At a glance.
- Microsoft updates ProxyNotShell guidance.
- Former Uber security chief found guilty in case involving data breach cover-up.
- Mechanisms of fraud.
- Killnet hits networks of US state governments.
- Lloyd's of London investigates suspected cyberattack.
- FBI and CISA offer an appreciation of election security.
- Credential theft in the name of Zoom.
Microsoft updates mitigations for ProxyNotShell.
Microsoft has updated its mitigations for the two Exchange Server zero-day vulnerabilities, CVE-2022-41040 and CVE-2022-41082, that have been exploited in ProxyNotShell attacks. Dark Reading describes the motivation for the updates: researchers had determined that the mitigations in their initial form would be too easy for attackers to bypass.