News & Updates
High-severity Microsoft Exchange 0-day under attack threatens 220,000 servers
Microsoft late Thursday 29th September confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.
MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue.
Artist finds private medical record photos in popular AI training data set
Late last week, a California-based AI artist who goes by the name Lapine discovered private medical record photos taken by her doctor in 2013 referenced in the LAION-5B image set, which is a scrape of publicly available images on the web. AI researchers download a subset of that data to train AI image synthesis models such as Stable Diffusion and Google Imagen.
Hackers Possibly From China Using New Method to Deploy Persistent ESXi Backdoors
The new technique, spotted by Mandiant in April, involves using malicious vSphere Installation Bundles (VIBs). A VIB is a collection of files packaged into a single archive to facilitate distribution — they are similar to a tarball or ZIP archive.
Never-before-seen malware has infected hundreds of Linux and Windows devices
Researchers have revealed a never-before-seen piece of cross-platform malware that has infected a wide range of Linux and Windows devices, including small office routers, FreeBSD boxes, and large enterprise servers.
Microsoft Expands Testing For its Web-Based Outlook For Windows
Microsoft is making its new web-based Outlook for Windows app available for more testers. Office Insiders on the Beta channel have been able to opt-in to test it since May, and starting today, testers on the Current Channel (Preview) will also start seeing the new “Try the new Outlook” toggle in the classic Outlook for Windows app.
$35M fine for Morgan Stanley after unencrypted, unwiped hard drives are auctioned
Morgan Stanley on Tuesday agreed to pay the Securities and Exchange Commission (SEC) a $35 million penalty for data security lapses that included unencrypted hard drives from decommissioned data centers being resold on auction sites without first being wiped.
Cloudflare launches an eSIM to secure mobile devices
Are smartphones ever entirely secure? It depends on one’s definition of “secure,” particularly when dealing with corporate environments. Most companies with bring-your-own-device policies install apps or agents on workers’ smartphones to help secure them, leveraging the management capabilities built into operating systems like Android and iOS. But those might not be sufficient.