[SecurityWeek] Remote Code Execution Vulnerability Found in AWS WorkSpaces

Rhino Security Labs researchers have identified a vulnerability in the AWS WorkSpaces desktop client that could allow an attacker to execute arbitrary code remotely. Tracked as CVE-2021-38112, the security bug could be triggered when the user opens a malicious WorkSpaces URI from the browser, allowing a remote attacker to execute arbitrary code on the vulnerable […]

Read More

[TheRecord] Microsoft Exchange Autodiscover bug leaks hundreds of thousands of domain credentials

Security researchers have discovered a design flaw in a feature of the Microsoft Exchange email server that can be abused to harvest Windows domain and app credentials from users across the world. Discovered by Amit Serper, AVP of Security Research at security firm Guardicore, the bug resides in the¬†Microsoft Autodiscover protocol, a feature of Exchange […]

Read More

[SecurityWeek] Hundreds of Thousands of Credentials Leaked Due to Microsoft Exchange Protocol Flaw

Cybersecurity researchers have been able to capture hundreds of thousands of Windows domain and application credentials due to the design and implementation of the Autodiscover protocol used by Microsoft Exchange. read more Source: Read More (SecurityWeek RSS Feed)

Read More

[HackerNews] Microsoft Warns of a Wide-Scale Phishing-as-a-Service Operation

Microsoft has opened the lid on a large-scale phishing-as-a-service (PHaaS) operation that’s involved in selling phishing kits and email templates as well as providing hosting and automated services at a low cost, thus enabling cyber actors to purchase phishing campaigns and deploy them with minimal efforts. “With over 100 available phishing templates that mimic known […]

Read More