US Government Details Tools Used by APTs in Defense Organization Attack

The NSA, FBI and CISA have issued an alert describing the tools and techniques used by advanced persistent threat (APT) actors in an attack aimed at an unnamed defense industrial base organization in the United States.
read more Continue reading US Government Details Tools Used by APTs in Defense Organization Attack

Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed

A mitigation proposed by Microsoft and others for the new Exchange Server zero-day vulnerabilities named ProxyNotShell can be easily bypassed, researchers warn.
The security holes, officially tracked as CVE-2022-41040 and CVE-2022-41082, can allow an a… Continue reading Mitigation for ProxyNotShell Exchange Vulnerabilities Easily Bypassed

Microsoft Links Exploitation of Exchange Zero-Days to State-Sponsored Hacker Group

Microsoft has been investigating the attacks exploiting the new Exchange Server zero-day vulnerabilities and believes that a single state-sponsored threat group has been using them in highly targeted attacks.
read more Continue reading Microsoft Links Exploitation of Exchange Zero-Days to State-Sponsored Hacker Group