Exchange/Outlook Autodiscover Bug Spills $100K+ Email Passwords
Hundreds of thousands of email credentials, many of which double as Active Directory domain credentials, came through to credential-trapping domains in clear text.
Vulnerabilities
Critical Cisco Bugs Allow Code Execution on Wireless, SD-WAN
Unauthenticated cyberattackers can also wreak havoc on networking device configurations.
Apple Patches 3 More Zero-Days Under Active Attack
One of the bugs, which affects macOS as well as older versions of iPhones, could allow an attacker to execute arbitrary code with kernel privileges.
Casey Ellis, founder, CTO and chairman of Bugcrowd, discusses a roadmap for lowering risk from cyberattacks most effectively.
A high-severity vulnerability could cause system crashes, knocking out sensors, medical equipment and more.
A custom “SparrowDoor” backdoor has allowed the attackers to collect data from targets around the globe.
The issue lies in a parental-control function that’s always enabled by default, even if users don’t configure for child security.
All a user needs to do is click on an email attachment, and boom – the code is silently executed without the victim knowing. It affects Big Sur and prior versions of macOS.
UPDATE: Malicious actors are already scanning honeypots, looking for servers vulnerable to the critical arbitrary file upload flaw in vCenter servers’ Analytics service.
The initiative, run by HackerOne, aims to uncover dangerous code repository bugs that end up going viral across the application supply-chain.
