Microsoft Exchange servers unpatched to ProxyShell security vulnerabilities are being attacked by an affiliate of the Hive ransomware group to facilitate the distribution of the Cobalt Strike beacon and other backdoors, reports BleepingComputer.
The Hacker News reports that cybercriminals could exploit an already addressed security flaw in the Snort intrusion detection and prevention system to prompt a denial-of-service condition.
Threat actors could abuse serious vulnerabilities in AWS hot patches for Apache Log4j flaws to elevate privileges and escape containers, reports SecurityWeek.
Eighty-nine percent of businesses reported at least one successful email breach during the past year, while email breach prevalence has increased by nearly twofold since 2019, most of which stemmed from Microsoft 365 phishing attacks, according to Threatpost.
Christian Dameff, a doctor and hacker, says healthcare needs incentives to boost cybersecurity via congressional action similar to HITECH for EHR adoption.
According to the Top 100 Vertical Market MSPs list from sister brand ChannelE2E, managed service providers reaped the benefits of expanded technology spending in 2021 as companies moved from remote to hybrid work, and sought support in efforts to secure the supply chain.
The cybersecurity authorities of the Five Eyes intelligence alliance — the United States, Australia, Canada, New Zealand and the United Kingdom — released an alert Wednesday warning of potential malicious cyber activity resulting from Russia's invasion of Ukraine.
Despite another looming regulatory process, DoD officials and contracting experts are indicating that the CCMC program is unlikely to undergo another major overhaul.
Fast Five
Selected by the SC Media Editorial team every Tuesday.
Sign up now for the top five issues cybersecurity pros need to know this week.