Security News

Synopsys Cybersecurity Research Centre has warned of easily triggered denial-of-service vulnerabilities in three popular open-source Internet of Things message brokers: RabbitMQ, EMQ X, and VerneMQ. The message brokers, responsible for handling data sent to or from IoT devices like smart home hubs and door locks, all share a common protocol: Message Queuing Telemetry Transport, first released in 1999 for monitoring oil pipelines and since repurposed for a variety of home and industrial automation tasks. Any disruption in MQTT messaging could potentially leave users locked out of their homes and offices.

Cisco and AT&T are making it easier for businesses to adapt to the future of work, whatever it may be. "Our Webex solutions transformed the cloud calling experience and combine enterprise-calling features with market-leading virtual meetings and collaboration technology - all within the Webex App. And we're proud to work with AT&T to provide its customers and employees with the tools and technologies they require to thrive in the new hybrid workplace."

Exploits for vulnerabilities in Microsoft's Office suite were the most popular among cyber-attackers during the first quarter of this year, according to a new Kaspersky report. Microsoft Office exploits accounted for more than half of the observed exploits, with CVE-2017-11882 remaining the most commonly targeted vulnerability.

The latest scam includes pelting recipients with emails purportedly from their CIOs welcoming employees back into offices. The spoofed CIO email prompts victims to link to a fake Microsoft SharePoint page with two company-branded documents, both outlining new business operations.

Microsoft is investigating an Office 365 issue causing Outlook and Exchange Online emails to skip recipients' inboxes and being sent their junk folders instead. "We're investigating an issue in which email is being sent to the junk folder," Microsoft shared on the company's Microsoft 365 Status Twitter account. The Microsoft 365 Service health status page is currently directing customers to the Microsoft 365 Status Twitter account for more details regarding this ongoing incident.

Businesses operating in the word of infosec have been urged to write to the Home Office and support a public interest defence being added to the Computer Misuse Act. On a TechUK-organised call to discuss industry's response to the review of the act, British and overseas companies operating in the UK were urged by both the industry body and the Cyberup campaign to tell UK.gov what they think the law ought to say.

Organizations need to revisit their privileged access permissions and double down on their security strategy to protect their data and people from being exposed in the next big data breach. As companies move to a hybrid model, it's important to look closely at which employees may have been granted additional access during the shift to working remotely and reassess who has privileged access now to minimize this threat.

The Orbi Pro WiFi 6 Mini Dual-band Mesh System with its attractive price point is designed for small businesses and home-based offices. With an WiFi 6 multi-node mesh system, the base configuration of an Orbi Pro WiFi 6 Mini system comprises a router and a satellite.

Abnormal Security removed the blog post after receiving legal notice from Zix. Through their PR agency, Zix contacted us to say that the blog post was removed because they believe it contained multiple false and misleading statements, and they asked us to remove our article or issue a retraction.

Microsoft is working on addressing an Office 365 issue that has resulted in legitimate emails sent from multiple domains getting tagged as malicious and quarantined. "Users having multiple issues related to email flow, links within email messages and the Microsoft Defender portal," Microsoft says in the Microsoft 365 admin center.