7 matches found
Active Exploitation of Confluence Server & Confluence Data Center: CVE-2021-26084
This attack is ongoing. See the Updates section at the end of this post for new information as it comes to light. On August 25, 2021, Atlassian published details on CVE-2021-26084, a critical remote code execution vulnerability in Confluence Server and Confluence Data Center. The vulnerability...
On-Premises Exchange Server Vulnerabilities Resource Center – updated March 25, 2021
MSRC / By MSRC Team / March 2, 2021 On March 2nd, we released several security updates for Microsoft Exchange Server to address vulnerabilities that are being used in ongoing attacks. Due to the critical nature of these vulnerabilities, we recommend that customers protect their organizations by...
MuddyWater expands operations
Summary MuddyWater is a relatively new APT that surfaced in 2017. It has focused mainly on governmental targets in Iraq and Saudi Arabia, according to past telemetry. However, the group behind MuddyWater has been known to target other countries in the Middle East, Europe and the US. We recently...
NSA Director Says U.S. Working to Push Attack Data to ISPs
WASHINGTON–The commander of the U.S. Cyber Command said that the federal government is working on a system now that would allow it to work with ISPs and others to help stop ongoing attacks against government and private networks by pushing intelligence and attack signatures to them. Gen. Keith...
Adobe Releases Emergency Fix for Critical Reader Flaws
Adobe on Tuesday released an emergency patch for several critical vulnerabilities in Adobe Reader, including the recent Adobe Flash bug and a separate flaw that was disclosed earlier this month. The patch released Tuesday is outside of the company’s normal quarterly update schedule for Reader and...
Microsoft Warns of Attacks Against ASP.NET Flaw
Microsoft is warning customers that it has seen ongoing attacks against the recently disclosed padding oracle vulnerability in ASP.NET and is encouraging them to implement a workaround that will help protect against the publicly disclosed exploit for the bug. The workaround that Microsoft has...
Operation Aurora Still Out There
The targeted attacks that hit Google, Adobe, and other U.S. organizations are still ongoing and have affected many more companies than the original 20 to 30 or so reported by Google and others. One researcher believes they are close to naming the suspected coder. Read the full article. Dark Readi...