As an update to our March 8th and March 9th blog posts on this subject, please note that both the scope and severity of the attacks on MS Exchange servers have reportedly been underestimated. The list of 30,000 victim organizations has grown significantly, with many victims compromised by several hacking groups. Exchange servers that were […]
As an update to yesterday’s post, Chrome Zero Day Being Actively Exploited (Update Now), please be advised that CISA (Cybersecurity & Infrastructure Security Agency) has published a web page, Remediating Microsoft Exchange Vulnerabilities, which provides guidance on specific steps that can be taken by leaders and technical staff. The guidance provided is applicable for organizations […]
Microsoft has issued out-of-band updates for zero day vulnerabilities impacting on-premise Exchange Servers that are currently being exploited by at least one APT (advanced persistent threat) group, dubbed Hafnium. It is suspected that Hafnium has seized control of hundreds of thousands of MS Exchange Servers worldwide and has hacked at least 30,000 U.S. organizations. The […]
Google has patched several critical vulnerabilities in Chrome, including one that is being actively exploited. These vulnerabilities are being tracked as CVE-2021-21166. The most severe of these vulnerabilities could allow for arbitrary code execution and the deletion or modification of data. Users are advised to update to version 89.0.4389.72 as soon as possible. For instructions […]
Please be advised of two phishing scams, one which targets students with Pell Grant funds, and the other, which targets students with pandemic relief promises. The Pell Grant campaign commences with a text message, like the one shown below, which notifies students of a Pell Grant award and an urgent need to respond to a […]
The FBI, the Department of Health & Human Services Office of the Attorney General (HHS-OIG), and the Centers for Medicaid and Medicare Services (CMS) have issued a joint warning about COVID-19 vaccine scams. What should you look out for? Ads promising early access to the vaccine upon payment of a fee or deposit. Out-of-pocket payment […]
Threat Analysis Group (TAG) reports that a nation state sponsored, a/k/a APT (advanced persistent threat) campaign has been targeting security researchers working on vulnerability research across multiple industries. The goal of this campaign appears to be intellectual property theft. To date, only actors targeting Windows systems have been observed. Social engineering tactics include: Establishing a […]
The FTC warns of an impersonation scam wherein scammers, using a phishing website with familiar branding and dubbed “US Trading Commission”, attempts to lure victims with cash payments if their personal information has been exposed on the web. The goal of this phishing scam, which has popped up as a YouTube link with several different […]
A newly launched SolarLeaks website claims to be selling data from companies known to have been breached in the recent supply chain attack. The site’s legitimacy has not been confirmed. The following data has been offered for sale on this site: Microsoft source code and repositories. Microsoft has confirmed that their source code was accessed. […]
January 28th is Privacy Day (DPD)! DPD is observed globally on January 28th, and is an opportunity to raise awareness about privacy, including easy ways to protect your personal information. The National Cybersecurity Alliance (NCSA) recognizes that individuals feel an increasing lack of control over their personal data, and offers privacy related “Calls to Action” […]