A US cybersecurity advisory panel will investigate risks in cloud computing, including Microsoft Corp.’s role in a recent breach of government officials’ email accounts by suspected Chinese hackers, according to two people familiar with the matter.
The Cyber Safety Review Board, which was created by the Biden administration to investigate major cybersecurity events, will focus on risks to cloud computing infrastructure broadly, including identity and authentication management, and will examine all relevant cloud service providers, according to a Department of Homeland Security official. The issue was brought into focus by the breach of Microsoft’s email systems, the official said. Both people asked not to be named so they could discuss sensitive information.
One of the most expensive aspects of any cybercriminal operation is the time and effort it takes to create large numbers of new throwaway email accounts. Now a new service offers to help dramatically cut costs associated with large-scale spam…
As we continue to enhance the security of our cloud, we are going to address the problem of email sent to Exchange Online from unsupported and unpatched Exchange servers. There are many risks associated with running unsupported or unpatched software, but by far the biggest risk is security. Once a version of Exchange Server is no longer supported, it no longer receives security updates; thus, any vulnerabilities discovered after support has ended don’t get fixed. There are similar risks associated with running software that is not patched for known vulnerabilities. Once a security update is released, malicious actors will reverse-engineer the update to get a better understanding of how to exploit the vulnerability on unpatched servers.
CISA has urged organizations to patch a recent Zimbra credential theft vulnerability after reports of exploitation in the wild.
Earlier this year Malwarebytes released its 2022 Threat Review, a review of the most important threats and cybersecurity trends of 2021, and what they could mean for 2022. Among other things it covers the year’s alarming rebound in malware detections, and a significant shift in the balance of email threats.
Earlier today, I received a scam email that impersonates the Ukrainian Red Cross. It attempts to solicit donations via Bitcoin. The email is almost certainly not related to any valid Red Cross effort.
There are some legitimate efforts to collect donations for Ukraine using crypto-currencies. This scam may take advantage of these efforts.