Security News

Microsoft says that Office 365 customers can use unlimited disposable recipient email addresses after the Plus Addressing feature rolled out to all Exchange Online users. Plus addressing allows users to create an indefinite number of custom and unique email addresses by adding suffix text strings to their standard address using a '+' delimiter.

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data. APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".

Honeywell announces the launch of Honeywell Secure Media Exchange R201.1, an enterprise software offering to better protect users from advanced malware and firmware-based cybersecurity attacks from USB drives and other removable media. "We are excited to expand Honeywell SMX as an enterprise security solution to include hardware device management with our TRUST V2 ," said Jeff Zindel, vice president and general manager, Honeywell Connected Enterprise Cybersecurity.

Tokyo's Stock Exchange went offline for most of Thursday, its longest-ever outage and a very unwelcome one as it is the world's third-largest bourse, when measured by market capitalisation. The exchange yesterday morning posted news that "a technical glitch occurred to distribution of market data," and the market therefore stopped all trading.

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges - even eight months after Microsoft issued a fix. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft's February Patch Tuesday updates - and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat actors.

Singapore-based cryptocurrency exchange KuCoin over the weekend announced that hackers managed to steal large amounts of cryptocurrencies from multiple hot wallets. On Saturday, the exchange announced that it identified a number of large withdrawals in Bitcoin, ERC-20 and other tokens from its hot wallets, and that it launched an investigation into the matter, while suspending the deposit and withdrawal service.

Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers. The U.S. government is warning that Chinese threat actors have successfully compromised several government and private sector entities in recent months, by exploiting vulnerabilities in F5 BIG-IP devices, Citrix and Pulse Secure VPNs and Microsoft Exchange servers.

"We want to reassure everyone that this event won't stop our journey. After the security audit of renowned global companies, our operations will continue. We will announce the date of the reopening of the ETERBASE Exchange platform as soon as possible." If you're running Multi-Factor Authentication or Palo Alto's Captive Portal interface, an attacker can exploit a buffer overflow to ultimately gain code execution as root.

Slovakian cryptocurrency exchange Eterbase this week announced that hackers breached its systems and stole roughly $5.4 million. Launched in 2019 and based in Bratislava, Slovakia, Eterbase is a centralized exchange that focuses on crypto to SEPA integration.

Cybercriminals successfully plundered another digital cryptocurrency exchange. European cryptocurrency exchange Eterbase this week disclosed a massive breach of its network by an unknown group of hackers who stole cryptocurrencies worth 5.4 million dollars.