Cybersecurity News
Check to see if you’re vulnerable to Microsoft Exchange Server zero-days using this tool
A CISA alert has been issued to urge admins to check their systems as quickly as possible.Microsoft Exchange Server Exploits Hit Retail, Government, Education
Mandiant researchers identify a range of victims affected in attacks targeting newly reported Microsoft Exchange Server vulnerabilities.At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
At least 30,000 organizations across the United States -- including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.U.S. DoD Weapons Programs Lack ‘Key’ Cybersecurity Measures
The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks.
Microsoft Adopted an 'Aggressive' Strategy for Sharing SolarWinds Attack Intel
Rob Lefferts, corporate vice president for Microsoft 365 Security in Security and Compliance, explains the company's approach to keeping its customers and the industry apprised and updated on its findings from the now-infamous attack.WordPress Injection Anchors Widespread Malware Campaign
Website admins should patch all plugins, WordPress itself and back-end servers as soon as possible.
5 Ways Social Engineers Crack Into Human Beings
These common human traits are the basic ingredients in the con-man's recipe for trickery.
Massive Supply-Chain Cyberattack Breaches Several Airlines
The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers.
Realistic Patch Management Tips, Post-SolarWinds
Patch management and testing are different, exactly the same, and completely out of hand. Here are tips from the experts on how to wrangle patches in a time of malicious software updates.
On International Women's Day 2021, Does the 'Rule of Steve' Still Apply? Yes.
On International Women's Day 2021, gender diversity has improved in cybersecurity, but there is still a long way to go.Critics Blast Google’s Aim to Replace Browser Cookie with ‘FLoC’
EFF worries that the Google's ‘privacy-first” vision for the future may pose new privacy risks.
Week in security with Tony Anscombe
Four zero-days patched in Microsoft Exchange Server – A tale about an unsophisticated criminal – Web trackers in a password manager app
The post Week in security with Tony Anscombe appeared first on WeLiveSecurity
D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant
A new variant of the Gafgyt botnet - that's actively targeting vulnerable D-Link and Internet of Things devices - is the first variant of the malware to rely on Tor communications, researchers say.
Make Sure That Stimulus Check Lands in the Right Bank Account
If you haven't already, it's time to build trust relationships with your financial institutions, using strong security, privacy protections and secure, unique user credentials.FTC joins 38 states in takedown of massive charity robocall operation
Over $110 million was taken from victims who believed they were funding veteran, children, and firefighter charities.$100 in crypto for a kilo of gold: Scammer pleads guilty to investor fraud
The case brings a new meaning to a cryptocurrency gold rush.How ESET’s work on SafetyNet® helps protect children online
For over a decade, ESET and the San Diego Police Foundation have been working together to help keep children safe from online threats
The post How ESET’s work on SafetyNet® helps protect children online appeared first on WeLiveSecurity
Microsoft Exchange zero-day vulnerabilities exploited in attacks against US local governments
Mandiant says attacks are taking place against a wide array of US targets -- local governments included.Cyberattack shuts down online learning at 15 UK schools
The cyberattack also took email, phone, and website communication offline.Airline data hack: hundreds of thousands of Star Alliance passengers' details stolen
IT operator Sita, which serves airlines including Singapore, Lufthansa and United, reports systems breach revealing frequent flyer data
Data on hundreds of thousands of airline passengers around the world has been hacked via a “highly sophisticated” attack on the IT systems operator that serves around 90% of the global aviation industry.
Sita, which serves the Star Alliance of airlines including Singapore Airlines, Lufthansa and United, said on Thursday it had been the victim of a cyber attack leading to a breach of passenger data held on its servers.
Related: Airbus reveals planes sold in last two years will emit over 1bn tonnes of CO2
Continue reading...