Collaborate Disseminate
For July 2023 Patch Tuesday, Microsoft has delivered 130 patches; among them are four for vulnerabilites actively exploited by attackers, but no patch for CVE-2023-36884, an Office and Windows HTML RCE vulnerability exploited in targeted attacks aimed … Continue reading Microsoft patches four exploited zero-days, but lags with fixes for a fifth (CVE-2023-36884)
Five days have passed since the supply chain attack targeting 3CX customers gained wider public attention, but the software’s manufacturer is yet to confirm how the Windows and macOS desktop apps (based on the Electron software framework) have be… Continue reading 3CX supply chain attack: What do we know?
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks. Continue reading Microsoft: Two New 0-Day Flaws in Exchange Server
Sophos has patched an actively exploited remote code execution vulnerability (CVE-2022-3236) in its Firewall solutions, and has pushed the fix to customers who have automatic installation of hotfixes enabled. If this news triggers a feeling of déjà vu,… Continue reading RCE in Sophos Firewall is being exploited in the wild (CVE-2022-3236)
A critical zero-day vulnerability (CVE-2022-26134) in Atlassian Confluence Data Center and Server is under active exploitation, the software maker has warned on Thursday. There is currently no fix available – though they are expected to be releas… Continue reading Unpatched Atlassian Confluence zero-day exploited, fix expected today (CVE-2022-26134)
It looks like the Russian government-linked hacking group Cozy Bear is back in the election trickery business. The security firm Volexity publicized a spearphishing campaign on Thursday that it identified only days ago, a scheme that uses an election fraud document as a lure. The emails purport to be from the the United States Agency for International Development, with targets including government agencies, research institutions and nongovernmental organizations in the U.S. and Europe. Volexity said it had concluded, with moderate confidence, that Cozy Bear — the group also known as APT29 or the Dukes — was behind the emails. If true, it would be a return to an old favorite subject for Cozy Bear, which the U.S. government and others implicated in the 2016 hacks of the Democratic National Committee and Hillary Clinton’s presidential campaign, among other election interference efforts. More recently, Cozy Bear has garnered attention from the Biden […]
The post Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery appeared first on CyberScoop.
Continue reading Cozy Bear revisits one of its greatest hits, researchers say: election skulduggery
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program. Continue reading A Basic Timeline of the Exchange Mass-Hack
At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. Continue reading At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software
U.S. government cybersecurity agencies warned this week that the attackers behind the widespread hacking spree stemming from the compromise at network software firm SolarWinds used weaknesses in other, non-SolarWinds products to attack high-value targets. According to sources, among those was a flaw in software virtualization platform VMware, which the U.S. National Security Agency (NSA) warned on Dec. 7 was being used by Russian hackers to impersonate authorized users on victim networks. Continue reading VMware Flaw a Vector in SolarWinds Breach?
As the list of known organizations compromised by way of the SolarWinds supply chain attack is slowly growing – according to Reuters, the attackers also breached U.S. Department of Homeland Security’s systems, the State Department, and the … Continue reading SolarWinds hackers’ capabilities include bypassing MFA