Microsoft Warns of a Evasive Year-long Spear-phishing Campaign Targeting Office 365 Users
Microsoft warns of a long-running spear-phishing campaign that has targeted Office 365 customers in multiple attacks since July 2020.
“Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. ProxyShell is the name of an attack that uses three chained Microsoft Exchange vulnerabilities to perform unauthenticated, remote code execution. The three vulnerabilities, listed below, were discovered by Devcore Principal Security Researcher Orange Tsai, who chained them together to take over a Microsoft Exchange server in April’s Pwn2Own 2021 hacking contest.”
Vice Society Ransomware Joins Ongoing PrintNightmare Attacks
The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims’ networks.
PrintNightmare is a set of recently disclosed security flaws (tracked as CVE-2021-1675, CVE-2021-34527, and CVE-2021-36958) found to affect the Windows Print Spooler service, Windows print drivers, and the Windows Point and Print feature.
50% of Cybersecurity Attacks Are from Repeat Offenders
Lack of awareness and gaps in knowledge are a weak link for cybersecurity leadership who are responsible for strategic planning of cybersecurity defenses, leaving organizations exposed to risks, a Ponemon survey reveals.
With 2021 already claiming high-profile victims such as Colonial Pipeline and JBS, along with the world’s first bank announcing a $1 billion cybersecurity budget, there is an urgent need for CISOs to rethink their strategy and look for alternative ways to empower their teams.
Trend Micro Warns Customers of Zero-day Attacks Against its Products
Security firms Trend Micro is warning its customers of attacks exploiting zero-day vulnerabilities in its Apex One and Apex One as a Service products.
On July 28, Trend Micro released security patches for multiple incorrect permission assignment privilege escalation, incorrect permission preservation authentication bypass, arbitrary file upload, and local privilege escalation vulnerabilities in Apex One and Apex One as a Service products. The security firm also reported that attackers are already exploits at least two of the flaws (CVE-2021-32464, CVE-2021-32465, CVE-2021-36741, CVE-2021-36742) in attacks in the wild.
Cornell University Researchers Discover ‘Code-poisoning’ Attack
A team of researchers with the Cornell University Tech team have uncovered a new type of backdoor attack that they showed can “manipulate natural-language modeling systems to produce incorrect outputs and evade any known defense.”
Philips Study Finds Hospitals Struggling to Manage Thousands of IoT Devices
Health technology company Philips and cybersecurity company CyberMDX released a new report this week covering cybersecurity spending and trends at mid-sized as well as large hospitals.
Working with market research firm Ipsos, researchers surveyed 130 IT healthcare decision-makers to figure out how they were managing the thousands of medical devices that populate most hospitals today.
Over a Third of Organizations Damaged by Ransomware or Breach
Over one-third of organizations worldwide have experienced a ransomware attack or breach that blocked access to systems or data in the previous 12 months, according to new research.
A survey conducted by the International Data Corporation (IDC) found that many organizations that fell victim to ransomware experienced multiple ransomware events. In the US, the incident rate was notably lower (7%) compared to the worldwide rate of 37%.