On March 2, Microsoft released emergency security updates to plug four security loopholes in Exchange Server versions 2013 through 2019. Chinese state-sponsored cyber-espionage unit was using these security loopholes to sniff into email conversations of victim organizations.
At least 30,000 organizations in the United States alone are believed to be hacked by the espionage group to siphon email…
VMware patches critical RCE vulnerability that allowed attackers to execute code remotely
April 9, 2021
VMware has patched up multiple critical remote code execution (RCE) vulnerability in its ESXi, vCenter Server, and Cloud foundation products. The flaw would allow attackers to run codes and affect systems remotely. This vulnerability, tracked as CVE-2021-21972, is critical in severity as it has a CVSS score of 9.8 out of a maximum of 10.
The company said in its advisory that “A malicious…
In 2020, half of all phishing emails used Microsoft Office-themed content to lure in unsuspecting victims and swipe their credentials, according to a Tuesday report by Cofense. The company analyzed millions of attack-related emails and concluded that 57% of the mails were phishing emails with the intent to steal credentials, while the rest were used for planting malware in the user’s systems or…
According to BlueVoyant’s Cybersecurity in higher education report, the number of ransomware attacks against universities increased by 100% year-on-year in 2020. The company compiled data from 2702 universities across 43 countries, covering the period January 2019 to September 2020. It went on to say that average payouts were totaling nearly $450,000.
The company claims that the rise in…
Clubhouse chatroom breached: Letting third-party developer design app for Android users backfires
April 9, 2021
The wildly popular social media app Clubhouse suffered a data breach, as a third-party developer designed an open-source app that allowed Android smartphone customers to break into the iPhone-only service.
Clubhouse has confirmed that a user was able to stream audio from the app on their website. The audio-only social networking app, launched in March 2020, allows people to gather online in…
Cybersecurity firm Genua has issued a fix for a risky flaw in in it’s two-tier firewall product, GenuGate High Resistance Firewall. The vulnerability could have enabled attackers to bypass authentication measures and log in as root users within a company’s internal network.
“An unauthenticated attacker is able to login as an arbitrary user in the admin web interface…
Microsoft 365 users saw a slew of phishing emails, thanks to an ongoing attack aiming at stealing Microsoft 365 credentials. To make the emails look more realistic and legitimate, attackers are adding a fake Google reCAPTCHA system in addition to their company logos in the mails. Security researchers indicate that over 2500 such emails have been unsuccessfully sent to senior-level employees in the…
The National Stock Exchange (NSE) of India was down for almost an entire day on February 24, 2021. The Nifty, Bank Nifty, and other indices stopped across all brokerage firms in India. An NGO foundation, Moneylife Foundation, has come forward and alleged that the NSE was under attack by cybercriminals.
Although NSE has informed that the blackout was due to “issues with the links with telecom…
Multiple airlines suffer data breach due to supply-chain cyberattack, frequent-flyer list compromised
April 9, 2021
SITA Passenger Service System (SITA PSS), a communications and IT service provider for 90 percent of the world’s airline companies, suffered a massive data breach. The company calls the attack that targeted its U.S servers in Atlanta a “highly sophisticated attack.”
Singapore Airlines, a company that uses SITA’s services, reported that over 580,000 customers were affected. The total…
According to researchers at F-Secure, vulnerable Microsoft Exchange servers are being attacked ‘faster than we can count’. Although Microsoft estimates only around 8 percent of servers remain unpatched, F-Secure says that new groups of hackers have started chasing behind this vulnerability.
It has been almost a month since Microsoft released a patch for the four zero-day vulnerabilities.
