This episode is a quick look at the Hafnium Exchange Service Hack. It is believed that the threat actor is operating out of China but that has not been confirmed yet.
Four specific types of vulnerabilities
CVE 2021-26855 server side vulnerability which allows you to send https requests from the exchange device.
CVE 2021-26857 deserialization vulnerability which allows you to run code as an administrator.
They took all of the vulnerability.
CVE 2021- 26858 Post authorization file vulnerability which allows they to write anything anywhere on the disc.
CVE- 2021- 27065 Arbitrary write vulnerability which allows you to navigate through the disc and write things as an admin.
What can happen?
-Can infiltrate date
-Go through your machine
-Send mail to people.
-Misdirected payments
What to do?
Create a patch exchange to make sure the system has the newest and best from microsoft.
Hire a digital forensics expert who can examine your network.
Do threat hunting and test the environment with penetration testing.
The time to react is right now. Threat actors know that security firms are trying to move as fast as possible. The threat actors are trying to move even faster and get through as many computers as possible. All we can say you need to work fast to keep yourself protected.
