Microsoft Exchange on-prem servers being exploited by zero-day vulnerabilities.

This is an active exploitation of customers on-prem Exchange servers and our research suggests that the spread is much larger than Microsoft had initially disclosed.

Our team has published a reddit thread and blog post to provide an overview of this threat and what we’re doing in response—check out the highlights below. Join us for a webinar Thursday, March 4th at 1:00pm EST to learn more about these vulnerabilities.

What’s happening?

According to Microsoft’s initial blog, they detected multiple zero-day exploits being used to plunder on-premise versions of Microsoft Exchange Server in what they claim are “limited and targeted attacks.” From our data and analysis, we’ve checked over 2,000 Exchange servers and found ~400 vulnerable with an added ~100 potentially vulnerable.

Why is this significant?

We have seen indicators that this is a large-scale, spray-and-pray attack—not just “limited and targeted attacks” as Microsoft suggested. The targeted organizations range from small hotels, appliance manufacturing, mom-and-pop shops all the way up to city and county governments, healthcare providers, banks and financial institutions and residential electricity providers.

Among the vulnerable servers, we also found over 300+ webshells deployed—some targets may have more than one webshell, potentially indicating automated deployment or multiple uncoordinated actors. And from what we’ve seen, the majority of these endpoints do have antivirus or EDR solutions installed—indicating that preventive security measures have failed to catch this threat.

What should you do?

If you use on-prem Microsoft Exchange Servers, assume you’ve been hit. We recommend you patch immediately, externally validate the patch, and hunt for the presence of these webshells and other indicators of compromise (visit the blog for more technical details).

On your Exchange servers, examine these filesystem paths:

• C:\inetpub\wwwroot\aspnet_client\
• C:\inetpub\wwwroot\aspnet_client\system_web\ (if system_web exists)

If you see unfamiliar .aspx files with random names, and their contents looks like log output with an ExternalUrl line indicating the use of “JScript” code, there is a strong possibility this host is compromised.

Cisco SMB
Cisco Specialization in Small and Midsize Business

The SMB Customer Opportunity

Small and medium-sized businesses (SMBs) have become
the IT industry’s fastest-growing segment. With this trend
comes a heightened demand from customers for knowledgeable network professionals who can successfully design and
deploy Cisco® SMB solutions. This is especially true in the
SMB market, where customers rely heavily on their partners
as trusted advisers.


Three Common Pitfalls of Implementing Agile Methodology

By James Dobbs (https://www.linkedin.com/in/james-david-dobbs)

The Agile methodology is a powerful tool that can increase the success rate for project delivery, decrease delivery time, lower the rate of troubled projects, control budget overruns, and increase team morale. As a result, many organizations are hastily moving projects onto the Agile methodology that may not be suited for it. This can cause massive negative impacts and destroy entire programs.

Issue #1:

Determining when Agile is effective and when it is not.

When properly applied to projects where it is well suited, Agile is an extremely valuable tool with myriad upsides and few to no downsides. If Agile is misapplied to a project, the results can be disastrous. Every project should be reviewed on a case-by-case basis to determine if the Agile methodology will be useful. One can do this by asking themselves the following about a project:

Q: Is the problem to be solved simple or complex?
A: Complex projects are a better use case for Agile.

Q: Are the solutions initially known or unknown?
A: Agile works better when project solutions are unknown.

Q: Are requirements set in the beginning and unlikely to change?
A: The Agile methodology is better for projects with changing requirements.

Q: Are end users able to collaborate and give feedback?
A: Agile is better for projects in which end users can collaborate closely and provide feedback.

Q: Is the work modular, and can it be conducted in rapid iterative cycles?
A: If the work is incremental, Agile is a more favorable methodology.

Q: Are late changes manageable, or are late changes expensive/impossible?
A: Agile should only every be used when late changes are manageable.

Q: Are end users unable to start testing parts of the project before the whole project is complete?
A: Agile only functions properly when iterative testing can successfully inform development.

Q: Are mistakes during the project low-cost opportunities to learn and make improvements, or are mistakes catastrophic?
A: Agile should only be used when mistakes are low-cost opportunities for improvement.

Issue #2:

Management must trust teams to set their own velocities for issues.

When a cross-functional team comes together to evaluate an issue that needs to be addressed, they determine their collective domain knowledge, experience, and the ability of all necessary parties to sync up and collaborate on aspects of the issue. These factors create an inherently unique team to which past teams (or hypothetical ones) cannot be compared. These are the factors that a team uses to determine the velocity on a project and for Management to collapse or expand that timeline can introduce chaos and undermine the Agile methodology.

Issue #3:

Agile must be customized, but not too quickly.

Do not use the Agile approach to customizing Agile. Only after using proven approaches, rules, and methodologies that have delivered success in thousands of companies for hundreds of thousands of projects (and perfecting them) can an organization move to customizing Agile to fit their needs.

Agile must be iteratively improved. Once a team is ready to make changes, the should track not only the metrics they’re looking to improve, but also any effect on key performance indicators, including team morale. If slowly and systematically optimized, an organizations homebrew version of Agile can become more powerful than the base Agile methodologies. If properly implemented with skilled cross-functional teams on appropriate projects, the Agile methodology can set an organization and its teams up for unparalleled success.

UniFi-Video Products End of Life Announcement

Phasing out UniFi-Video products – Unifi-Video is EOL

Starting January, 1st 2021 (01/01/2021) all available UniFi-Video resources will focus on UniFi Protect to accelerate its development in terms of features, scalability, security, and continuous efforts to create the best user experience for our video-related products. 

This means UniFi-Video products will no longer be offered or supported, beyond 2020. More specifically: 

  • No software or hardware revisions will be released, including for web UI and mobile applications
  • No customer support will be available
  • No security updates
  • All cloud operations will be shut down and video.ui.com will no longer be accessible

The Plan Ahead for the EOL of Unifi-Video

You can expect two more UniFi-Video release cycles including beta releases (v3.10.13 and v3.10.14). These will address the most critical issues in terms of security updates and/or regressions, so if you plan on continuing to use UniFi-Video beyond the end of life date, we strongly recommend you upgrade your systems to these latest releases as they become available.

Switching to UniFi-Protect

If you decide to switch over to UniFi-Protect, a “one-click” migration of UniFi-Video managed cameras and some user settings will be available in the next controller release for a seamless transition.

Several options are/will be available in terms of NVRs depending on your cameras and storage needs.

UniFi-Protect currently supports the following camera models:

  • UVC, UVC-Dome, UVC-Pro 
  • All G2 cameras
  • UVC-G3, UVC-G3-Flex, UVC-G3-Dome, UVC-G3-Micro, UVC-G3-Pro
  • UVC-G4-Bullet, UVC-G4-Pro

Existing UniFi-Video Recordings

Recordings will not be migrated over to Protect, but they will remain accessible from UniFi-Video applications as long as you keep the UniFi-Video controller running on your NVR/Server.

Note: Remote access has been extended to Jan. 15, 2021 – users will still be able to log in and access their UniFi Video installations via video.ui.com until this date.