Exchange Servers Under Active Attack via ProxyShell Bugs

ESET research reveals that common Android stalkerware apps are riddled with vulnerabilities that further jeopardize victims and expose the privacy and security of the snoopers themselves Mobile stalkerware, also known as spouseware, is monitoring software silently installed by a stalker onto a victim’s device without the victim’s knowledge. Generally, the stalker needs to have physical…

WASHINGTON: A ransomware attack on JBS, the world’s largest meatpacker, by a criminal group likely based in Russia has strengthened the Biden administration’s resolve to hold Moscow responsible for costly cyber assaults: even if they are not directly linked to the Kremlin. US President Joe Biden has launched a review of the threat posed by ransomware…

Even as a massive data breach affecting Air India came to light the previous month, India’s flag carrier airline appears to have suffered a separate cyber assault that lasted for a period of at least two months and 26 days, new research has revealed, which attributed the incident with moderate confidence to a Chinese nation-state…

3rd Party Risk Management , Application Security , Application Security & Online Fraud Cisco NFV Infrastructure Software Users Urged to Patch Immediately Prajeet Nair (@prajeetspeaks) • September 4, 2021     (Photo: Cisco Networks) Cisco has released an urgent software update to fix a critical authentication bug, that can allow an unauthenticated, remote attacker to…

Governance & Risk Management , Patch Management Alert Urges Organizations to Patch as Vulnerabilities Are Exploited Doug Olenick (DougOlenick) • August 27, 2021     Four months after Microsoft released the first security update for three vulnerabilities in several versions of its on-premises Exchange Server software – collectively called ProxyShell – the company has issued…

Endpoint Security , Internet of Things Security Researchers: Kalay Protocol Flaw Could Affect Millions of Connected Devices Scott Ferguson (Ferguson_Writes) • August 17, 2021     Example of how an attacker could exploit a vulnerability in ThroughTek’s Kalay protocol (Source: FireEye) FireEye researchers and the U.S. Cybersecurity and Infrastructure Security Agency are warning about a…