Cybersecurity Microsoft patches new Exchange CVEs, credits NSA with discovery By Justin Katz Apr 13, 2021 Microsoft on Tuesday released patches for two newly discovered vulnerabilities in on-premise Exchange servers, separate from zero-day exploits found in March, and the company is crediting the National Security Agency with identifying the flaws. “These new…
Xinhua file photos of Russian President Vladimir Putin (L) and U.S. President Joe Biden U.S. President Joe Biden on Tuesday called on Russia to de-escalate its tensions with Ukraine in his phone call with Russian President Vladimir Putin, the White House said. The president voiced concerns over the sudden Russian military build-up in Crimea and…
Popular TCP/IP stacks are affected by a series of Domain Name System (DNS) vulnerabilities that could be exploited to take control of impacted devices, researchers with IoT security firm Forescout reveal. Collectively called NAME:WRECK and identified in the DNS implementations of FreeBSD, Nucleus NET, IPnet, and NetX, the flaws could also be abused to perform…
Microsoft today released updates to plug at least 110 security holes in its Windows operating systems and other products. The patches include four security fixes for Microsoft Exchange Server — the same systems that have been besieged by attacks on four separate (and zero-day) bugs in the email software over the past month. Redmond also…
The Russian military has built up its military presence in Crimea and along the border with Ukraine, raising concerns among the U.S. and its allies of a potential conflict. Russia has stationed the highest number of troops along Ukraine’s border since 2014, and leaders there have been mulling how to respond to the moves from…
Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day. Microsoft today issued fixes for 114 vulnerabilities as part of its monthly security update release, which this month addressed 19 critical flaws, four critical Microsoft Exchange Server bugs found by the National Security Agency (NSA),…
3rd Party Risk Management , Account Takeover Fraud , Application Security & Online Fraud Tom Kellermann of VMware Carbon Black on Fraud Trends and Essential Defenses Tom Field (SecurityEditor) • April 13, 2021 Tom Kellermann, head of cybersecurity strategy, VMware Carbon Black Brokerage account takeover, supply chain attacks,…
Key Findings McAfee sees COVID-19-themed cyber-attack detections increase by 114% in Q4 2020 Powershell threats grow 208% driven by Donoff malware New malware samples grow 10%; averaging 648 new threats per minute New ransomware increases 69%; Mobile malware grows 118% McAfee observes 3.1 million external attacks on cloud user accounts The Eternal Blue exploit was…
Behind the strategies and solutions needed to counter today’s cyber threats are—dedicated cybersecurity researchers. They spend their lives dissecting code and analyzing incident reports to discover how to stop the bad guys. But what drives these specialists? To understand the motivations for why these cybersecurity pros do what they do, we decided to talk with cybersecurity…
Microsoft has warned organizations of a “unique” attack campaign that abuses contact forms published on websites to deliver malicious links to businesses via emails containing fake legal threats, in what’s yet another instance of adversaries abusing legitimate infrastructure to mount evasive campaigns that bypass security protections.“The emails instruct recipients to click a link to review
