Security News

Corporate boards pressure CISOs to step up risk mitigation efforts
2023-04-26 03:00

The top challenges when implementing an effective cyber/IT risk management program include an increase in the quantity and severity of cyber threats, a lack of funding and a lack of staffing/cyber risk talent. Given the financial and reputational consequences of cyberattacks, corporate board rooms are putting pressure on CISOs to identify and mitigate cyber/IT risk.

Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
2022-12-21 07:41

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution through Outlook Web Access. "The new exploit method bypasses URL rewrite mitigations for the Autodiscover endpoint," CrowdStrike researchers Brian Pitchford, Erik Iker, and Nicolas Zilio said in a technical write-up published Tuesday.

Sneaky hackers reverse defense mitigations when detected
2022-12-05 20:08

A financially motivated threat actor is hacking telecommunication service providers and business process outsourcing firms, actively reversing defensive mitigations applied when the breach is detected. The attacks have been attributed with low confidence to hackers tracked as 'Scattered Spider,' who demonstrate persistence in maintaining access, reversing mitigations, evading detection, and pivoting to other valid targets if thwarted.

Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
2022-10-08 05:13

Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".

Microsoft updates mitigation for ProxyNotShell Exchange zero days
2022-10-05 12:58

Microsoft has updated the mitigations for the latest Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, also referred to ProxyNotShell.Reported privately to Microsoft three weeks ago, CVE-2022-41040 is a server-side request forgery that enables privilege escalation and works with CVE-2022-41082 to trigger remote code execution on on-premise Exchange server deployments.

Mitigation for Exchange Zero-Days Bypassed! Microsoft Issues New Workarounds
2022-10-05 05:31

Microsoft has revised its mitigation measures for the newly disclosed and actively exploited zero-day flaws in Exchange Server after it was found that they could be trivially bypassed. The two vulnerabilities, tracked as CVE-2022-41040 and CVE-2022-41082, have been codenamed ProxyNotShell due to similarities to another set of flaws called ProxyShell, which the tech giant resolved last year.

Microsoft Exchange server zero-day mitigation can be bypassed
2022-10-03 14:21

Microsoft has shared mitigations for two new Microsoft Exchange zero-day vulnerabilities tracked as CVE-2022-41040 and CVE-2022-41082, but researchers warn that the mitigation for on-premise servers is far from enough. Threat actors are already chaining both of these zero-day bugs in active attacks to breach Microsoft Exchange servers and achieve remote code execution.

Duo Helps Organizations with ACSC Mitigation Strategies
2022-09-01 00:00

Cyberattacks in Australia continue to rise year after year. Over the 2020-21 financial year, Australia saw a 13% increase in reported cybercrime.

Duo Helps Organisations with ACSC Mitigation Strategies
2022-09-01 00:00

Cyberattacks in Australia continue to rise year after year. Over the 2020-21 financial year, Australia saw a 13% increase in reported cybercrime.

Microsoft shares mitigation for Office zero-day exploited in attacks
2022-05-31 09:18

Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. The bug is a Microsoft Windows Support Diagnostic Tool remote code execution vulnerability reported by crazyman of the Shadow Chaser Group.