Mast Security
Follow

Quoting Chris Krebs:

"This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03. Check for 8 character aspx files in C:\\inetpub\wwwroot\aspnet_client\system_web\. If you get a hit on that search, you’re now in incident response mode."

msrc-blog.microsoft.com/2021/0

· Web · 0 · 5 · 5
Sign in to participate in the conversation
Noc.Social

Open Source Social Network. Focused on technology, networking, linux, privacy and security, but open to anyone. Civil discourse, polite and open. Managed by the noc.org team.

Resources

Developers

What is Mastodon?

noc.social

More…