Security News
Get hired in cybersecurity: Expert tips for job seekersIn this Help Net Security interview, Joseph Cooper, Cybersecurity Recruiter at Aspiron Search, offers practical advice for job seekers and talks about how the cybersecurity profession continues to expand. Admins, patch your Cisco enterprise security solutions!Cisco has released security updates for several of its enterprise security and networking products.
A new malware dubbed 'ProxyShellMiner' exploits the Microsoft Exchange ProxyShell vulnerabilities to deploy cryptocurrency miners throughout a Windows domain to generate profit for the attackers. ProxyShell is the name of three Exchange vulnerabilities discovered and fixed by Microsoft in 2021.
Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services that stealthily executes commands sent via web requests. Microsoft IIS is a web server software that acts as a web server and a web app hosting platform for services like Outlook on the Web for Microsoft Exchange.
We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.
The updates are in addition to 22 flaws the Windows maker patched in its Chromium-based Edge browser over the past month. "The attack itself is carried out locally by a user with authentication to the targeted system," Microsoft said in advisory for CVE-2023-21715.
Intel needs its own box for its bugs.... Intel dumped more than 30 security advisories on the world today, with updates and mitigations for folks to install or follow. Vulnerabilities in the Intel Media SDK can be exploited to gain privileges or crash software.
We counted 75 CVE-numbered bugs dated 2023-02-14, given that this year's February updates arrived on Valentine's Day. We extracted a list and included it below, sorted so that the bugs dubbed Critical are at the top.
Microsoft says that some WSUS servers upgraded to Windows Server 2022 might fail to push Windows 11, version 22H2 updates released during this month's Patch Tuesday to endpoints across enterprise environments. This known issue only affects WSUS servers upgraded from Windows Server 2016 or Windows Server 2019.
Microsoft has reminded admins that Exchange Server 2013 is reaching its extended end-of-support date in 60 days, on April 11, 2023. The first version of Exchange Server 2013 was released in January 2013, and it reached its mainstream end date four years ago, in April 2018.
The February 2023 Patch Tuesday is upon us, with Microsoft releasing patches for 75 CVE-numbered vulnerabilities, including three actively exploited zero-day flaws. "The attack itself is carried out locally by a user with authentication to the targeted system. An authenticated attacker could exploit the vulnerability by convincing a victim, through social engineering, to download and open a specially crafted file from a website which could lead to a local attack on the victim computer," Microsoft explains.