Microsoft: Two New 0-Day Flaws in Exchange Server
Source: Krebs on Security
Microsoft Corp. is investigating reports that attackers are exploiting two previously unknown vulnerabilities in Exchange Server, a technology many organizations rely on to send and receive email. Microsoft says it is expediting work on software patches to plug the security holes. In the meantime, it is urging a subset of Exchange customers to enable a setting that could help mitigate ongoing attacks.
Malware Shifting to Virtual Environments, Warns Mandiant
Source: Data Breach Today
Threat Intel Shows Possible Chinese Cyberspying Campaign Targets VMware Hypervisors. State-sponsored hackers may be shifting their targets from workstations to virtual environments where endpoint detection and response isn't supported, says Mandiant in a report detailing novel malware that attacks VMware hypervisors.
Magellan Health settles for $1.43M after data breach, delayed notification
Source: SC Media
Magellan Health has agreed to pay breach victims $1.43 million to resolve claims its allegedly inadequate security enabled an undetected phishing attack and subsequent patient data breach in 2019. Magellan is a third-party healthcare vendor that provides managed care services for health plans and other healthcare entities across the U.S.
Security teams lack the skills to manage cloud environments, most IT pros say
Source: SC Media
IBM on Friday reported that some 70% of IT pros surveyed say their teams lack the skills needed to sufficiently manage cloud environments. And while more than half are concerned about security, 53% said ensuring compliance in the cloud has become too difficult. Another 71% of respondents also say it's now difficult to realize the full potential of a digital transformation without having a solid hybrid cloud strategy in place.