Microsoft Exchange zero-days exploited. Supply chain attack reported. New Lazarus activity. Mexican government falls victim to hacktivism. Hacking partial mobilization. Former insider threat.
Two Microsoft Exchange zero-days exploited in the wild. A supply chain attack, possibly from Chinese intelligence services. There’s new Lazarus activity: bring-your-own-vulnerable-driver. The Mexican government falls victim to apparent hacktivism. Flying under partial mobilization’s radar. Betsy Carmelite from Booz Allen Hamilton talks about addressing the cyber workforce skills gap. Our guest Rachel Tobac from SocialProof Security brings a musical approach to security awareness training. How’s your off-boarding program working out?
Customer Guidance for Reported Zero-day Vulnerabilities in Microsoft Exchange Server (Microsoft Security Response Center)
Microsoft confirms two Exchange Server zero days are being used in cyberattacks (The Record by Recorded Future)Microsoft confirms new Exchange zero-days are used in attacks (BleepingComputer)
Report: Commercial chat provider hijacked to spread malware in supply chain attack (The Record by Recorded Future)
Amazon‑themed campaigns of Lazarus in the Netherlands and Belgium (WeLiveSecurity)
Lazarus & BYOVD: evil to the Windows core (Virus Bulletin)
Lazarus hackers abuse Dell driver bug using new FudModule rootkit (BleepingComputer)
Mexican president confirms ‘Guacamaya’ hack targeting regional militaries (The Record by Recorded Future)
Russians dodging mobilization behind flourishing scam market (BleepingComputer)
Honolulu Man Pleads Guilty to Sabotaging Former Employer’s Computer Network (US Department of Justice)