2022 - Page 3 of 28

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA

Authentication, Cloud Security, Cybersecurity Articles, Cybersecurity Attacks, Identity & Access Management / Frank Crast / November 22, 2022 / AitM, Azure, credentials, Microsoft, pass-the-cookie, phishing

The Microsoft Detection and Response Team (DART) has spotted an increase in attackers using token theft in the cloud to compromise corporate systems while bypassing multi-factor authentication (MFA) and other authentication controls.

Microsoft: Attackers are increasingly using token theft in cyberattacks to bypass MFA Read More »

Researchers warn shoppers to beware of Black Friday hacker scams

Messaging Security, Phishing, Social Engineering / Frank Crast / November 20, 2022 / Black Friday, Check Point, Cyberscam, phishing

Researchers from Check Point Research are warning shoppers to beware of Black Friday hacker “holiday special” scams.

Researchers warn shoppers to beware of Black Friday hacker scams Read More »

Mozilla releases Firefox 107 with fixes for 8 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 20, 2022 / CVE-2022-45403, CVE-2022-45404, CVE-2022-45405, CVE-2022-45406, CVE-2022-45407, CVE-2022-45408, CVE-2022-45409, CVE-2022-45421, Firefox 107, Mozilla

The Mozilla Foundation has patched eight High risk vulnerabilities in Firefox 107, as well as a number of other bug fixes.

Mozilla releases Firefox 107 with fixes for 8 High severity vulnerabilities Read More »

ProxyNotShell POC exploit code released

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 20, 2022 / CVE-2021-34473, CVE-2022-41040, CVE-2022-41082, Exploit, POC, ProxyNotShell, ProxyShell

A security researcher has released proof-of-concept (PoC) exploit code for Microsoft Exchange ProxyNotShell vulnerabilities (CVE-2022-41040 and CVE-2022-41082).

ProxyNotShell POC exploit code released Read More »

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Windows and Samsung vulnerabilities)

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 12, 2022 / CVE-2021-25337, CVE-2021-25369, CVE-2021-25370, CVE-2022-41073, CVE-2022-41091, CVE-2022-41125, CVE-2022-41128, Samsung, Windows

The Cybersecurity and Infrastructure Security Agency (CISA) has added seven (7) vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Windows and Samsung vulnerabilities.

CISA adds 7 vulnerabilities to Known Exploited Vulnerabilities Catalog (to include Windows and Samsung vulnerabilities) Read More »

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update)

Cybersecurity Attacks, Messaging Security, Vulnerabilities & Exploits / Frank Crast / November 12, 2022 / CVE-2022-24682, CVE-2022-27924, CVE-2022-27925, CVE-2022-30333, CVE-2022-37042, Exploit, Vulnerabilities, ZCS, Zimbra, Zimbra Collaboration Suite

The Cybersecurity and Infrastructure Security Agency (CISA) and the Multi-State Information Sharing & Analysis Center (MS-ISAC) have published a joint security alert for multiple vulnerabilities against Zimbra Collaboration Suite (ZCS).

Cyber threat actors exploit Zimbra Collaboration Suite vulnerabilities (update) Read More »

Chrome 107 security update fixes for 6 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 12, 2022 / Chrome 107, CVE-2022-3885, CVE-2022-3886, CVE-2022-3887, CVE-2022-3888, CVE-2022-3889, CVE-2022-3890

Google has released Chrome 107.0.5304.110 for Mac and Linux and 107.0.5304.106/107 for Windows with fixes for six High severity vulnerabilities.

Chrome 107 security update fixes for 6 High severity vulnerabilities Read More »

Apple releases security updates for iOS 16.1.1 and macOS Ventura 13.0.1

Mobile Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 11, 2022 / CVE-2022-40303, CVE-2022-40304, iOS, iOS1611, Ventura, Ventura1301

Apple has released security updates for iOS 16.1.1, iPadOS 16.1.1, and macOS Ventura 13.0.1 that address multiple vulnerabilities.

Apple releases security updates for iOS 16.1.1 and macOS Ventura 13.0.1 Read More »

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell)

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / November 11, 2022 / CVE-2022-3602, CVE-2022-3786, CVE-2022-41040, CVE-2022-41073, CVE-2022-41082, CVE-2022-41091, CVE-2022-41125, CVE-2022-41128, Exchange, ProxyNotShell

The Microsoft November 2022 Security Updates includes patches and advisories for 65 vulnerabilities, including 6 zero-days and 10 Critical severity issues.

Microsoft November 2022 Security Updates addresses 65 vulnerabilities (6 zero-days to include ProxyNotShell) Read More »

Cisco released security advisory for OpenSSL vulnerabilities affecting Cisco products

Network Security, Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / November 5, 2022 / Cisco, CVE-2022-3602, CVE-2022-3786, IOT, OpenSSL, X.509

Cisco has released a security advisory for OpenSSL vulnerabilities affecting Cisco products.

Cisco released security advisory for OpenSSL vulnerabilities affecting Cisco products Read More »