Security News > 2021 > March > Week in review: Attacks on Exchange servers escalate, the influence of the Agile Manifesto, O365 phishing
Ongoing Office 365-themed phishing campaign targets executives, assistants, financial departmentsA sophisticated and highly targeted Microsoft Office 365 phishing campaign is being aimed at C-suite executives, executive assistants and financial departments across numerous industries.
As attacks on Exchange servers escalate, Microsoft investigates potential PoC exploit leakMicrosoft Exchange servers around the world are still getting compromised via the ProxyLogon and three other vulnerabilities patched by Microsoft in early March.
Automatically mitigate ProxyLogon, detect IoCs associated with SolarWinds attackers' activitiesMicrosoft has updated its Defender Antivirus to mitigate the ProxyLogon flaw on vulnerable Exchange Servers automatically, while the Cybersecurity and Infrastructure Security Agency has released CHIRP, a forensic tool that can help defenders find IoCs associated with the SolarWinds attackers' activities.
Why is financial cyber risk quantification important?Why are executives pressuring CISOs to start financially quantifying cyber risk for their business? This process allows CISOs to identify and rank risk scenarios that are most critical to their enterprise, based on factors such as which attacks would have the biggest financial impact, and how equipped the company is to defend itself against any given attack.
DDoS attacks surge as cybercriminals take advantage of the pandemicDDoS attacks reached a record high during the pandemic as cybercriminals launched new and increasingly complex attacks, a Link11 report reveals.
The influence of the Agile Manifesto, 20 years onIn the years since the Manifesto was first published, Agile has been adopted by domains outside of software development, including hardware systems, infrastructure, operations, and even business support to name a few.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/EWlrY3pM128/
Related news
- Midnight Blizzard Escalates Spear-Phishing Attacks On Over 100 Organizations (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- Critical RCE bug in VMware vCenter Server now exploited in attacks (source)
- Oracle warns of Agile PLM file disclosure flaw exploited in attacks (source)
- New NachoVPN attack uses rogue VPN servers to install malicious updates (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- GenAI makes phishing attacks more believable and cost-effective (source)
- CERT-UA Warns of Phishing Attacks Targeting Ukraine’s Defense and Security Force (source)