In the last year, the cyber threat landscape continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders.
Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced adversaries, and their customers face more than 600 million cybercriminal and nation-state attacks every day, ranging from ransomware to phishing to identity attacks.
Read more…
Source: Microsoft
Related:
- CISA Adds Seven Known Exploited Vulnerabilities to Catalog
May 12, 2023
CISA has added seven new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2023-25717 Multiple Ruckus Wireless Products CSRF and RCE Vulnerability CVE-2021-3560 Red Hat Polkit Incorrect Authorization Vulnerability CVE-2014-0196 Linux Kernel Race Condition Vulnerability Read more… Source: U.S. Cybersecurity and Infrastructure Security Agency
- Britain’s largest private pension scheme reveals scale of Capita break-in
May 12, 2023
Universities Superannuation Scheme, the UK’s largest private pension provider, says Capita has warned that details of almost half a million members were held on servers accessed during the recent breach. The USS made the disclosure today, saying that it uses Capita technology platform, Hartlink, to manage in-house pension administration processes, and was working closely with the ...
- Why Microsoft just patched a patch that squashed an under-attack Outlook bug
May 12, 2023
Microsoft in March fixed an interesting security hole in Outlook that was exploited by miscreants to leak victims’ Windows credentials. This week the IT giant fixed that fix as part of its monthly Patch Tuesday update. To remind you of the original bug, tracked as CVE-2023-23397: it was possible to send someone an email that included ...
- CISA and FBI Release Joint Advisory in Response to Active Exploitation of PaperCut Vulnerability
May 11, 2023
CISA and FBI have released a joint Cybersecurity Advisory (CSA), Malicious Actors Exploit CVE-2023-27350 in PaperCut MF and NG. This joint advisory provides details related to an exploitation of PaperCut MF/NG vulnerability (CVE-2023-27350). FBI observed malicious actors exploit CVE-2023-27350 beginning in mid-April 2023 and continuing through the present. In early May 2023, FBI observed a ...
- Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers
May 11, 2023
An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers. SentinelLabs security researchers observed this rising trend after spotting a rapid succession of nine Babuk-based ransomware variants that surfaced between the second half of 2022 and the first half of 2023. Read more… Source: Bleeping Computer
- Food giant Sysco confirms customer data stolen in cyberattack
May 10, 2023
Sysco detected the data breach in March but believes the threat actor began their attack in January, with business, employee and personal data stolen. Global food distributor Sysco has said that company data has been stolen as a result of a cyberattack earlier this year. The stolen information is believed to include business, customer, employee and personal ...