Security

Microsoft Issues Emergency Patch as Chinese Hackers Exploiting Exchange Server Flaws | IT Security News Sponsors Endpoint Cybersecurity www.endpoint-cybersecurity.com – Consulting in building your security products– Employee awareness training– Security tests for applications and pentesting… and more. Daily Summary Patreon Categories CategoriesSelect Category(ISC)2 Blog  (323)(ISC)2 Blog infosec  (13)(ISC)² Blog  (318)2020-12-08 – Files for an ISC diary (recent Qakbot…

CVSS N/A 2021-03-03 01:15:00 2021-03-03 01:15:00 Microsoft Exchange Server Remote Code Execution Vulnerability This CVE ID is unique from CVE-2021-26412, CVE-2021-26854, CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27078.

News Microsoft Releases Out-of-Band Security Patches for Exchange Server Microsoft on Tuesday released out-of-band security patches for Exchange Server to address multiple zero-day flaws that are currently being exploited in active attacks. Organizations running Exchange Server 2013, Exchange Server 2016 and Exchange Server 2019 products should apply these patches right away. Microsoft also released security…

The sanctions are the first against Russia by the Biden administration, which has pledged to confront President Vladimir Putin for alleged attacks on Russian opposition figures and hacking abroad, including of US government agencies and US businesses. Former president Donald Trump had spoken admiringly of Putin and resisted criticism and many proposed penalties of Putin’s…

The Lactalis Group, one of the world’s largest food products groups, said it was hit by a cyberattack during which the intruders gained access to some of its computer systems. “The Lactalis Group has detected an intrusion on part of its computer network. We immediately took steps to contain this attack and have notified the…

The U.S. National Security Agency (NSA) has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model. Titled “Embracing a Zero Trust Security Model,” the document details the benefits and challenges of the security model, and also provides a series of recommendations on the implementation…

A critical vulnerability discovered in a firewall appliance made by Germany-based cybersecurity company Genua could be useful to threat actors once they’ve gained access to an organization’s network, according to Austrian cybersecurity consultancy SEC Consult. Genua Genugate is a firewall designed for protecting internal networks against external threats, segmenting internal networks, and protecting machine-to-machine communications….

As cybersecurity researchers continue to piece together the sprawling SolarWinds supply chain attack, top executives of the Texas-based software services firm blamed an intern for a critical password lapse that went unnoticed for several years. The said password “solarwinds123” was originally believed to have been publicly accessible via a GitHub repository since June 17, 2018,…

Cybersecurity experts at PiiQ Media report detecting a social media bot campaign that has been promoting “meme stocks” like GameStop Corp, suggesting that a hacking group might be behind the recent purchase frenzy powered by Reddit. After a group of users organized through Reddit forums, the price of GameStop shares skyrocketed, in an attempt to…

Google Pixel phones have started receiving the March 2021 Pixel update along with the latest Android security patch. The update brings new share audio recordings feature, improved integration for an accessory that allows using the camera underwater, and more. The feature drop is available for Google Pixel 3 phones and newer models. Along with the…