Skip to content

【資安快訊】65台Exchange Server遭駭客入侵並植入鍵盤側錄程式,企圖竊取使用者帳號與密碼資訊

資安公司 Positive Technologies 發現,駭客針對全球至少 65 台 Microsoft Exchange Server 展開攻擊,並成功在 Outlook Web Access(OWA)登入頁植入鍵盤側錄工具(Keylogger),試圖竊取使用者帳號密碼。此次攻擊已持續超過一年,受害範圍涵蓋 26 個國家,其中以越南、俄羅斯與台灣最為嚴重,受害單位包括政府機關、IT 公司、工業與物流業者。
攻擊者透過將惡意 JavaScript 程式碼注入至 OWA 頁面,例如登入按鈕元件,偽裝成正常操作邏輯,誘使使用者在登入時不自覺將帳密資料送出。被側錄的資料會儲存在 Exchange 主機本地特定路徑,或傳送至駭客控制的遠端伺服器。這類攻擊多利用已知但未修補的 Exchange Server 漏洞,包括 CVE-2021-34473、CVE-2021-31207 等,顯示許多組織未定期維護更新系統。
為降低風險,資安專家建議立即修補 Exchange 系統已知漏洞、啟用 MFA 強化登入驗證,並透過網站內容安全政策(CSP)等方式防範惡意程式碼注入。同時,應定期稽核登入頁面完整性,監控可疑的外部請求與異常登入行為,避免帳密資料在未察覺下遭到竊取。此次事件再次凸顯即便是內部應用入口,如 OWA,也可能成為駭客入侵與竊資的破口,企業應全面審視並強化資安防線。
強化漏洞管理與修補機制,避免成為攻擊跳板。 

資安建議:
1. 立即修補漏洞:儘速安裝所有已知 Exchange Server 安全更新(特別是 CVE-2021-34473、CVE-2021-31207 等關鍵漏洞)。
Atera/IT服務管理解決方案 】 提供的遠端管理平台包括漏洞管理與修補功能,可以自動化修補過程以及進行漏洞掃描,對於中小型企業來說是個便捷的選擇。
2. 導入 WAF 或反惡意行為代理
Penta Security WAPPLES/WAAP安全解決方案】企業級 Web 應用程式防火牆(WAF),透過行為分析與規則比對技術,辨識並阻擋各種 Web 層攻擊,確保網站與 API 的安全性與合規性。
3. 偵測並阻擋可疑注入或鍵盤側錄活動的 HTTP 流量。
ESET /企業資安解決方案】ESET Mail Security 是 ESET 專為 Microsoft Exchange Server、IBM Domino 及 Linux 郵件伺服器 所設計的 電子郵件防護解決方案。ESET Endpoint Security 啟用瀏覽器防護、加密的記憶體防護、鍵盤防護。

原文出處:【iThome新聞】65臺Exchange Server遭鎖定,駭客埋入鍵盤側錄工具,企圖挖掘用戶帳密資料

關於ESET
ESET成立於1992年,是一家面向企業與個人用戶的全球性的電腦安全軟件提供商,其獲獎產品 — NOD32防病毒軟件系統,能夠針對各種已知或未知病毒、間諜軟件 (spyware)、rootkits和其他惡意軟件為電腦系統提供實時保護。ESET NOD32佔用 系統資源最少,偵測速度最快,可以提供最有效的保護,並且比其他任何防病毒產品獲得了更多的Virus Bulletin 100獎項。ESET連續五年被評為“德勤高科技快速成長500 強”(Deloitte’s Technology Fast 500)公司,擁有廣泛的合作夥伴網絡,包括佳能、戴爾、微軟等國際知名公司,在布拉迪斯拉發(斯洛伐克)、布裏斯托爾(英國 )、布宜諾斯艾利斯(阿根廷)、布拉格(捷克)、聖地亞哥(美國)等地均設有辦事處,代理機構覆蓋全球超過100個國家。

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

AI 治理:安全採用 AI 的關鍵政策

大規模安全導入 AI 的數據、身份與整合治理

人工智能 (AI) 已迅速從實驗性項目,轉變為 IT 策略的核心組成部分。大多數組織不是已經在使用 AI,就是正在積極規劃大規模部署。這場巨大的轉變,要求 IT 團隊必須緊急重新思考如何管理基礎設施、保護身份和確保敏感數據的安全。

快速採用帶來了顯著的風險。AI 系統會與關鍵基礎設施互動、處理機密資訊,甚至可能自主執行決策。如果缺乏健全的治理,這將導致安全漏洞和重大的合規性問題。您現在制定的政策,將決定 AI 成為組織的競爭優勢或昂貴的負債。

核心任務:治理 AI 以防範「影子 AI」

大多數 IT 領導者深切關注 AI 採用失控的風險,許多組織擔心未經審查的整合和合規性暴露。良好的治理是解決之道。清晰的政策確立了 AI 可用於何處、誰必須批准新工具,以及如何監控其使用情況。

影子 AI 的風險

政策對於防止 「影子 AI」(Shadow AI) 至關重要,即團隊在沒有 IT 監督的情況下部署未經批准的工具。這種缺乏可見性的情況,會瞬間打開數據洩漏和智慧財產權暴露的大門。主動治理可確保減少意外發生,並為關鍵系統提供更好的保護。

五項核心 AI 治理政策

為了安全地向前邁進,IT 領導者必須在以下五個領域定義規則:

  • 1. 正式的整合審查與批准: 每個新的 AI 整合都必須遵循由 IT 安全或架構團隊主導的正式審查流程。這項政策確保在工具上線 之前,必須完成強制性的安全掃描、數據流審查和合規性驗證。
  • 2. 機器身份與存取管理 (IAM): AI 工具依賴服務帳號和機器人,但這些通常管理不善。政策必須要求實施強大的 IAM 實踐,包括將服務帳號的權限限制在最低需求,並要求定期輪換 API 金鑰和憑證。
  • 3. 嚴格的數據治理與分類: AI 模型的可靠性取決於其輸入數據的品質。政策必須強制執行數據分類(例如:公開、機密),並要求敏感數據在用於 AI 訓練或推理之前,必須經過加密、清洗和驗證。這能確保系統可靠並隨時準備好進行稽核。
  • 4. 監控與事件回應框架: 可見性是關鍵。政策必須定義哪些 AI 相關事件(身份活動、整合、數據存取)將被記錄,哪些安全閾值會觸發警報,以及 AI 相關事件應如何被升級和調查。
  • 5. 變更管理與文件紀錄: 每個已部署的 AI 工具或整合都需要詳細的書面紀錄。政策必須強制要求對工具的目的、風險評估和數據來源進行徹底的文件紀錄,並記錄所有後續的變更和更新。這有助於簡化稽核並防止未經授權的部署。

引領 AI 採用的下一步

AI 是現代 IT 中不可逆轉的一部分。目標不再是阻止其使用,而是以一種安全、可擴展且符合業務目標的方式進行治理。透過現在就制定明確的政策——正式批准整合、仔細管理機器身份、保護數據、監控活動和記錄每次變更——您的團隊就能獲得安全使用 AI 所需的控制權。

儘早採取行動:實施這些治理步驟,以避免後續產生高昂的安全和合規性問題。

要深入了解像您這樣的組織如何採用和保護 AI,請下載 JumpCloud 最新的 IT 趨勢特別報告。

引領 AI 需要掌控,而非混亂。

關於 JumpCloud

JumpCloud® 提供一個統一的開放式目錄平台,使 IT 團隊和 MSP 能夠輕鬆、安全地管理公司企業中的身份、裝置和存取權限。通過 JumpCloud,用戶能夠從任何地方安全工作,並在單一平台上管理其 Windows、Apple、Linux 和 Android 裝置。

About Version 2

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products. Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Action1 Named America’s Fastest-Growing Private Software Company on 2025 Inc. 5000 List

Action1, a leader in autonomous endpoint management (AEM), today announced it has been named the fastest-growing private software company in America, ranking #1 in its industry and #29 overall on the prestigious 2025 Inc. 5000 list. This first-time inclusion highlights the company’s hypergrowth and disruption of the traditional IT tools market.

“We are thrilled to be recognized as America’s fastest-growing private software company,” said Mike Walters, President and Co-founder of Action1. “This reflects the massive demand for cybersecurity innovation that is powerful, secure, and simple to deploy. Our growth is driven by an ambitious vision: to prevent all cyberattacks that exploit software vulnerabilities.”

Action1’s rapid growth, which outpaces SaaS and cybersecurity benchmarks, is fueled by its mission to make enterprise-grade security accessible to all. The company backs this by offering its fully functional, cloud-native platform free for the first 200 endpoints, supporting organizations of all sizes.
Mike Hofman, editor-in-chief of Inc., noted that this year’s honorees “didn’t just weather the storm—they grew through it,” praising their tenacity and clarity of vision amid economic challenges.
The full 2025 Inc. 5000 list can be found at www.inc.com/inc5000.

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Action1 Launches MSP Partner Program Offering Premium Support, Exclusive Pricing, and New Revenue Streams

Action1, a leader in autonomous endpoint management (AEM), today launched its new MSP Partner Program. The program is specifically designed to equip Managed Service Providers (MSPs) with the tools necessary to deliver high-margin, recurring patch management services and gain a competitive edge, especially when servicing SMBs and mid-market clients who often lack dedicated in-house IT resources.

“We designed this program to give MSPs a competitive advantage that directly boosts their bottom line. We are committed to helping them deliver patch management that is far beyond what traditional RMM tools can achieve, allowing them to deepen their value as trusted advisors.”
— Branden Boag, VP of Sales & Alliances at Action1
 

Key Program Benefits for MSPs

The Action1 MSP Partner Program focuses on enhancing partner profitability, efficiency, and service quality:

  • Advantage Pricing: Exclusive, lower pricing compared to non-partners, which directly contributes to higher profit margins.
  • Premium Support: Access to a dedicated customer success manager and premium technical support for faster remediation of critical issues.
  • New Revenue Opportunities: Resale and referral options for serving larger organizations outside their traditional managed services base.
  • Superior Patching: A more comprehensive and effective patch management solution than traditional RMM tools, ensuring significantly higher endpoint compliance and security.
  • Co-Marketing & Certification: Access to co-marketing resources and financial incentives for technician certification to help validate expertise and drive leads.
“Working with Action1 gives us fast, automated patching across all client environments—no infrastructure, no hassle. It allows us to deliver high-value, scalable services that enhance security and drive recurring revenue.”
— Tunde Odeleye, Principal Security Architect & CISO at Data Center Warehouse

The Action1 MSP Partner Program is now open to qualified Managed Service Providers globally, with a primary focus on the US market, ready to help partners expand their managed security services portfolio.

The Action1 MSP Partner Program is now open to qualified MSPs globally, with a primary focus on the US market.

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Action1 Doubles Endpoint Coverage for Free to Turn Cybersecurity Awareness into Action


Action1, a provider of autonomous endpoint management (AEM) solutions, is doubling its endpoint coverage for all customers and free-tier users worldwide throughout October. This no-cost initiative for Cybersecurity Awareness Month (CAM) is designed to help organizations move beyond awareness to immediate, tangible action against rising cyber threats.
The company’s initiative responds to an escalating threat landscape, highlighted by its 2025 Software Vulnerability Ratings Report, which found a 96% increase in exploited vulnerabilities. By doubling endpoint coverage, Action1 empowers IT teams to detect and patch vulnerabilities across twice as many devices, removing budget barriers to critical security, especially for smaller and under-resourced organizations.
“Awareness is important, but action is what truly secures environments,” said Mike Walters, President and Co-founder of Action1. He noted that patching can dramatically reduce vulnerabilities and that this initiative aims to make “real progress toward a safer digital world” by making robust cybersecurity more accessible.

About Action1

Action1 is an autonomous endpoint management platform trusted by many Fortune 500 companies. Cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching with peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates routine labor, preempts ransomware and security risks, and protects the digital employee experience.

In 2025, Action1 was recognized by Inc. 5000 as the fastest-growing private software company in America. The company is founder-led by Alex Vovk and Mike Walters, American entrepreneurs who previously founded Netwrix, a multi-billion-dollar cybersecurity company.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×