Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a […]
Cyber NewsTwo men, who previously worked at eBay, have been sentenced to prison after admitting their role in a cyberstalking campaign that targeted the editor and publisher of a newsletter that criticised the company. Read more in my article on the Hot for Security blog.
Cyber NewsThe “ProxyNotShell” security vulnerabilities can be chained for remote code execution and total takeover of corporate email platforms.
Cyber NewsThe behavior of the actors was reportedly identical to what was described by Minerva Labs in 2021
Cyber NewsThe SolarMarker group is exploiting a vulnerable WordPress-run website to encourage victims to download fake Chrome browser updates, part of a new tactic in its watering-hole attacks.
Cyber NewsThe advisory suggests Zinc has targeted media, defense and aerospace, and IT services
Cyber NewsLuxury pre-owned watch website Watchfinder has warned its user base that their personal data has been accessed after an employee’s account was broken into and a customer list accessed.
Cyber NewsThreat actors have been found deploying never-before-seen post-compromise implants in VMware’s virtualization software to seize control of infected systems and evade detection. Google’s Mandiant threat intelligence division referred to it as a “novel malware ecosystem” that impacts VMware ESXi, Linux vCenter servers, and Windows virtual machines, allowing attackers to maintain persistent access
Cyber NewsThe vulnerabilities were first discovered by Vietnamese cybersecurity firm GTSC
Cyber News