Cybersecurity firm Genua has issued a fix for a risky flaw in in it’s two-tier firewall product, GenuGate High Resistance Firewall. The vulnerability could have enabled attackers to bypass authentication measures and log in as root users within a company’s internal network.
“An unauthenticated attacker is able to login as an arbitrary user in the admin web interface…
Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the…
The National Stock Exchange (NSE) of India was down for almost an entire day on February 24, 2021. The Nifty, Bank Nifty, and other indices stopped across all brokerage firms in India. An NGO foundation, Moneylife Foundation, has come forward and alleged that the NSE was under attack by cybercriminals.
Although NSE has informed that the blackout was due to “issues with the links with telecom…
Multiple airlines suffer data breach due to supply-chain cyberattack, frequent-flyer list compromised
April 9, 2021
SITA Passenger Service System (SITA PSS), a communications and IT service provider for 90 percent of the world’s airline companies, suffered a massive data breach. The company calls the attack that targeted its U.S servers in Atlanta a “highly sophisticated attack.”
Singapore Airlines, a company that uses SITA’s services, reported that over 580,000 customers were affected. The total…
According to researchers at F-Secure, vulnerable Microsoft Exchange servers are being attacked ‘faster than we can count’. Although Microsoft estimates only around 8 percent of servers remain unpatched, F-Secure says that new groups of hackers have started chasing behind this vulnerability.
It has been almost a month since Microsoft released a patch for the four zero-day vulnerabilities.
Microsoft recently apologized for an Azure Active Directory issue that disrupted access to Office 365 applications and the Azure Admin Portal for two hours or more for some users. Microsoft conducted a root cause analysis in an attempt to offer an explanation on what caused the outage.
In the root cause analysis notice, Microsoft said that a cross-cloud migration operation that was intended to…
Hackers responsible for the SolarWinds hack also have their hands on Azure and Exchange source code
March 3, 2021
In an update released this Thursday, Microsoft disclosed that the hackers responsible for the SolarWinds attack have also stolen some source code related to Azure, Exchange, and Intune components. However, the tech giant added that their investigation did not point to any evidence of abuse targeted at their internal systems and its customers.
Microsoft took notice of this compromise back on…
Microsoft announced improvements in Azure Active Directory Conditional Access Policy and Sync
March 3, 2021
Microsoft has recently announced improvements to Azure Active Directory conditional access policy and sync services. The company also outlined security best practices for organizations across the world using on-premises Active Directory and Azure AD for identity and access management.
Microsoft is advocating organizations to adopt zero trust for network traffic with Active Directory along with…
Time to update: Google just fixed an actively exploited zero-day vulnerability in the Chrome browser
March 3, 2021
Google recently patched a potentially disastrous zero-day vulnerability in the desktop app of the Chrome web browser. The company also acknowledged that the exploit is being actively exploited in the wild.
In the recent release update from the Chrome team, it patched the issue with an update for the Windows, Mac, and Linux app to fix the heap buffer overflow flaw (CVE-2021-21148) in its V8…
The year 2020 has been quite tumultuous for IT pros. Organizations were tested on their cyber resilience like never before. IT teams were forced to quickly come up with sweeping changes to enable remote work for employees and ensure business continuity.
As a result, many organizations were forced to prioritize service availability over security. This has unsurprisingly paved the way for…
