Security News > 2021 > August

Microsoft Exchange uses two websites; one, the front end, is what users connect to in order to access email. "The front-end website is mostly just a proxy to the back end. To allow access that requires forms authentication, the front end serves pages such as /owa/auth/logon.aspx," according to a Monday posting on the bug from Trend Micro's Zero Day Initiative.

CISA's Bad Practices catalog includes practices the federal agency has deemed "Exceptionally risky" and not to be used by organizations in the government and the private sector as it exposes them to an unnecessary risk of having their systems compromised by threat actors. These dangerous practices are "Especially egregious" on Internet-exposed systems that threat actors could target and compromise remotely.

Technical details have emerged on a serious vulnerability in Microsoft Exchange Server dubbed ProxyToken that does not require authentication to access emails from a target account. An attacker can exploit the vulnerability by crafting a request to web services within the Exchange Control Panel application and steal messages from a victim's inbox.

The LockBit ransomware gang has apparently struck again, having purportedly stolen 103GB worth of files from Bangkok Airways and promising to release them tomorrow, on Tuesday. "LockBit ransomware gang has announced Bangkok Airways on the victim list," DarkTracer tweeted.

Most of the time it's the first; it can be complicated to add security to a running system without affecting how everyone does their jobs-in some cases even the security team. It's a process the initial notification described as Microsoft taking responsibility for its role as a security service and acting "On your behalf to prevent your users from being compromised." As the process continues to roll out, one of the most obvious effects will be on security teams testing their systems and their staff.

Microsoft issued guidance on securing Azure accounts that may be impacted by a recently addressed Cosmos DB critical vulnerability, giving attackers full admin rights to users' data without authorization. To mitigate the risk and block attackers who might've stolen your Cosmos DB primary read-write keys before the vulnerable feature was disabled, Microsoft advises regenerating the Cosmos DB keys.

Robert Chesney wrote up the Solar Winds story as a case study, and it’s a really good summary.

In this interview with Help Net Security, Peter Broadhurst, Maritime Senior VP Safety, Security, Yachting and Passenger, Inmarsat, talks about the impact of cyber threats on passenger vessels and superyachts, and provides an inside look at maritime cybersecurity today. Different vessels have specific vulnerabilities that have driven regulators to act and introduce a new cyber security regime for the industry, requiring commercial shipping, cruise vessels and ferries, and charter and private superyacht sectors to adopt a stricter approach to cyber security.

All AWS Level 1 MSSP Competency Partners provide at minimum the ten 24/7 security monitoring, protection, and remediation services as defined in the Level 1 Managed Security Services baseline. Many of the Level 1 MSSP Competency Partners also provide additional security assessment and implementation professional services as well to assist customers in their AWS cloud journey.

The findings provide a rare glimpse into the voice of the consumer, debunking common myths about consumers' mobile app security expectations with significant implications for CISOs, security teams and others charged with protecting mobile app users. The results offer CISOs key insights into which mobile app threats consumers fear most, which apps consumers expect will have the highest level of security, changes in consumer expectations for mobile app security as a result of COVID-19, and the rising strength of mobile app security expectations across every key demographic and geographic audience.