Date: 11/10/2022
ACSC Flags Microsoft Exchange Vulnerabilities
ACSC flags Microsoft Exchange vulnerabilities The Australian Cyber Security Centre (ACSC) has reported two new zero-day vulnerabilities in Microsoft Exchange Servers 2013, 2016, 2019. Microsoft published a list of the common vulnerabilities and exposures (CVEs), assigned to: CVE-2022-41082 – remote code execution vulnerability CVE-2022-41040 – elevation of privilege vulnerability Also noted are Historical CVEs related to ProxyShell, […]
Read more
Date: 27/09/2022
Optus Hacked: Customers warned to check in with their banks after personal data exposed
Optus hacked; customers warned to check in with their banks after personal data exposed Last Thursday, Optus alerted its customers of the security breach and confirmed that the attack was quickly identified and shut down. However, the telco’s 11 million customers have been urged by cyber security experts to be extra vigilant of potential threats […]
Read more
Date: 13/09/2022
LastPass Notified Users of Security Incident
In late August, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.” In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence […]
Read more
Date: 08/06/2022
How the Russia-Ukraine war makes ransomware payments harder
How the Russia-Ukraine war makes ransomware payments harder Before the start of the Russia-Ukraine war, nearly 75 per cent of cryptocurrency payouts for ransomware went to Russia, according to a study conducted by Chainanalysis. As Russia is now a sanctioned country, the legal ramifications of paying ransoms means that victims seeking response and negotiation services […]
Read more
Date: 03/06/2022
Microsoft confirms new zero-day code execution vulnerability in Office Software
Researchers Spot New Microsoft Office Zero-Day Exploit in the Wild Microsoft has confirmed a zero-day flaw in its Office Software that could be abused to achieve arbitrary code execution on affected Windows systems. The vulnerability has been tracked as CVE-2022-30190, with a CVSS severity score of 7.8 out of 10. The vulnerability uses Word’s external […]
Read more
Date: 19/05/2022
Microsoft Azure: Five Best Practices for Cloud Security
Cloud security is a fundamentally new landscape for many companies. While many security principles remain the same as on-premises, the implementation is often very different. This overview provides a snapshot of five best practices for cloud security: identity and access management, security posture management, apps and data security, threat protection and network security. 1. Strengthen […]
Read more
