naked security by SOPHOS At the start of this month, CVE-2021-42321 was technically an Exchange zero-day flaw. This bug could be exploited for unauthorised remote code execution...
Category: Microsoft
bleepingcomputer – Microsoft Exchange servers hacked in internal reply-chain attacks
BLEEPING COMPUTER Threat actors are hacking Microsoft Exchange servers using ProxyShell and ProxyLogon exploits to distribute malware and bypass detection using stolen internal reply-chain emails. When...
crn – Iranian Hackers Exploiting Microsoft, Fortinet Vulnerabilities: Feds
‘The FBI and CISA have observed Iranian government-sponsored APT actors leverage Microsoft Exchange and Fortinet vulnerabilities to target a broad range of victims across multiple critical...
thehackernews – U.S., U.K. and Australia Warn of Iranian Hackers Exploiting Microsoft, Fortinet Flaws
The Hacker News Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell...
theregister – ChaosDB: Infosec bods could pull anyone’s plaintext Azure Cosmos DB keys at will from Microsoft admin tools
And they had a wildcard cert too. Still feeling secure? The Register An astonishing piece of vulnerability probing gave infosec researchers a way into to Microsoft’s...
theregister – Let us give thanks that this November, Microsoft has given us just 55 security fixes, two of which are for actively exploited flaws
Light load has infosec bods wondering what awaits next month The register As the US season of giving thanks and turkey carnage approaches, let us reflect...
helpnetsecurity – Microsoft patches actively exploited Exchange, Excel zero-days (CVE-2021-42321, CVE-2021-42292)
It’s a light November 2021 Patch Tuesday from Microsoft: 55 fixed CVEs, of which two are zero-days under active exploitation: CVE-2021-42321, a Microsoft Exchange RCE, and...
threatpost – Proofpoint Phish Harvests Microsoft O365, Google Logins
THREATPOST A savvy campaign impersonating the cybersecurity company skated past Microsoft email security. Phishers are impersonating Proofpoint, the cybersecurity firm, in an attempt to make off...
theregister – Microsoft rolls out $3-a-user Defender for small biz types
Endpoint security for firms with under 300 staffers The Register Sniffing the wind after the large uptick in ransomware attacks across the corporate world, Microsoft said...
nakedsecurity – Microsoft documents “SHROOTLESS” hack patched in latest Apple updates
naked security by SOPHOS When we wrote about Apple’s latest security patches earlier this week, we noted that: There are 37 listed fixes covering everything from AppKit to...
darkreading – Windows 11 Available: What Security Pros Should Know
Microsoft discusses the security requirements and changes coming to the newest version of its Windows operating system. DARKReading Microsoft today announced the official release of Windows...
darkreading – Microsoft: 58% of Nation-State Cyberattacks Come From Russia
DARKReading A wealth of Microsoft data highlights trends in nation-state activity, hybrid workforce security, disinformation, and supply chain, IoT, and OT security. Russia is the source of...