NSA: 5 Security Bugs Under Active Nation-State Cyberattack
Widely deployed platforms from Citrix, Fortinet, Pulse Secure, Synacor and VMware are all in the crosshairs of APT29, bent on stealing credentials and more.
Vulnerabilities
Mandiant Front Lines: How to Tackle Exchange Exploits
Matt Bromiley, senior principal consultant with Mandiant, offers checklists for how small- and medium-sized businesses (SMBs) can identify and clear ProxyLogon Microsoft Exchange infections.
Google Project Zero Cuts Bug Disclosure Timeline to a 30-Day Grace Period
The zero-day flaw research group has revised its disclosure of the technical details of vulnerabilities in the hopes of speeding up the release and adoption of fixes.
The IoT-targeted malware has also added new exploits for initial compromise, for Huawei, Realtek and Dasan GPON devices.
Threat actors targeted compromised Exchange servers to host malicious Monero cryptominer in an “unusual attack,” Sophos researchers discovered.
The vulnerability is triggered when a cloud container pulls a malicious image from a registry.
Not a Gouda situation: An attack on a logistics firm is suspected to be related to Microsoft Exchange server flaw.
In a veritable cyber-SWAT action, the Feds remotely removed the infections without warning businesses beforehand.
Microsoft fixes 110 vulnerabilities, with 19 classified as critical and another flaw under active attack.
How this class of vulnerabilities will impact millions connected devices and potentially wreck the day of IT security professionals.
