The GoodGood news this week from Meta (aka Facebook). The fake sites used a technique known as “typosquatting” to mimic legitimate domain names such as theGuardian.com with fakes like Guardian[.]co[. According to researchers, a bitmap image of the Windows flag logo was hosted on Github and laced with code for a backdoor. The UglySpeaking of ProxyShell and ProxyLogon, this week news broke of two new MS Exchange zero days that one researcher has dubbed ProxyNotShell. The vulnerabilities impact organizations running on-prem Microsoft Exchange Server 2013, 2016, and 2019 and a public-facing Outlook Web App.

Source: The Guardian September 30, 2022 19:01 UTC