2022 - Page 6 of 28

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks

Authentication, Cybersecurity Attacks, Messaging Security / Frank Crast / October 7, 2022 / authentication, basic auth, EAS, EWS, Exchange, Exchange Online, IMAP, Microsoft, Oauth, OAuth 2.0, Outlook, POP, RPS, SMTP

Microsoft has disabled Basic authentication in Exchange Online tenants to help fight against password spray attacks. Attackers are stepping up attacks in anticipation, Microsoft warns.

Microsoft disables Basic authentication in Exchange Online to fight password spray attacks Read More »

Google releases Chrome 106 security update with fixes for 2 High severity vulnerabilities

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 3, 2022 / Chrome, Chrome 106, CVE-2022-3370, CVE-2022-3373, Google, iOS

Google has released Chrome 106 (106.0.5249.91) for Windows, Mac and Linux, with fixes for three vulnerabilities (two rated High severity).

Google releases Chrome 106 security update with fixes for 2 High severity vulnerabilities Read More »

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog

Cybersecurity Attacks, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 1, 2022 / Atlassian, CVE-2022-36804, CVE-2022-41040, CVE-2022-41082, Exchange, Microsoft

The Cybersecurity and Infrastructure Security Agency (CISA) has added 3 vulnerabilities to its Known Exploited Vulnerabilities Catalog, to include Microsoft Exchange and Atlassian flaws.

CISA adds 3 vulnerabilities to Known Exploited Vulnerabilities Catalog Read More »

Drupal patches Critical Twig third-party library vulnerability (CVE-2022-39261)

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / October 1, 2022 / CVE-2022-39261, Drupal, Twig

Drupal has patched a Critical Twig third-party library vulnerability (CVE-2022-39261) that affect multiple versions of Drupal Core.

Drupal patches Critical Twig third-party library vulnerability (CVE-2022-39261) Read More »

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities

Messaging Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / October 1, 2022 / CVE-2022-41040, CVE-2022-41082, Exchange, Exchange Server 2019, IIS, Microsoft, PowerSHell, ProxyNotShell, Vulnerabilities, Zero-day

Microsoft has released a new security update for two Microsoft Exchange Server zero-day vulnerabilities (CVE-2022-41040 and CVE-2022-41082) dubbed “ProxyNotShell” under limited targeted attacks in the wild.

Microsoft update for Microsoft Exchange Server zero-day ProxyNotShell vulnerabilities Read More »

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam

Access Control, Authentication, Cloud Security, Cybersecurity Attacks, Messaging Security / Frank Crast / September 25, 2022 / AAD, Cloud, MFA, Microsoft, Oauth

Microsoft has been monitoring a threat actor deploying malicious OAuth apps on compromised cloud tenants to spread spam.

Threat actor deploys malicious OAuth apps on compromised cloud tenants to spread spam Read More »

Sophos Firewall RCE vulnerability (CVE-2022-3236) exploited the wild

Network Security, Security Updates & Patches, Vulnerabilities & Exploits, Zero-days / Frank Crast / September 23, 2022 / CISA, CVE-2022-3236, Firewall, Sophos, Webadmin, Zoho

Sophos has fixed a Sophos Firewall remote code execution (RCE) vulnerability (CVE-2022-3236) exploited in the wild.

Sophos Firewall RCE vulnerability (CVE-2022-3236) exploited the wild Read More »

ISC fixes High risk BIND vulnerabilities, BIND 9 Security Vulnerability Matrix

Security Updates & Patches, Vulnerabilities & Exploits / Frank Crast / September 22, 2022 / BIND, CVE-2022-2906, CVE-2022-3080, CVE-2022-38177, CVE-2022-38178, DNS, ECDSA, ISC

The Internet Systems Consortium (ISC) has released new security updates that fix four High risk vulnerabilities in multiple versions of BIND, as well as BIND 9 Security Vulnerability Matrix.

ISC fixes High risk BIND vulnerabilities, BIND 9 Security Vulnerability Matrix Read More »