RSS_Virtulization

Less than half of employees feel their organization’s cybersecurity has strengthened since the start of COVID-19, says Lynx Software. Image: iStock/poike The coronavirus outbreak and lockdown forced many organizations to close their offices and shift employees to a remote work setup. But such a quick and abrupt transition opened the door to a host of security risks, especially from people who are unaccustomed to working remotely. A report released Wednesday by software vendor Lynx Software…

The European Banking Authority (EBA) disclosed a cyberattack that resulted in the hack of its Microsoft Exchange email system. The European Banking Authority announced that it was the victim of a cyber attack against its email system that exploited recently disclosed zero-day vulnerabilities in Microsoft Exchange. On March 2nd, Microsoft has released emergency out-of-band security updates that address four zero-day issues (CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065) in all supported Microsoft Exchange versions that are actively exploited in…

There are more than 10 different advanced persistent threat (APT) groups exploiting recent Microsoft Exchange vulnerabilities, according to ESET research. Last week, Microsoft released out-of-band patches to fix multiple zero-day vulnerabilities believed to be being exploited by Chinese state-sponsored group Hafnium. The step was taken to protect customers running on-premises versions of Microsoft Exchange Server. However, today (March 10), ESET claimed the number of APT groups exploiting the vulnerabilities is believed to be in double-figures,…

Employees at Fortune 500 companies were found using passwords that could be hacked in less than a second, according to NordPass. Image: iStock/sasun bughdaryan Relying on passwords for security has become increasingly problematic. Devising and remembering a complex password for every account and website is virtually impossible on your own. Yet using weak and simple passwords is a recipe for data breaches, account takeovers, and other forms of cyberattack. A report released Wednesday by password…

On February 8, the world learned about a digital attack at the water treatment plant serving the 15,000-person City of Oldsmar, Florida. An operator at the water treatment plant observed someone remotely take control of his mouse and use it to change the setting of sodium hydroxide within the water from 100 parts per million (ppm) to 11,100 ppm. This change could have endangered public health if the operator had not immediately undone the attacker’s…

Microsoft released fixes for over 80 CVEs in yesterday’s Patch Tuesday update round, including a zero-day bug and several publicly disclosed vulnerabilities. In a week dominated by the exploitation on a massive scale of four zero-day Exchange Server flaws patched out-of-band by Microsoft last week, there’s yet more to do for sysadmins. The first is yet another zero-day, this time in Internet Explorer. “CVE-2021-26411 is a memory corruption vulnerability that could allow an attacker to target…