Zoom recommends users upgrade their Zoom client to version 5.10.0 to fix an XMPP vulnerability chain that could enable an attacker to execute remote code and compromise another user over Zoom chat.
The National Institute of Standards and Technology (NIST) has issued the NIST SP 800-47 Rev. 1 Managing the Security of Information Exchanges.
The U.S. Justice Department has announced the seizure of domains used in Nobelium spear-phishing attacks previously identified by Microsoft last week.
The Microsoft Threat Intelligence Center (MSTIC) has uncovered a “sophisticated email-based attack” operated by NOBELIUM, as part of a wide-scale malicious email campaign.
Samba has released a software update to fix a vulnerability (CVE-2021-20254) that could allow an attacker unauthorized access to files. A remote attacker could take advantage of this bug and exploit unpatched systems.
SonicWall has released urgent patches for Critical Email Security product zero-day vulnerabilities CVE-2021-20021, CVE-2021-20022 and CVE-2021-20023.
Samba has released software updates to fix two High severity security vulnerabilities (CVE-2020-27840 and CVE-2021-20277) that impact Samba products. A remote attacker could take advantage of these bugs and exploit unpatched systems.
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued an urgent joint cybersecurity advisory on the Microsoft Exchange vulnerability exploits, collectively known as “ProxyLogon.”
Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.
Hackers are using thousands of legitimate emails accounts to launch impersonation and business email compromise (BEC) attacks against thousands of organizations.
