We urge organizations to patch Proxylogon (CVE-2021-26855) and related vulnerabilities (CVE-2021-26857, CVE-2021-26858, CVE-2021-27065) in Microsoft Exchange Server and investigate for potential compromise within their networks. Here’s how Tenable products can help. Background Following Microsoft’s out-of-band advisory for four zero-day vulnerabilities in Microsoft Exchange Server that were exploited in the wild by a nation-state threat actor known as HAFNIUM, multiple reports have emerged that over 30,000 organizations may have been compromised as a result of these…

Security chaos engineering helps you find holes in your cyber defenses before hackers do Length: 5:26 | Mar 8, 2021 This approach is all about data and resilience, not deliberately sabotaging your own network, according to two cybersecurity experts. Source link

Cybercriminals are racing to exploit four zero-day bugs in Exchange before more organizations can patch them. Image: Microsoft Organizations that run Microsoft Exchange Server are being urged to apply several bug fixes to the program in response to a hack from a Chinese cybercriminal group. The attack has sparked concern among everyone from security experts to the White House. Early last week, Microsoft revealed that a China-based group called Hafnium has been launching cyberattacks against…

Virginia governor Ralph Northam has signed a new state data protection act into law.  The Virginia Consumer Data Protection Act (CDPA) requires people conducting business in the Commonwealth of Virginia to comply with a novel set of data security and privacy requirements.  The CDPA, which mirrors some of the provisions laid out in the EU’s General Data Protection Regulation (GDPR), comes into effect on January 1, 2023.  Businesses found to have violated the CDPA will…

An ongoing network outage at a university in Texas is believed to have been caused by a malicious hack. The computer network of the University of Texas at El Paso was turned off out of caution after a “potentially malicious intrusion” was detected in the early hours of Friday morning. Email and the server hosting the university’s website were affected by the incident, forcing faculty and students to communicate via Blackboard. The cyber-attack has also…

British tech company TiG Data Intelligence has successfully completed the acquisition of identity and security company ThirdSpace.  ThirdSpace began life in 2002 as Oxford Computer Group UK. The company’s first ever client, University West of England, is still working with them today. Operating as a specialist arm of TiG, ThirdSpace will retain its independent capability and expertise and its current management structure.  “We are delighted to be realising one of ThirdSpace’s strategic goals in expanding our security capabilities…

The REvil ransomware operators are using DDoS attacks and voice calls to journalists and victim’s business partners to force victims to pay the ransom. The REvil/Sodinokibi ransomware operators announced that they are using DDoS attacks and voice calls to victim’s business partners and journalists to force the victims into pay the ransom. The announcement shows an improvement in the double-extortion tactic, which doesn’t limit to threatening the victims to leak the stolen files in case…