Security news aggregator

Latest cybersecurity reporting from selected sources.

Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.

18 headlines in this view

Refine the feed

Search across headline titles and summaries.

Volume over time

Weekly headline count for the current query.

Showing 18 most recent headlines Filtered view
Bank Info Security 8 months, 2 weeks ago

CISA Issues Guidance to Curb Microsoft Exchange Exploits

US Cyber Defense Agency Releases Best Practices to Harden Exchange EnvironmentsU.S. cyber defense officials and their international partners issued a new blueprint for mitigating Microsoft Exchange vulnerabilities on Thursday as governments worldwide continue to grapple with persistent intrusion campaigns targeting on-premises Microsoft Exchange servers in hybrid environments.

Cybersecurity researchers have shed light on a previously undocumented threat actor called NightEagle (aka APT-Q-95) that has been observed targeting Microsoft Exchange servers as a part of a zero-day exploit chain designed to target government, defense, and technology sectors in China

The Iranian threat actor known as OilRig has been observed exploiting a now-patched privilege escalation flaw impacting the Windows Kernel as part of a cyber espionage campaign targeting the U.A.E. and the broader Gulf region

More than 60,000 Microsoft Exchange servers exposed online are yet to be patched against the CVE-2022-41082 remote code execution (RCE) vulnerability, one of the two security flaws targeted by ProxyNotShell exploits. [...]

Threat actors affiliated with a ransomware strain known as Play are leveraging a never-before-seen exploit chain that bypasses blocking rules for ProxyNotShell flaws in Microsoft Exchange Server to achieve remote code execution (RCE) through Outlook Web Access (OWA)

And for bonus points, there's a Windows flaw under active exploit Patch Tuesday Microsoft fixed more than 80 security flaws in its products for October's Patch Tuesday. But let's start off with what Redmond didn't fix: two Exchange Server bugs dubbed ProxyNotShell that have been exploited by snoops as far back as August.…