Exchange Servers Under Active Attack via ProxyShell Bugs

Publicly owned rail operator Northern Trains has an excuse somewhat more technical than “leaves on the line” for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count. “Last week we experienced technical difficulties with our self-service ticket machines, which meant all have had to be taken…

Microsoft’s Azure Cosmos DB vulnerability, reported yesterday, may leave users vulnerable to a misconfiguration that allows hackers to download or edit data and the architecture of the database service, according to a report by cybersecurity company Wiz. The Microsoft Security Response Center published an article on the vulnerability on Friday, saying that Microsoft was contacted…

Breach Notification , Cybercrime , Cybercrime as-a-service University of Hertfordshire Is Among the Latest Victims Akshaya Asokan (asokan_akshaya) • April 17, 2021     The University of Hertfordshire has sustained a cyber incident that severely affected students’ online classes and an assignment submission portal. The university, however, notes the incident did not lead to data…

A researcher is claiming that the credit scores of almost every American were exposed through an API tool used by the Experian credit bureau, that he said was left open on a lender site without even basic security protections. Experian downplayed concerns from the security community that the issue could be systemic.

Three months after air transport data giant SITA reported a data breach, we are still learning about the damage. Air India said this week that personal data of about 4.5 million passengers had been compromised following the incident at SITA, Indian flag carrier airline’s data processor. The stolen information included passengers’ names, credit card details,…