Update 10/6/2022 : Microsoft has released several updates since their post on the “ProxyNotShell” Exchange vulnerabilities. If you followed their initial mitigation steps, they are not sufficient to block this threat and your Exchange server may remain vulnerable. Security researchers began poking at the initial mitigation recommendations and found ways to bypass their … [Read more...]
Set Employees Free with Security That Travels
With the average person managing 90 accounts that require a username and password, and credential-stealing malware on the rise, your users are firmly in the crosshairs of cyber criminals. At the same time, the drive toward workplace flexibility and desire to empower people to work where they are most comfortable challenges some foundations of cyber security. More work than ever … [Read more...]
Chrome 0day in the Wild – Security Byte
Last week, the Chrome team warned that attackers were exploiting a zero day vulnerability in the popular browser in the wild. At a high level, Chrome’s FileReader suffers from a memory corruption vulnerability that attackers could exploit to escape Chrome’s sandbox and execute code. The criminals exploiting the flaw are also leveraging a Windows vulnerability as well. Watch the … [Read more...]
KeySteal Controversy – Security Byte
An 18year-old, German researcher (Linus Henze) has found a serious, zero day password leak vulnerability in macOS’s key store, but he refuses to share the technical details with Apple. Turns out, Apple only offers iOS bug bounties, not macOS ones, and this researcher is protesting that fact. Watch the video below to learn more about this critical vulnerability, and where my … [Read more...]
Win10 File Deletion 0day – Daily Security Byte
Late last week, a researcher disclosed a zero day flaw that affect all versions of Window 10, and the latest Windows Servers as well. The good news is the flaw is difficult to exploit. The bad news is the researcher did not give Microsoft time to patch it before disclosing the issue, and proof-of-concept (POC) exploit code. If you're ok with third party patches, consider … [Read more...]