Week in security with Tony Anscombe


Four zero-days patched in Microsoft Exchange Server – A tale about an unsophisticated criminal – Web trackers in a password manager app

Microsoft has issued out-of-band updates to address four zero-day vulnerabilities that affect Microsoft Exchange Server versions 2013, 2016, and 2019 and are under active exploitation by multiple APT groups. ESET’s Jake Moore shares a personal story that shows that not all fraudsters use sophisticated methods to profit at the expense of unsuspecting victims or to avoid getting caught. The Android version of a widely-used password management app was found to contain seven third-party trackers, which is probably not what many people would expect with an app that handles people’s sensitive data.

Latest Posts