SAP warns of malicious activity targeting unpatched systems

A timely warning to keep systems patched has appeared, via a jointly-released report from Onapsis and SAP. The report details how threat actors are “targeting and potentially exploiting unprotected mission-critical SAP applications”. Some of the vulnerabilities used were weaponised fewer than 72...

15 Cybersecurity Pitfalls and Fixes for SMBs

Small- to medium-sized businesses SMBs, those with 100 employees or less, are more vulnerable than ever to catastrophic cybersecurity breaches and attacks. The good news is that there are many things they can do, with extraordinarily little added investment, that will help IT managers lock down...

Building a Fortress: 3 Key Strategies for IT Security

Last year and early spring has been undoubtedly tough for cybersecurity. We’ve seen one of – if not the – worst cyberattacks on U.S. companies and government agencies in the last decade; and the ProxyLogon Microsoft Exchange vulnerabilities continue to be dangerous. Knowing just how vulnerable ma...

SolarWinds Patches Four New Vulnerabilities in Their Orion Platform

On Thursday, March 25, 2021, SolarWinds released fixes for four new vulnerabilities in their Orion platform, the most severe of which is an authenticated remote code execution flaw due to a JSON deserialization weakness. Fixes for these weaknesses are in Orion Platform 2020.2.5. ‌‌Given the...

Microsoft Exchange Servers See ProxyLogon Patching Frenzy

The patching level for Microsoft Exchange Servers that are vulnerable to the ProxyLogon group of security bugs has reached 92 percent, according to Microsoft. The computing giant tweeted out the stat earlier this week – though of course patching won’t fix already-compromised machines. Still, that...

Adobe ColdFusion 2016.x < 2016u17 / 2018.x < 2018u11 / 2021.x < 2021u1 Improper Input Validation RCE (APSB21-16)

The version of Adobe ColdFusion installed on the remote Windows host is prior to 2016.x update 17, 2018.x update 11, or 2021.x update 1. It is, therefore, affected by an unspecified input validation vulnerability as referenced in the APSB21-16 advisory that could allow remote arbitrary code...

Energy Giant Shell Is Latest Victim of Accellion Attacks

Energy giant Royal Dutch Shell is the latest victim of a series of attacks on users of the Accellion legacy File Transfer Appliance FTA product, which already has affected numerous companies and been attributed to the FIN11 and the Clop ransomware gang. “Shell has been impacted by a data-security...

Security Bulletin: IBM Kenexa LMS On Premise -[All] jQuery (Publicly disclosed vulnerability) - CVE-2020-11023, CVE-2020-11022

Summary We have identified that the IBM Kenexa LMS On Premise is affected by one or more security vulnerabilities. These have been addressed in LMS 6.1.0 version. Vulnerability Details CVEID: CVE-2020-11023 DESCRIPTION: jQuery is vulnerable to cross-site scripting, caused by improper validation o...

Netop Vision Pro - Distance Learning Software is 20/20 in Hindsight

ARCHIVED STORY Netop Vision Pro – Distance Learning Software is 20/20 in Hindsight By Sam Quinn · MAR 21, 2021 · 27 MIN READ The McAfee Labs Advanced Threat Research team is committed to uncovering security issues in both software and hardware to help developers provide safer products for...

Microsoft Releases Exchange On-premises Mitigation Tool

Microsoft has released the Exchange On-premises Mitigation Tool EOMT.ps1 that can automate portions of both the detection and patching process. Microsoft stated the following along with the release: "the tool is intended to help customers who do not have dedicated security or IT teams to apply...

Microsoft Exchange and Verkada Hacks: Isolate Your Apps and APIs from the Internet Cesspool

It's been an interesting start to March in terms of public security incidents. This month kicked off with multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server. And, as if that wasn't enough, that attack was quickly followed by the news that a hacktivis...

Cybersecurity Bug-Hunting Sparks Enterprise Confidence

Nearly three-quarters of IT security professionals 73 percent surveyed say they prefer to buy technology and services from vendors who are proactive about security, including leveraging ethical hacking and having transparent communications about vulnerabilities. But less than half of vendors...

SYS.2.3.A4

Der Client MUSS zeitnah rebootet werden, nachdem der Kernel des Betriebssystems aktualisiert wurde. Ist dies nicht moeglich, MUSS alternativ Live-Patching des Kernels aktiviert werden. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, a...

Ransomware is targeting vulnerable Microsoft Exchange servers

The Microsoft Exchange attacks using the ProxyLogon vulnerability, and previously associated with the dropping of malicious web shells, are taking on a ransomware twist. Until now, the name of the game has been compromise and data exfiltration, with a bit of cryptomining on the side. To summarise...

TAU Threat Advisory: Microsoft Exchange Servers Targeted with Four Zero-day Exploits

The following advisory from VMware Threat Analysis Unit TAU is to provide guidance, best practices and capabilities to identify risk, prevent, detect and respond to this emerging threat. Summary On March 2, 2021 Microsoft announced four zero-day vulnerabilities CVE-2021-26855, CVE-2021-26857,...

CISA Orders Fed Agencies to Patch Exchange Servers

Hot on the heels of Microsoft’s announcement about active cyber-espionage campaigns that are exploiting four serious security vulnerabilities in Microsoft Exchange Server, the U.S. government is mandating patching for the issues. The news comes as security firms report escalating numbers of relat...

New Chrome 0-day Bug Under Active Attacks – Update Your Browser ASAP!

Exactly a month after patching an actively exploited zero-day flaw in Chrome, Google today rolled out fixes for yet another zero-day vulnerability in the world's most popular web browser that it says is being abused in the wild. Chrome 89.0.4389.72, released by the search giant for Windows, Mac,...

HAFNIUM targeting Exchange Servers with 0-day exploits

Update 03/08/2021: Microsoft continues to see multiple actors taking advantage of unpatched systems to attack organizations with on-premises Exchange Server. To aid defenders in investigating these attacks where Microsoft security products and tooling may not be deployed, we are releasing a feed ...

HAFNIUM targeting Exchange Servers with 0-day exploits

Update 03/08/2021: Microsoft continues to see multiple actors taking advantage of unpatched systems to attack organizations with on-premises Exchange Server. To aid defenders in investigating these attacks where Microsoft security products and tooling may not be deployed, we are releasing a feed ...

On-Premises Exchange Server Vulnerabilities Resource Center - updated March 25, 2021

On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by applying the patches immediately to...