On March 3, 2021, Microsoft released updates to a critical vulnerability for Microsoft Exchange. Active exploitation of this vulnerability has been observed even prior to the patch being issued – companies or their vendors should confirm patches have been installed AND scan for indicators of compromise. Note that if indicators of compromise are observed, patching does NOT remove the access an actor may have gained. Please reference the following links provided by CISA and the FBI:
https://www.ic3.gov/Media/News/2021/210310.pdf
https://us-cert.cisa.gov/remediating-microsoft-exchange-vulnerabilities
On March 10, 2021, F5 announced multiple vulnerabilities that may allow an attacker to perform remote code execution in their BIG-IP and BIG-IQ products. Any users of this software should review the security advisory and install the critical patches as soon as possible:
https://support.f5.com/csp/article/K02566623
It is important that financial institutions and service providers respond appropriately to assess the risk to their systems, consumers, and customers and to take any mitigation steps necessary to address vulnerabilities and customer impact.
