September 2022 – PossibleThreat Articles

Credit to Author: Katie McCafferty| Date: Sat, 01 Oct 2022 04:21:00 +0000

MSTIC observed activity related to a single activity group in August 2022 that achieved initial access and compromised Exchange servers by chaining CVE-2022-41040 and CVE-2022-41082 in a small number of targeted attacks.

The post Analyzing attacks using the Exchange vulnerabilities CVE-2022-41040 and CVE-2022-41082 appeared first on Microsoft Security Blog.

MalwareBytes Security

Two new Exchange Server zero-days in the wild

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Exploits and vulnerabilities, news, proxyshell, rce, remote powershell, ssrf, web shell

Categories: Exploits and vulnerabilities

Categories: News

Tags: Exchange

Tags: ProxyShell

Tags: remote PowerShell

Tags: web shell

Tags: CVE-2022-41040

Tags: CVE-2022-41082

Tags: SSRF

Tags: RCE

Two ProxyShell-like vulnerabilities are being used to exploit Microsoft Exchange Servers

(Read more…)

The post Two new Exchange Server zero-days in the wild appeared first on Malwarebytes Labs.

MalwareBytes Security

FCC moves to block robotexts

September 30, 2022 0 Comments news, scams

Categories: News

Categories: Scams

The Federal Communications Commission wants mobile carriers to block spam texts at the network level.

(Read more…)

The post FCC moves to block robotexts appeared first on Malwarebytes Labs.

Security TrendMicro

Common Cloud-Native Security Misconfigurations & Fixes

September 30, 2022 0 Comments trend micro devops : article, trend micro devops : aws, trend micro devops : azure, trend micro devops : cloud native, trend micro devops : compliance, trend micro devops : how to, trend micro devops : multi cloud

Credit to Author: Michael Langford| Date: Fri, 30 Sep 2022 00:00:00 +0000

Cloud configuration errors are a major concern for modern DevOps teams, introducing a new attack surface with numerous potential points of vulnerability. Read on to discover some of the most common errors and learn how to resolve them.

Independent Krebs Security

Microsoft: Two New 0-Day Flaws in Exchange Server

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, gtsc, Latest Warnings, microsoft exchange server zero-day, steven adair, The Coming Storm, Time to Patch, volexity, zimbra collaboration suite

Credit to Author: BrianKrebs| Date: Fri, 30 Sep 2022 16:51:57 +0000

Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.

Security Sophos

URGENT! Microsoft Exchange double zero-day – “like ProxyShell, only different”

September 30, 2022 0 Comments cve-2022-41040, cve-2022-41082, exchange, Microsoft, vulnerability, zero day

Credit to Author: Paul Ducklin| Date: Fri, 30 Sep 2022 13:25:11 +0000

Double-play 0-day in Exchange – what you need to know, and what you can do

Security Sophos

S3 Ep102: How to avoid a data breach [Audio + Transcript]

September 30, 2022 0 Comments data breach, gta6, Naked Security Podcast, Podcast, uber, whatsapp forwarding

Credit to Author: Paul Ducklin| Date: Thu, 29 Sep 2022 18:45:29 +0000

Latest episode – listen now! Tell fact from fiction in hyped-up cybersecurity news…

Security Wired

Go Update iOS, Chrome, and HP Computers to Fix Serious Flaws

September 30, 2022 0 Comments Security, Security / Security Advice

Credit to Author: Kate O’Flaherty| Date: Fri, 30 Sep 2022 11:00:00 +0000

Plus: WhatsApp plugs holes that could be used for remote execution attacks, Microsoft patches a zero-day vulnerability, and more.

Security Wired

A Matrix Update Patches Serious End-to-End Encryption Flaws

September 30, 2022 0 Comments Security, Security / Cyberattacks and Hacks

Credit to Author: Dan Goodin, Ars Technica| Date: Thu, 29 Sep 2022 16:00:00 +0000

The messenger protocol had gained popularity for its robust security, but vulnerabilities allowed attackers to decrypt messages and impersonate users.

MalwareBytes Security

Local government cybersecurity: 5 best practices

September 29, 2022 0 Comments Business

Categories: Business

With a few best practices, local governments can improve their cybersecurity posture and make it less likely that threat actors attack their systems. We’ll break down five best practices for local government cybersecurity in this post.

(Read more…)

The post Local government cybersecurity: 5 best practices appeared first on Malwarebytes Labs.

← Previous