Patch/Configuration Management

While both Exchange Server versions will continue to be operational past the end date, Microsoft urged admins to immediately upgrade to Exchange Online or prepare for the upcoming Exchange Server Subscription Edition as the outdated iterations will no longer be given technical support, security patches, and time zone updates past Oct. 14.

Aside from warning against the use of archaic cryptographic platforms and unencrypted data storage, such guidance also cautioned about the utilization of hardcoded secrets in critical infrastructure software source code and inadequate communications regarding product support periods.

Information discovered within the unsecured database included not only bills, repayment schedules, mailing lists, settings, and snapshots detailing names, credit limits, and email addresses, but also a spreadsheet with data from 56,864 individuals, which may include current and prospective clients, as well as blocked accounts.

Included in the data exposed by the server were personally identifiable information, job application forms, Security Industry Authority cards, payroll details, TrustID validated documents, and invoices from up to two decades ago, according to independent security researcher JayeLTee.

A new attack method dubbed transaction simulation spoofing has emerged as a significant threat to cryptocurrency users with its ability to let malicious actors exploit a key security feature in modern Web3 wallets.

The critical and high severity flaws were discovered by Google Cloud researchers.

The patch dump is the largest from Microsoft in over half a decade.

Security pros call any bypass of SIP security significant – advise teams to patch right away.