Microsoft has finally published guidance today for the actively exploited ProxyShell vulnerabilities impacting multiple on-premises Microsoft Exchange versions. ProxyShell is a collection of three security flaws (patched in April and May) discovered by Devcore security researcher Orange Tsai, who exploited them to compromise a Microsoft Exchange server during the Pwn2Own 2021 hacking contest. READ MORE...
Personal and clinical data of more than 73,000 patients have been affected by a "sophisticated ransomware cyber-attack" on a private medical clinic in Singapore. In a press release, Eye & Retina Surgeons revealed the attack took place on 6 August, compromising sensitive data including patients' names, addresses, ID card numbers, contact details and clinical information. However, no credit card or bank account details were accessed or compromised in the incident. READ MORE...
A small Swiss town acknowledged late Wednesday that it had underestimated the severity of a cyberattack, following reports the personal data of the entire population was exposed online. The small, picturesque town of Rolle, on the shores of Lake Geneva, acknowledged last week that it had been the victim of ransomware attack, and that data on some administrative servers had been compromised. READ MORE...
An emerging international cybergang is broadening its targets to include North American media firms, universities and one computer retailer. The advanced persistent threat (APT) group is new, according to researchers who dubbed it SparklingGoblin. Also new is a novel backdoor technique, called SideWalk, used by the APT to penetrate cybersecurity defenses. READ MORE...
BIG-IP application services company F5 has fixed more than a dozen high-severity vulnerabilities in its networking device, one of them being elevated to critical severity under specific conditions. The issues are part of this month's delivery of security updates, which addresses almost 30 vulnerabilities for multiple F5 devices. Of the thirteen high-severity flaws that F5 fixed, one could lead to complete system compromise. READ MORE...
It's not just Razer's mice and keyboards that gobble up Windows 10's tip-top, admin-level SYSTEM privileges: A SteelSeries bug also tosses off Windows 10 admin rights if you just plug in a device. … Or, then again, you can save yourself some cash by simply tricking an Android phone into thinking a local privilege-escalation (LPE) testing script is a real human. READ MORE...