Author: DEFENDEDGE

Original release date: March 8, 2021 CISA has published a Remediating Microsoft Exchange Vulnerabilities web page that strongly urges all organizations to immediately address the recent Microsoft Exchange Server product vulnerabilities. As exploitation of these vulnerabilities is widespread and indiscriminate, CISA strongly advises organizations follow the guidance laid out in the web page. The guidance… Read more

A new side-channel attack takes aim at Intel’s CPU ring interconnect in order to glean sensitive data. Read more

Researchers warn two critical bugs impacting multiple QNAP firmware versions are under active attack. Read more

Original release date: March 8, 2021   High Vulnerabilities Primary Vendor — Product Description Published CVSS Score Source & Patch Info accellion — fta Accellion FTA 9_12_432 and earlier is affected by argument injection via a crafted POST request to an admin endpoint. The fixed version is FTA_9_12_444 and later. 2021-03-02 7.5 CVE-2021-27730 MISC apache… Read more

Original release date: March 6, 2021 Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021. CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help… Read more

Original release date: March 5, 2021 Microsoft has released alternative mitigation techniques for Exchange Server customers who are not able to immediately apply updates that address vulnerabilities disclosed on March 2, 2021. CISA and Microsoft encourages organizations to upgrade their on-premises Exchange environments to the latest supported version. If an organization is unable to immediately… Read more

The lack of cybersecurity requirements in weapons contracts from the Department of Defense opens the door for dangerous cyberattacks. Read more

A new variant of the Gafgyt botnet – that’s actively targeting vulnerable D-Link and Internet of Things devices – is the first variant of the malware to rely on Tor communications, researchers say. Read more

The cyberattack on SITA, a nearly ubiquitous airline service provider, has compromised frequent-flyer data across many carriers. Read more

Researchers with Microsoft and FireEye found three new malware families, which they said are used by the threat group behind the SolarWinds attack. Read more