CISA adds Exchange Server, Windows vulnerabilities to catalog of exploited CVEs

The Exchange Server vulnerability was linked to a December ransomware attack against Rackspace.

By David Jones • Jan. 11, 2023

Rackspace confirms ransomware attack hit a small percentage of its Hosted Exchange customers

The cloud services firm said an investigation found no evidence the attackers read, misused or disseminated customer data or emails.

By David Jones • Jan. 6, 2023

Rackspace identifies ransomware threat actor behind December attack via Exchange

CrowdStrike previously connected Play, the threat actor, to a new Outlook Web Access exploit method used in multiple attacks. 

By David Jones • Jan. 3, 2023

Cybersecurity trends in 2023 that will directly impact everyday life

The scale of cyberthreats are growing, spilling into the mainstream. In 2023, expect the spotlight to add pressure to businesses that have underinvested in security. 

By Sue Poremba • Jan. 3, 2023

New exploit for Microsoft’s ProxyNotShell mitigation side steps fix

CrowdStrike researchers discovered a new attack method by the Play ransomware actors that uses Outlook Web Access and leverages additional tools to maintain access. 

By David Jones • Dec. 22, 2022

MacOS vulnerability allows threat actors to bypass Apple Gatekeeper

Microsoft researchers found a flaw in macOS systems, which can even overcome security features designed to protect high-risk users in Lockdown Mode.

By David Jones • Dec. 20, 2022

Threat actor exploits critical Citrix vulnerability

CISA and the NSA quickly issued advisories on the vulnerability, underscoring evidence that a threat actor, active for at least 15 years, is exploiting the flaw.

By Matt Kapko • Dec. 13, 2022

Fortinet urges customers to upgrade systems amid critical vulnerability

A heap-based buffer overflow vulnerability has been exploited in the wild and could allow an attacker to gain control of a system.

By David Jones • Dec. 13, 2022

Fear, panic and Log4j: One year later

Fears of catastrophic cyberattacks have thus far failed to materialize. But federal authorities stress threat actors are playing the long game.

By David Jones • Dec. 9, 2022

Internet Explorer is still a viable zero-day attack vector

North Korea-linked threat actors are using a technique that has been widely used to exploit Internet Explorer via Office files since 2017, Google found.

By Matt Kapko • Dec. 7, 2022

Three-quarters of retail, hospitality applications have security flaws

Nearly 1 in 5 vulnerabilities in the retail and hospitality industry are considered high severity, Veracode found, creating considerable risks to the organization. 

By David Jones • Nov. 22, 2022

Iran-linked threat actors exploiting Log4Shell via unpatched VMware, feds warn

The actors compromised a federal civilian agency, CISA and the FBI said. Authorities warned VMware users to assume breach and hunt for threats if they skipped patches or workarounds.

By David Jones • Nov. 16, 2022

High risk, critical vulnerabilities found in 25% of all software applications and systems

Research from Synopsys showed weak SSL/TLS configurations were the most prevalent form of vulnerability.

By David Jones • Nov. 15, 2022

CISA wants to change how organizations prioritize vulnerabilities

Federal authorities want to take the guesswork and manual decision making processes out of the messy world of vulnerabilities.

By Matt Kapko • Nov. 14, 2022

CISA warns unpatched Zimbra users to assume breach

Months after warnings to patch the Zimbra Collaboration Suite, government and private sector organizations are under attack from multiple threat actors.

By David Jones • Nov. 11, 2022

Citrix CVEs need urgent security updates, CISA says

Though there's no active exploitation yet, Tenable researchers warn they expect threat actors to target the Citrix systems in the near term.

By David Jones • Nov. 10, 2022

Microsoft finally releases security updates for ProxyNotShell zero days

The company linked a limited set of recent Exchange Server attacks to state-backed threat actors.

By David Jones • Nov. 8, 2022

OpenSSL releases patch for 2 high-severity vulnerabilities after prior warning

The organization pulled back on earlier warnings of a critical vulnerability, however still urged organizations to apply the upgrades.

By David Jones • Nov. 1, 2022

Critical OpenSSL vulnerability causes security industry to hold its breath

Researchers warn the vulnerability could be the most serious in the industry since 2014's Heartbleed. 

By David Jones • Nov. 1, 2022

GitHub vulnerability raises risk of open source supply chain attack

Researchers from Checkmarx said a flaw in the namespace retirement mechanism put thousands of packages at risk of being hijacked by outside threat actors.

By David Jones • Oct. 27, 2022

White House plans IoT security labeling program for spring 2023

Major connected device manufacturers, retailers and industry groups back efforts to boost cyber awareness.

By David Jones • Oct. 21, 2022

Apache urges users to upgrade Common Text version to block ‘Text4Shell’ vulnerability

Any connection to Log4j is misapplied, researchers said, because Log4j is a much more widely used Java library. 

By David Jones • Oct. 19, 2022

Critical vulnerability surfaces in Apache Commons Text library

Researchers warn an attacker can achieve remote code execution, but the vulnerability is not seen as potentially dangerous as Log4j.

By David Jones • Oct. 17, 2022

Fortinet attacks escalate as company warns large swath of customers to upgrade

The number of unique IPs using the exploit has gone from single digits when the vulnerability was originally announced to about 200. 

By David Jones • Oct. 17, 2022

CISA adds Fortinet CVE to vulnerability catalog after attacks escalate

A critical authentication bypass vulnerability in the company’s firewall and web proxy software allowed unauthenticated attackers to gain access.

By David Jones • Oct. 12, 2022