Australian Cyber Security Centre publishes best practices for securing Microsoft Exchange Server

Still running Microsoft Exchange on-prem? Don’t wait for a breach to make it secure. The ACSC and NSA have released new best practices to help harden Exchange environments, from patching and access control to encryption and migration. Simple actions like staying updated and limiting admin rights can make a big difference. Read the full ACSC guidance 👇 #CyberSecurity #MicrosoftExchange #ACSC #InfoSec #DataProtection #PatchManagement #SmallBusinessSecurity #Australia

In this week's Data Privacy + Cybersecurity Insider, Linn Freedman discusses the recently issued guidance from CISA and its partners, the NSA, ASD's ACSC, and Cyber Centre, outlining security best practices for administrators on hardening on-premises Exchange servers. The guidance is specific and relevant to the importance of updating, hardening, and monitoring Exchange servers to reduce the ongoing risk of cyber-attacks. https://lnkd.in/egeHdxTs #CISA #NSA #ASDACSC #CyberCentre #Exchange #securitypractices

🚨 Windows Remote Access Connection Manager 0-Day Vulnerability Actively Exploited in Attacks | Read more: https://lnkd.in/dt_kDpFJ Microsoft has confirmed active exploitation of a critical zero-day vulnerability in the Windows Remote Access Connection Manager (RasMan) service, allowing attackers to escalate privileges and potentially compromise entire systems. Tracked as CVE-2025-59230, the flaw stems from improper access control, enabling low-privileged users to gain SYSTEM-level access. The vulnerability affects multiple Windows versions and has already drawn attention from threat actors targeting enterprise environments. To Get Daily Security Updates, add Cyber Security News ® as your preferred source on Google -> https://lnkd.in/gtssq6QX #cybersecuritynews https://zurl.co/3BefF

Organizations with unprotected or misconfigured Exchange servers remain at high risk of compromise as threat activity persists, targeting vulnerable Exchange servers including versions that have reached end-of-life, says the US Cybersecurity and Infrastructure Security Agency (CISA) in its introduction to the guidance #comcastbusiness #iworkforcomcast

CISA Alerts on Active Exploitation of Windows SMB Vulnerability #internet #cybersecurity Source: https://ift.tt/OZWvnXF The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding a critical vulnerability, CVE-2025-33073, affecting Microsoft’s Windows SMB Client. This vulnerability presents a significant risk of privilege escalation, allowing cyber adversaries to gain unauthorized access to systems. As cyber threats continue to escalate, it is crucial for organizations to mobilize efforts to patch their systems ahead of the approaching November 10 deadline. The vulnerability exploits the Server Message Block (SMB) protocol, essential for Windows file-sharing and network communications. CISA warns that attackers may utilize social engineering tactics or drive-by downloads to execute malicious scripts, bypassing standard security measures. In response to this alert, prompt action is necessary. CISA recommends organizations to implement the latest Microsoft patches or cease using the affected products if immediate remediation is unfeasible. It is also advised to employ monitoring tools and audit for vulnerabilities. To learn more about the details and recommended actions regarding this alert, read our comprehensive blog post here: [CISA Alerts on Active Exploitation of Windows SMB Vulnerability](https://ift.tt/OZWvnXF). #rswebsols #CISAAlert #WindowsVulnerability #CyberThreats #PrivilegeEscalation #SMBExploitation

Cyber attackers continue to evolve and Akira ransomware is a stark example. Researchers have found that Akira can disable Microsoft Defender before encrypting files. It does this through a “bring your own vulnerable driver” technique, exploiting legitimate Windows drivers to load malicious ones. Once Defender is off, the system is left exposed. The attack has primarily affected older SonicWall VPN setups and reused credentials during upgrades, with fewer than 40 confirmed incidents so far. But the message is clear: even trusted, built-in protections can be bypassed if attackers gain a foothold. Layered security remains the best defence. Combine endpoint protection with MFA, timely patching, and strong credential management to limit risk. If Microsoft Defender was quietly switched off across your organisation, how long would it take you to find out?

Cyber attackers continue to evolve and Akira ransomware is a stark example. Researchers have found that Akira can disable Microsoft Defender before encrypting files. It does this through a “bring your own vulnerable driver” technique, exploiting legitimate Windows drivers to load malicious ones. Once Defender is off, the system is left exposed. The attack has primarily affected older SonicWall VPN setups and reused credentials during upgrades, with fewer than 40 confirmed incidents so far. But the message is clear: even trusted, built-in protections can be bypassed if attackers gain a foothold. Layered security remains the best defence. Combine endpoint protection with MFA, timely patching, and strong credential management to limit risk. If Microsoft Defender was quietly switched off across your organisation, how long would it take you to find out?

🚨 Hackers Actively Exploiting Windows Server Update Services RCE Vulnerability in the Wild | Read more: https://lnkd.in/gPCBX2hx CISA has warned organizations worldwide about active exploitation of a critical remote code execution (RCE) vulnerability in Microsoft's Windows Server Update Services (WSUS). Tracked as CVE-2025-59287, the flaw carries a CVSS score of 9.8, allowing unauthenticated attackers to execute arbitrary code with system-level privileges over a network, potentially compromising entire IT infrastructures. The threat is escalating rapidly, with security firms reporting real-world attacks as early as October 24, 2025. CISA and Microsoft recommend swift action to neutralize the threat. First, identify vulnerable servers by scanning for those with the WSUS role enabled and open ports 8530/8531. To Get Daily Security Updates, add Cyber Security News ® as your preferred source on Google -> https://lnkd.in/gtssq6QX #cybersecuritynews

⚠️ Heads up, SysAdmins & SecOps! A new WSUS RCE (CVE-2025-59287) with a CVSS score of 9.8 is being actively exploited in the wild Affects Windows Server 2012 → 2025 (with WSUS role enabled on ports 8530/8531) 🔒 My quick take: ✅ Patch immediately (October 2025 OOB update) ✅ Restrict WSUS ports to internal only ✅ Audit and disable unused roles One missed patch can open many doors — close them before hackers do! #CyberSecurity #WSUS #CVE202559287 #WindowsServer #InfoSec #PatchTuesday

The recent CISA warning about the critical RCE vulnerability (CVE-2025-59287) in Windows Server Update Services (WSUS) is a stark reminder of how deeply interconnected and fragile modern IT infrastructures have become. With a CVSS score of 9.8, this flaw represents more than just another patch to deploy — it’s a wake-up call for organizations that still underestimate the importance of timely patch management and defense-in-depth strategies. The fact that the vulnerability can be exploited without authentication and grants system-level privileges makes it particularly dangerous, especially in environments where WSUS servers are exposed or poorly segmented from production networks.