Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks

Microsoft has published new detailed analysis of Exchange Server vulnerabilities, cybercriminal groups and post-compromise second stage attack malware. In addition, the tech giant offered sound mitigation guidance.

Continue ReadingMicrosoft: New analysis of Exchange Server vulnerabilities and cyberattacks

3 good examples of how to apply the Zero Trust Security Model

The National Security Agency (NSA) has released new guidelines on the Zero Trust Security Model, a coordinated system management strategy that removes implicit trust in any one system or service and assumes breaches will or have already occurred.

Continue Reading3 good examples of how to apply the Zero Trust Security Model

DHS warns businesses of risks using Chinese tech and data services

The United States Department of Homeland Security (DHS) has published a new advisory warning businesses of the risks using tech and data services linked to the People’s Republic of China (PRC).

Continue ReadingDHS warns businesses of risks using Chinese tech and data services

Cyberattacks against machine learning systems and the new Adversarial ML Threat Matrix

In the wake of an increase in cyber attacks against machine learning (ML) systems, Microsoft along with MITRE and contributions from 11 other organizations, have released the Adversarial ML Threat Matrix.

Continue ReadingCyberattacks against machine learning systems and the new Adversarial ML Threat Matrix

APT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations

Advanced persistent threat actors (APTs) are exploiting multiple legacy vulnerabilities in combination with newer "Zerologon" to target government networks, critical infrastructure, and elections organizations.

Continue ReadingAPT actors exploit legacy internet-facing vulnerabilities in combination with Zerologon to target organizations