Exchange Servers Under Active Attack via ProxyShell Bugs

Security researchers have found a long-standing vulnerability in the Azure Cosmos DB fully managed non-structured query language database, which allows attackers to remotely take over the information store with a trivial exploit. Named ChaosDB, the vulnerability gives any Azure user full administrative access to other customers’ Cosmos DB instances, security vendor Wiz Research Team said….

Application Security , Cybercrime , Device Identification Swiss Citizen Allegedly Leaked Victims’ Stolen Data, Including Source Code Jeremy Kirk (jeremy_kirk) , Mathew J. Schwartz (euroinfosec) • March 19, 2021     A Swiss national who recently highlighted flaws in internet-connected Verkada surveillance cameras has been charged with hacking. See Also: Top 50 Security Threats …

Below is a political opinion column by Senator Roger Wicker: Cyber Hacks Threaten U.S. Energy, Food Supply On May 7, criminal hackers launched a cyberattack on Colonial Pipeline, the largest gas pipeline serving the United States. The company was temporarily forced to shut down its pipeline, disrupting energy supplies running from the Gulf Coast to…

A British trade union is demanding an apology from the West Midlands Trains rail company for running a phishing readiness test disguised as a bonus payment reward for staff that worked through the Covid-19 pandemic. The Transport Salaried Staffs’ Association (TSSA) published the text of the phishing email, which was made to look like it…

3rd Party Risk Management , Cybercrime , Fraud Management & Cybercrime Discussion Also Tackles Vendor Security Issues Anna Delaney (annamadeline) • July 16, 2021     Clockwise, from top left: Tom Field, Anna Delaney, Scott Ferguson and Marianne Kolbasuk McGee In the latest weekly update, four…