Security researchers from Microsoft have discovered a collection of vulnerabilities dubbed “BadAlloc” that affect a broad range of IoT and OT devices in industrial, medical and consumer sectors.
“BadAlloc” vulnerabilities impact broad range of IoT and OT devices Read More »
The Cybersecurity and Infrastructure Security Agency (CISA) has published reports on DearCry ransomware and China Chopper Web Shell malware linked to recent Exchange Server exploits. Attackers can use this malware to further compromise on-premise Microsoft Exchange servers and launch other attacks.
Microsoft has published new detailed analysis of Exchange Server vulnerabilities, cybercriminal groups and post-compromise second stage attack malware. In addition, the tech giant offered sound mitigation guidance.
Microsoft: New analysis of Exchange Server vulnerabilities and cyberattacks Read More »
Cybersecurity experts are warning exploits against organizations worldwide have grown ten-fold after recent Microsoft Exchange Server zero-day vulnerabilities known as “ProxyLogon” were revealed.
Microsoft has released emergency out-of-band security updates to fix multiple Critical vulnerabilities impacting Microsoft Exchange Server 2013, 2016 and 2019, collectively known as “ProxyLogon.” The tech giant also published interim mitigations if organizations can not patch immediately, as well as an IOC detection tool.
Google has released a new Chrome 89 security update (89.0.4389.72) for Windows, Mac and Linux with fixes for multiple vulnerabilities, to include one zero-day vulnerability CVE-2021-21166 exploited in the wild.
Google patches Chrome zero-day (CVE-2021-21166) exploited in the wild Read More »
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
Microsoft open sources CodeQL queries to scan for Solarwinds-like Solorigate activity Read More »
Microsoft has announced the launch of Phase 2 permanent fix for a Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472) that was patched last August.
The Cybersecurity and Infrastructure Security Agency (CISA) has warned the recent compromise by threat actors of SolarWinds poses a ‘grave risk’ to critical infrastructure, government and private sector organizations.
CISA: Threat actors behind SolarWinds hack pose ‘grave risk’ (updated) Read More »
Microsoft issued a new warning of ongoing exploits against a Netlogon protocol vulnerability dubbed Zerologon (CVE-2020-1472).
Microsoft warns of ongoing exploits against Zerologon vulnerability (CVE-2020-1472) Read More »
