Attackers are leveraging two zero-day vulnerabilities (CVE-2022-41040, CVE-2022-41082) to breach Microsoft Exchange servers. News of the attacks broke on Wednesday, when researchers with Vietnamese cybersecurity company GTSC released a warning saying that, “while providing SOC service to a customer, GTSC Blueteam detected exploit requests in IIS logs with the same format as ProxyShell vulnerability.” About…

GTSC, a cybersecurity company based in Vietnam, reported seeing attacks exploiting two new Microsoft Exchange zero-day vulnerabilities. The firm believes the attacks, which were first seen in August and aimed at critical infrastructure, were launched by a Chinese threat group. Technical details on the vulnerabilities have not been made public, but GTSC did say that…

While published trends in ransomware attacks have been contradictory — with some firms tracking more incidents and other fewer — business email compromise (BEC) attacks continue to have proven success against organizations. BEC cases, as a share of all incident-response cases, more than doubled in the second quarter of the year, to 34% from 17%…

Fortifying cybersecurity defenses remains a work in progress for many organizations, who acknowledge their shortcomings but have yet to commit the necessary resources to the effort, new research from CompTIA, the nonprofit association for the information technology (IT) industry and workforce, reveals. “Risk mitigation is the key, the filter through which everything should be viewed.”…

YouMail, the leading provider of call protection services for consumers, enterprises, and service providers, and WMC Global, a 16-year leader in mobile threat intelligence, today announced their joint cybersecurity intelligence solution that safeguards against voice and SMS phishing scams. The partnership between YouMail and WMC Global is a first-of-its-kind offering that protects brands and their…

Veristor Systems, Inc., a trusted provider of transformative business technology solutions, and SANS Security Awareness, the global leader in providing security awareness training, today announce that Veristor has become a certified provider of SANS Security Awareness’ comprehensive suite of products to enable a data-driven approach to cybersecurity training for an organization’s end users. “Researchers from…

Aunalytics, a leading data management and analytics company delivering managed IT and data platform services for mid-sized and enterprise businesses, today initiated its Security Patching Platform, Co-managed Patching as a Service to complement the company’s Advanced Security solution suite. Windows OS and supported 3rd party patch management allow for tighter security in the defense against…

Yesterday, Apple News announced it had disabled the channel of Fast Company, a US-based business magazine, after surprised Twitter users reported it was tweeting offensive comments. Fast Company was hacked on Sunday, September 25. The attacker responsible modified article titles to obscene and racist things: “Hacked by Vinny Troia. [redacted] tongue my [redacted]”, one title…

Since Australian telecoms company Optus disclosed a security breach on September 22, 2022, a lot has been happening. Much of it reads like a movie script. Prologue A hacker acting under the pseudonym “optusdata” claims to have stolen the data of 10 million Optus customers. The information included home addresses, drivers’ licenses, Medicare numbers, and…