CyberSec Roundup
A synopsis of the Latest Cybersecurity News
Bitcoin.org Hacked
The Bitcoin.org website has been an informative resource about Bitcoin since 2011, but it was hacked last week. The hackers then used the legitimate site to scam visitors into a fake cryptocurrency giveaway. The scam was only up for one day, but they managed to steal over $17,000 in cryptocurrency as a result. The site is now legitimately operational again, but the cause of the hack has yet to be determined.
Email Credentials Leaked
Email passwords for some users of Microsoft Exchange have been leaked online. If Autodiscover is not correctly configured, it can cause email clients to try to authenticate to an Autodiscover URL that the organization doesn’t trust, and send their credentials to a threat actor unknowingly. Microsoft is currently trying to register these domains to mitigate the issue, but administrators also need to take steps to ensure their implementation of Autodiscover is secure.
VMware Bug Exploited
VMware recently disclosed a critical vulnerability that affects vCenter Server versions 6.7, and 7.0. Tracked as CVE-2021-22005, it could allow an attacker to remotely take control of a system. Administrators are urged to patch their systems immediately as threat actors have started to scan for unpatched targets to exploit.
By: David Pinder
IT & Security Consultant
Certified Ethical Hacker (Master)