Exchange that were released in March 2021; or
  • The server is running an older, unsupported CU, with the March 2021 EOMT mitigations applied.

Active exploitation by multiple threat actors

CISA’s Monday warning that multiple threat actors are actively exploiting the ProxyShell vulnerabilities came after similar ones alerting organizations in March to defend their networks from a wave of attacks.

The March Exchange attacks were orchestrated by Chinese state-backed hackers who hit tens of thousands of organizations worldwide using exploits targeting four zero-day Exchange bugs collectively known as ProxyLogon.

Just as it happened in March, attackers are now scanning for and hacking Microsoft Exchange servers using the ProxyShell vulnerabilities after security researchers and threat actors reproduced a working exploit.

While, in the beginning, the ProxyShell payloads dropped on Exchange servers were harmless, attackers are now deploying LockFile ransomware payloads delivered across Windows domains compromised via Windows PetitPotam exploits.

To have an idea of the scale of the issue, security firm Huntress Labs recently said it found more than 140 web shells deployed by attackers on over 1,900 compromised Microsoft Exchange servers by Friday last week.

Shodan is also tracking tens of thousands of Exchange servers vulnerable to ProxyShell attacks, most of them located in the US and Germany.

“New surge in Microsoft Exchange server exploitation underway,” NSA Cybersecurity Director Rob Joyce also warned over the weekend. “You must ensure you are patched and monitoring if you are hosting an instance.”

Also Read: Got A Notice Of Data Breach? Don’t Panic!

The NSA also reminded defenders that guidance published in March on hunting for web shells can still be used to defend against ProxyShell ongoing attacks.

Until Microsoft releases further guidance on protecting and detecting vulnerable servers against exploitation, you can find detailed info on how to identify unpatched Exchange servers and how to detect exploitation attempts in the blog post published by security researcher Kevin Beaumont.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us