Dec 21, 2022Ravie LakshmananEmail Security / Data Security Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA). "The new exploit method bypasses URL rewrite … [Read more...] about Ransomware Hackers Using New Way to Bypass MS Exchange ProxyNotShell Mitigations
cyber security news today
FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children’s Privacy Law
Dec 20, 2022Ravie LakshmananPrivacy / Data Security Epic Games has reached a $520 million settlement with the U.S. Federal Trade Commission (FTC) over allegations that the Fortnite creator violated online privacy laws for children and tricked users into making unintended purchases in the video game. To that end, the company will pay a record $275 million monetary penalty for … [Read more...] about FTC Fines Fortnite Maker Epic Games $275 Million for Violating Children’s Privacy Law
Google Takes Gmail Security to the Next Level with Client-Side Encryption
Dec 18, 2022Ravie Lakshmanan Google on Friday announced that its client-side encryption for Gmail is in beta to its Workspace and education customers to secure emails sent using the web version of the platform. This development comes at a time when concerns about online privacy and data security are at an all-time high, and it is certainly welcomed by users who value the … [Read more...] about Google Takes Gmail Security to the Next Level with Client-Side Encryption
Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities
Dec 17, 2022Ravie LakshmananServer Security / Network Security Samba has released software updates to remediate multiple vulnerabilities that, if successfully exploited, could allow an attacker to take control of affected systems. The high-severity flaws, tracked as CVE-2022-38023, CVE-2022-37966, CVE-2022-37967, and CVE-2022-45141, have been patched in versions 4.17.4, … [Read more...] about Samba Issues Security Updates to Patch Multiple High-Severity Vulnerabilities
Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
Government entities in Ukraine have been breached as part of a new campaign that leveraged trojanized versions of Windows 10 installer files to conduct post-exploitation activities. Mandiant, which discovered the "socially engineered supply chain" attack around mid-July 2022, said the malicious ISO files were distributed via Ukrainian- and Russian-language Torrent websites. … [Read more...] about Trojanized Windows 10 Installer Used in Cyberattacks Against Ukrainian Government Entities
NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
Dec 16, 2022Ravie LakshmananEncryption / Data Security The U.S. National Institute of Standards and Technology (NIST), an agency within the Department of Commerce, announced Thursday that it's formally retiring the SHA-1 cryptographic algorithm. SHA-1, short for Secure Hash Algorithm 1, is a 27-year-old hash function used in cryptography and has since been deemed broken owing … [Read more...] about NIST Retires 27-Year-Old Widely Used Cryptographic Algorithm
FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms
Dec 15, 2022Ravie LakshmananCyber Attack / DDoS-for-Hire The U.S. Department of Justice (DoJ) on Wednesday announced the seizure of 48 domains that offered services to conduct distributed denial-of-service (DDoS) attacks on behalf of other threat actors, effectively lowering the barrier to entry for malicious activity. It also charged six suspects – Jeremiah Sam Evans Miller … [Read more...] about FBI Charges 6, Seizes 48 Domains Linked to DDoS-for-Hire Service Platforms
Get Latest Security Updates from Microsoft and More
Dec 14, 2022Ravie LakshmananPatch Management / Vulnerability Tech giant Microsoft released its last set of monthly security updates for 2022 with fixes for 49 vulnerabilities across its software products. Of the 49 bugs, six are rated Critical, 40 are rated Important, and three are rated Moderate in severity. The updates are in addition to 24 vulnerabilities that have been … [Read more...] about Get Latest Security Updates from Microsoft and More
Malware Strains Targeting Python and JavaScript Developers Through Official Repositories
Dec 13, 2022Ravie Lakshmanan An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, … [Read more...] about Malware Strains Targeting Python and JavaScript Developers Through Official Repositories
Royal Ransomware Threat Takes Aim at U.S. Healthcare System
Dec 12, 2022Ravie LakshmananHealthcare IT / Ransomware The U.S. Department of Health and Human Services (HHS) has cautioned of ongoing Royal ransomware attacks targeting healthcare entities in the country. "While most of the known ransomware operators have performed Ransomware-as-a-Service, Royal appears to be a private group without any affiliates while maintaining financial … [Read more...] about Royal Ransomware Threat Takes Aim at U.S. Healthcare System