Breach Notification , Legislation & Litigation , Security Operations Bill Would Require Reporting of Critical Infrastructure Attacks Within 72 Hours Scott Ferguson (Ferguson_Writes) • September 1, 2021 Reps. Yvette Clarke and John Katko are supporting the Cyber Incident Reporting for Critical Infrastructure Act of 2021 The House began debate Wednesday on legislation that…
Image: Microsoft Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users’ data without authorization. The flaw, dubbed ChaosDB, impacts Microsoft Azure Cosmos DB, a globally distributed NoSQL database service used by a wide assortment of high-profile customers, including Exxon-Mobil, Mercedes…
Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. An attacker can exploit the vulnerability by crafting a request to web services within the Exchange Control Panel (ECP) application and steal messages from a victim’s inbox. Delegation confusion…
Fraud Management & Cybercrime , Next-Generation Technologies & Secure Development , Ransomware Before Labor Day, Agency Cites Recent Attacks Centered on Holiday Weekends Doug Olenick (DougOlenick) • September 1, 2021 Citing damaging ransomware attacks that it, along with the FBI, has observed over recent holidays, the Cybersecurity and Infrastructure Security Agency issued an…
Check Point Software Technologies has agreed to buy rising star Avanan to deliver cloud email malware protection and expand security to SaaS collaboration suites. The US-based platform security vendor said the combined Check Point-Avanan offering will be the only unified tool on the market to protect the remote workforce from malicious files, URLs and phishing…
Ongoing Campaign Also Uses Malicious CAPTCHA Verification PageMihir Bagwe •August 30, 2021 Phishing email using a Zoom meeting subject line (Source: Microsoft) Microsoft is warning of a “widespread” phishing campaign in which fraudsters use open redirect links to lure users to malicious websites to harvest Office 365 and other credentials, according to a…
Linphone SIP Stack Bug Could Let Attackers Remotely Crash Client Devices | IT Security News 1. September 2021 This article has been indexed from The Hacker News Cybersecurity researchers on Tuesday disclosed details about a zero-click security vulnerability in Linphone Session Initiation Protocol (SIP) stack that could be remotely exploited without any action from a…
A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. SIP is a signaling protocol designed for initiating, maintaining and terminating communication sessions. The protocol is often used for voice, video, instant messaging, and other types of applications….
Federal agencies are warning of potential ransomware attacks targeted at U.S. organizations ahead of Labor Day weekend following cyberattacks during previous holidays this year. The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday issued an alert outlining their concerns, noting that while there was no intelligence around specific threats, other holiday weekends…
A serious vulnerability affecting the Linphone Session Initiation Protocol (SIP) client suite can allow malicious actors to remotely crash applications, industrial cybersecurity firm Claroty warned on Tuesday. SIP is a signaling protocol designed for initiating, maintaining and terminating communication sessions. The protocol is often used for voice, video, instant messaging, and other types of applications….
