CERT.at: Review of the first third of 2021
In its report, CERT.at, an initiative of the domain registry nic.at, informs about incidents, projects as well as conferences of the first third of the year.
Among other topics, the blog post reports on SilverFish APT and Microsoft Exchange emergency patches:
In March, the IT security company PRODAFT was able to access the infrastructure of the highly professionalized hacking group "SilverFish". In the course of their work, PRODAFT also identified victims. Among other national CERTs/CSIRTs of countries that had been affected, CERT.at was contacted and received a list with the (few) victims in Austria, which were immediately informed.
Also in March, Microsoft published emergency patches for its e-mail server "Microsoft Exchange". However, these contained several weaknesses, enabling attackers to execute arbitrary code as NT Authority\SYSTEM on unleased servers without any authentication. With the help of a script published by Microsoft, in which vulnerable installations could be identified externally, CERT.at was able to quickly create a scan for Austria and inform potentially affected persons.
These and other topics can be explored in the blog post.