Microsoft antivirus tools many users already have installed will now automatically mitigate a critical Exchange Server vulnerability, the lynchpin of several recent campaigns to breach on-premises servers.
The FBI’s Internet Crime Complaint Center (IC3) released its annual report Wednesday, showing a sharp increase in cybercrime, both in quantity and cost in 2020.
Nobody likes a new standard, said TIA CEO David Stehlin. But with security concerns tied to Huawei and SolarWinds still fresh, government and businesses alike need assurance that industry is addressing the problem.
Microsoft released a one-click mitigation tool for the Hafnium Exchange Server vulnerabilities that the company hopes will help organizations struggling to update.
The concept of security ratings, noted by Biden officials, is one that the cybersecurity community has batted around for some time: place a label on the box that says a product is or is not secure, and let consumers create a market around security. But experts say the simplicity of that concept is both its strength and its weakness.
Experts say the idea has merit – if only legislators can balance the promise with the potential liability and burden placed upon industry.
Microsoft confirmed “a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” via its Security Intelligence Twitter account. The ransomware, called DoejoCrypt or DearCry, appears to be the latest threat associated with not patching the Hafnium Exchange Server vulnerabilities Microsoft first announced last week. DoejoCrypt was first noticed on…
Security company ESET is now tracking 10 different threat groups or otherwise unique clusters of breaches that have used a chain of vulnerabilities Microsoft patched in Exchange Server last week.
The sigstore project, a free-to-use software signing certificate authority available to all developers, opens with Google, Purdue University and Red Hat as founding members.
In a rare move for a vendor, Microsoft is now offering the same patch for its no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions.
