The Microsoft Active Protections Program (MAPP) is a program for software vendors and partners that gives them early access to data on vulnerabilities and other threats before it is published. The MAPP, which has 81 member organizations, aims to ensure that companies can develop strategies and deploy appropriate updates before vulnerabilities become known to the public.
In particular, program participants are [...]
Researcher John Kindervag, in his 2010 article, recommended that administrators of sensitive computer networks not trust anyone, regardless of the employee’s position.
“Once an attacker gets past the shell, he has access to all the resources in our network. We’ve built strong perimeters, but well-organized cybercriminals have recruited insiders and developed new attack methods that easily pierce our current security protections. To [...]
Microsoft discovered a hacker group known as Hafnium that carried out attacks using zero-day vulnerabilities in Microsoft Exchange servers.
To carry out the attack, the cybercriminals needed access to the local Microsoft Exchange server through port 443. If access was obtained, the attackers exploited the following vulnerabilities to gain remote access:
CVE-2021-26855 is a Server Side Request Forgery (SSRF) vulnerability in Exchange that allows an attacker to [...]