Cybersecurity Starts in the Boardroom
It has been a busy couple of days at the US Cybersecurity and Infrastructure Security Agency as they issue a range of security advisories: Drupal Releases Security Update | CISA Microsoft Releases Guidance on Zero-Day Vulnerabilities in Microsoft Exchange Server | CISA Cisco Releases Security Updates for Multiple Products | …
Continue reading “CISA issues security advisories across a range of popular products”
The US Cybersecurity and Infrastructure Security Agency has added three known exploits to its Known Exploited Vulnerabilities Catalog – this list should be seen as a “Must Patch Now” list. Two of the exploits are for Microsoft Exchange are being actively exploited: CISA Adds Three Known Exploited Vulnerabilities to Catalog …
Continue reading “CISA adds three vulnerabilities to the Known Exploited Vulnerabilities Catalog”
Microsoft has been monitoring and seeing an increase in attacks using malicious OAuth applications, installed on compromise cloud servers that then facilitate mass spamming from Exchange Online servers. Malicious OAuth applications abuse cloud email services to spread spam – Microsoft Security Blog The attack started with the threat actor launching …
Continue reading “Mass spamming starts with no MFA and credential stuffing”
With the holiday season well underway, I thought we would take a look at the cyber security implications of the Out-of-Office notification:
We live in a Microsoft world when it comes to business – and Microsoft Exchange, whether hosted or your own servers, by their very nature contain information that hacker love or are a way into an organisation. So they are always going to be a target: UNC3524: Eye Spy on …
