Attackers have been actively exploiting a flaw in Rackspace's hosted email service to send phishing emails, bearing legitimate and validated domain names, as part of business email compromise scams, warns IT security testing consultancy 7 Elements. Rackspace tells customers it plans to fix the problem soon.
A recently identified hacking group dubbed UNC1945 used a never-before-seen zero-day vulnerability in the Oracle Solaris operating system to target corporate networks and plant malware, according to FireEye Mandiant. This threat actor is known to focus on telecom, financial and consulting firm targets.
Microsoft plans to patch on Nov. 10 a zero-day kernel vulnerability found by Google's Project Zero bug-hunting team. Google released the details of the flaw after a week because attackers are using it in the wild.
The U.S. government has released additional details that it says further prove that an "Iranian group" sent a series of threatening emails to some Democratic voters in the weeks leading up to the 2020 elections, as part of a disinformation campaign designed to sow confusion.
Microsoft and the U.S. Cybersecurity and Infrastructure Security Agency are urging local government agencies to patch the Netlogon vulnerability known as Zerologon ahead of next Tuesday's presidential election to improve security. A "small number" of attacks exploiting the flaw are continuing, Microsoft says.
Almost eight months after Microsoft warned of a critical vulnerability in Windows called SMBGhost, more than 100,000 unpatched devices remain vulnerable, according to security researchers. The COVID-19 pandemic and ensuing rush to move workers into home offices may have led to delays in applying the fix.
A new online platform called VulnerableThings.com is aiming to become the go-to place for reporting and viewing reports on software flaws in IoT devices. The IoT Security Foundation and Oxford Information Labs say the platform could help vendors comply with new IoT regulations and standards.
The NSA is warning that Chinese-linked hacking groups are exploiting 25 vulnerabilities in software systems and network devices as part of cyberespionage campaigns - which means patching is urgent.
Security experts are urging organizations to patch a newly revealed serious flaw in Microsoft SharePoint as quickly as possible because proof-of-concept exploit code is already available. The U.K.'s National Cyber Security Center warns that hackers frequently target fresh SharePoint flaws.
The Xplora 4 kids smartwatch was shipped with a backdoor that could be activated remotely by an encrypted SMS to take secret screenshots. The manufacturer says the code was mistakenly left in the firmware, and it has issued a patch to remove it.
CISA is warning that sophisticated hacking groups are chaining together vulnerabilities, such as the recent Zerologon bug and other flaws, to target state and local government networks. In some cases, attackers gained access to election support systems.
Microsoft's IoT platform, Azure Sphere, which launched in February, is the company's bet to address the growing security and management problems around connected devices. A three-month bug bounty program for the platform resulted in resolving a number of vulnerabilities and awarding $374,000 in bounties.
Microsoft is warning that hackers with connections to Iran, as well as other threat actors, are attempting to exploit a critical vulnerability in Windows Server dubbed Zerologon, for which it has issued a partial patch.
Eight months after Microsoft issued a critical security update fixing a remote code execution flaw in Exchange Server, more than half of these mail servers in use remain vulnerable to exploits, according to the security firm Rapid7.
Microsoft has issued additional instructions on how to better implement a patch to fix an elevation of privilege vulnerability called Zerologon in Windows Server that affects the Netlogon Remote Protocol. The update comes as Cisco Talos researchers report a spike in attempts to exploit the flaw.
Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.