Another half-year through unprecedented times has passed. But as unique as these times may feel, we continue to see familiar exploits, names, and attacks taking up...
Category: IT Vendors
Cisco Talos shares insights related to recent cyber attack on Cisco
UPDATE HISTORY DATE DESCRIPTION OF UPDATES Aug. 10th 2022 Adding clarifying details on activity involving active directory. Aug. 10th 2022 Update made to the Cisco Response...
nakedsecurity – Check your patches – public exploit now out for critical Exchange bug
naked security by SOPHOS At the start of this month, CVE-2021-42321 was technically an Exchange zero-day flaw. This bug could be exploited for unauthorised remote code execution...
bleepingcomputer – Microsoft Exchange servers hacked in internal reply-chain attacks
BLEEPING COMPUTER Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. When...
crn – Iranian Hackers Exploiting Microsoft, Fortinet Vulnerabilities: Feds
‘The FBI and CISA have observed Iranian government-sponsored APT actors leverage Microsoft Exchange and Fortinet vulnerabilities to target a broad range of victims across multiple critical...
thehackernews – U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws
The Hacker News Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell...
theregister – ChaosDB: Infosec bods could pull anyone’s plaintext Azure Cosmos DB keys at will from Microsoft admin tools
And they had a wildcard cert too. Still feeling secure? The Register An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft’s...
theregister – Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws
Light load has infosec bods wondering what awaits next month The register As the US season of giving thanks and turkey carnage approaches, let us reflect...
helpnetsecurity – Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and...
threatpost – Proofpoint Phish Harvests Microsoft O365, Google Logins
THREATPOST A savvy campaign impersonating the cybersecurity company skated past Microsoft email security. Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off...
theregister – Microsoft rolls out $3-a-user Defender for small biz types
Endpoint security for firms with under 300 staffers The Register Sniffing the wind after the large uptick in ransomware attacks across the corporate world, Microsoft said...
helpnetsecurity – Rooting malware discovered on Google Play, Samsung Galaxy Store
HELPNETSECURITY Researchers have discovered 19 mobile apps carrying rooting malware on official and third-party Android app stores, including Google Play and Samsung Galaxy Store. “While rare,...