NSA Alerted Microsoft to New Exchange Server Vulnerabilities

[TechWeb]( Follow Dark Reading: [RSS]( April 14, 2021 LATEST SECURITY NEWS & COMMENTARY [NSA Alerted Microsoft to New Exchange Server Vulnerabilities]( Microsoft today patched 114 CVEs to address the Exchange Server flaws, more than 50 remote code execution vulnerabilities, and one zero-day. [DNS Vulnerabilities Expose Millions of Internet-Connected Devices to Attack]( Researchers uncover a fresh set of nine vulnerabilities in four TCP/IP stacks that are widely used in everything from powerful servers and firewalls to consumer IoT products. [Global Dwell Time Drops as Ransomware Attacks Accelerate]( The length of time attackers remain undiscovered in a target network has fallen to 24 days, researchers report, but ransomware plays a role. [Dark Reading to Upgrade Site Design, Performance]( Improvements will make site content easier to navigate, faster, and more functional. [Clear & Present Danger: Data Hoarding Undermines Better Security]( Facebook and Google can identify patterns of attack within their own data, but smaller businesses rarely see enough traffic to successfully identify an attack or warn users. [5 Objectives for Establishing an API-First Security Strategy]( With APIs predicted to be the most common attack vector by 2022, an API-first security strategy is critical now more than ever. [Compromised Microsoft Exchange Server Used to Host Cryptominer]( Researchers say an unknown attacker is targeting vulnerable Exchange Servers with a payload hosted on a compromised Exchange Server. [MORE NEWS & COMMENTARY]( HOT TOPICS [Did 4 Major Ransomware Groups Truly Form a Cartel?]( An analysis of well-known extortion groups and their cryptocurrency transactions reveals the answer. [Microsoft Uses Machine Learning to Predict Attackers' Next Steps]( Researchers build a model to attribute attacks to specific groups based on tactics, techniques, and procedures, and then figure out their next move. [Security Jobs With a Future -- And Ones on the Way Out]( Some titles are hot, while others are not, amid rapidly shifting business priorities. [MORE]( EDITORS' CHOICE [7 Security Strategies as Employees Return to the Office]( More sooner than later, employees will be making their way back to the office. Here's how security pros can plan for the next new normal. [4 Open Source Tools to Add to Your Security Arsenal]( Open source solutions can offer an accessible and powerful way to enhance your security-testing capabilities. LATEST FROM THE EDGE [How to Build a Resilient IoT Framework]( For all of their benefits, IoT devices weren't built with security in mind -- and that can pose huge challenges. Tech Resources - [What Elite Threat Hunters See That Others Miss: Case Study]( - [Are We Cyber-Resilient? The Key Question Every Organization Must Answer]( - [10 Must-Have Capabilities for Stopping Malicious Automation Checklist]( - [SANS 2021 Cyber Threat Intelligence Survey]( - [Addressing Complexity and Expertise in Application Security Testing]( - [The Five Major Security Pitfalls of WFH and How to Solve Them]( - [How to Optimize Your Windows 10 Defense Strategy]( [ACCESS TECH LIBRARY NOW]( - [Building Asset Management into Your Enterprise Security Strategy - Free Webinar]( In this webinar, experts discuss methods and technologies for gaining a more complete picture of your IT environment, and for securing or eliminating unknown elements that attempt to use your network. Attend this webinar and you'll: --Learn what tools can ... - [Insider Threats: An Interactive Crisis Simulation]( This interactive webinar will throw attendees into an emerging insider threat simulation taking place at a fictional pharmaceutical company. In this scenario, participants from various industries must use their decision-making skills to find the insider threat, manage the growing crisis, ... [MORE WEBINARS]( FEATURED REPORTS - [Improving Security by Moving Beyond VPN]( - [Accelerate Threat Resolutions with DNS]( [MORE REPORTS]( CURRENT ISSUE [2021 Top Enterprise IT Trends]( [DOWNLOAD THIS ISSUE]( [SUBSCRIBE NOW]( [BACK ISSUES]( | [MUST READS]( | [TECH DIGEST]( PRODUCTS & RELEASES [Survey: 60% of Educational Organizations Hit by Phishing Attacks Targeting Cloud Data]( [Imperva Research Labs Reveals Bot Traffic Climbs to Record High in 2020]( [Beyond Identity Integration With Auth0 Enables Completely Passwordless Authentication]( [MORE PRODUCTS & RELEASES]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech 303 Second St., Suite 900 South Tower, San Francisco, CA 94107 To update your profile, change your e-mail address, or unsubscribe, [click here.]( To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:customerservice_informationhub@techweb.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2021]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:customerservice_informationhub@techweb.com)