March 1, 2024 at 11:09AM Microsoft has resolved an issue impacting some Microsoft 365 users’ Outlook desktop clients, related to connecting to email servers via Exchange ActiveSync. The known issue affects users on Version 2401 Build 17231.20182, which has been rectified in Version 2402 Build 17328.20068 and higher. Affected users were also provided with a … Read more
February 15, 2024 at 10:33AM Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple high to critical security issues. The flaws include authentication bypass, server-side-request forgery, arbitrary command execution, and command injection problems. Despite available security updates, a large number of endpoints are still exposed to these vulnerabilities, increasing the risk … Read more
February 8, 2024 at 01:02PM “LastPass warns about fraudulent ‘LassPass Password Manager’ app on Apple App Store featuring misspellings and discrepancies from official LastPass app. Users at risk of potential data theft. Company working to take down fake app.” Based on the meeting notes, the key takeaways are: – LastPass has warned its users about … Read more
February 5, 2024 at 03:50PM Miscreants are exploiting the latest Ivanti flaw, a server-side request forgery (SSRF) vulnerability CVE-2024-21893. Ivanti disclosed the bug in their software on January 31 and expects increased exploitation once details are public. Exploits targeting it are multiplying, with over 170 attacking IPs involved. The US Cybersecurity agency issued an emergency … Read more
December 17, 2023 at 09:27PM MongoDB issued an alert about unauthorized access to its corporate systems, exposing customer account metadata and contact information. Customers are advised to be vigilant for social engineering and phishing attacks, activate multi-factor authentication, and rotate their passwords. Critical vulnerabilities in Siemens and Unitronics PLCs and other ICS devices were also … Read more
December 17, 2023 at 12:24AM On Dec 13, 2023, MongoDB detected unauthorized access to its systems, leading to exposure of customer data. The company recommends customers to watch out for social engineering and phishing attacks, enforce MFA, and rotate their MongoDB Atlas passwords. Additionally, MongoDB is experiencing login issues, unrelated to the security event. Further … Read more
December 15, 2023 at 02:06PM The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned against the use of default passwords in technology products due to the potential security risks. They recommended alternatives such as unique setup passwords, time-limited passwords, and mandating physical access for initial setup. CISA stressed that relying on customers to change passwords … Read more
December 11, 2023 at 10:54AM Norton Healthcare, a Kentucky-based healthcare organization, disclosed that 2.5 million individuals had their personal information compromised in a ransomware attack earlier this year. The breach, which occurred in May 2023, involved unauthorized access to network storage systems and exposed sensitive data such as names, contact details, Social Security numbers, and … Read more
October 27, 2023 at 10:43AM F5 has issued a warning to customers about a critical vulnerability in its BIG-IP product. The vulnerability, tracked as CVE-2023-46747, allows an unauthenticated attacker to remotely execute arbitrary code. The flaw is closely related to a request smuggling issue in the Apache HTTP Server and can be exploited to gain … Read more