Attacker hacked one Microsoft Exchange server to gain access to others
The tactic is sophisticated, with firewalls unlikely to block traffic between Exchange servers and potentially giving such traffic a pass in terms of content inspection.
About SC Media
Patch Management
Microsoft closes new critical Exchange vulnerability, urges patch ‘as soon as possible’
The alert about new exchange bugs come soon after on-premises Exchange customers were told to patch against a campaign actively exploiting a zero-day vulnerability.
Hackers actively targeting unsecured SAP installs, DHS, SAP and Onapsis warn
With a base of 400,000 clients, SAP chief information security officer said this of the alert: “We want them to be aware of what could be the art of the possible.”
Apple patches zero-day targeted for iPhones, iPads and its popular watches
The vulnerability was actively exploited in the wild – the company’s seventh such announcement of a zero-day patch in the past five months.
Companies don’t bother to patch. Should MSPs cut them out of decision process?
Companies continue to be exploited via Microsoft Exchange vulnerabilities due to inaction.
Google fixes five Chrome bugs, including one zero-day exploited in the wild
The latest news from Google warning to patch Chrome vulnerabilities came on the heels of news early last week that the vast majority of Chrome users take close to one month to install a new patch.
Microsoft releases one-click mitigation tool for Exchange Server
Microsoft released a one-click mitigation tool for the Hafnium Exchange Server vulnerabilities that the company hopes will help organizations struggling to update.
Microsoft IE zero-day exploited in wild, could provide unrestricted operating system access
Security pros need to prioritize patching a memory corruption vulnerability flaw found in Internet Explorer 11 and 9, and Edge browsers.
Microsoft releases Hafnium patch for defunct edition of Exchange
In a rare move for a vendor, Microsoft is now offering the same patch for its no-longer-supported Exchange Server 2010 that it introduced last week for all newer editions.
How auto-scanning and scripting helped Exchange attackers rack up victims
The lesson here: malicious actors continue to leverage the combination of automated scanners and scripts to strategically rack up high victim counts, especially when they sense time to inflict damage before patching is running out.
Want to read more?
Next post in Vulnerabilities
