CISA Adds Single-Factor Authentication to the List of Bad PracticesThe Hacker News
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added single-factor authentication to the short list of "exceptionally risky" cybersecurity practices that could expose critical infrastructure as well as government and the private sector entities to devastating cyberattacks.
Single-factor authentication is a method of...
New Microsoft Exchange 'ProxyToken' Flaw Lets Attackers Reconfigure MailboxesThe Hacker News
Details have emerged about a now-patched security vulnerability impacting Microsoft Exchange Server that could be weaponized by an unauthenticated attacker to modify server configurations, thus leading to the disclosure of Personally Identifiable Information (PII).
The issue, tracked as CVE-2021-33766 (CVSS score: 7.3) and...
How Does MTA-STS Improve Your Email Security?The Hacker News
Simple Mail Transfer Protocol or SMTP has easily exploitable security loopholes. Email routing protocols were designed in a time when cryptographic technology was at a nascent stage (e.g., the de-facto protocol for email transfer, SMTP, is nearly 40 years old...
LockFile Ransomware Bypasses Protection Using Intermittent File EncryptionThe Hacker News
A new ransomware family that emerged last month comes with its own bag of tricks to bypass ransomware protection by leveraging a novel technique called "intermittent encryption."
Called LockFile, the operators of the ransomware have been found exploiting recently disclosed flaws such...
Microsoft Warns of Widespread Phishing Attacks Using Open RedirectsThe Hacker News
Microsoft is warning of a widespread credential phishing campaign that leverages open redirector links in email communications as a vector to trick users into visiting malicious websites while effectively bypassing security software.
"Attackers combine these links with social engineering baits that impersonate well-known...