CISA Issues Emergency Directive on Actively Exploited Microsoft Exchange Vulnerabilities
Google to jettison individual cookies, Okta plunges after announcing $6.5 billion purchase of Auth0, Qualys latest victim of Accellion FTA flaw, Brave to launch a privacy-oriented browser, and more
Don’t miss a thing in the infosec world. Support Metacurity and sign up for a premium subscription today!
The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive following the release of fixes for zero-day vulnerabilities in Microsoft Exchange, saying that partner organizations have detected "active exploitation of vulnerabilities in Microsoft Exchange on-premise products."
The vulnerabilities represent an "unacceptable risk to Federal Civilian Executive Branch agencies,” and agencies are ordered to begin triaging their network activity, system memory, logs, Windows event logs, and registry records to find any indicators of suspicious behavior. (Charlie Osborne / ZDNet)
Related: The Hill: Cybersecurity, FCW, HealthITSecurity, Cyberscoop, Dark Reading: Vulnerabilities / Threats, Homeland Security Today, Qualys Blog, Blogs | Zscaler, Business Standard, NBC News, HOTforSecurity, HackRead, SC Magazine, Unit 42 - Palo Alto Networks, Tech.Co, Cyber.dhs.gov, CSO Online, HotHardware.com, Bleeping Computer, Rapid7, Cyber Kendra, Graham Cluley, US-CERT Current Activity, isssource.com, Dark Reading: Operations, TechTarget, Threatpost
Under pressure to cope with rising privacy concerns, Google said it is backing away from selling ads based on individual users’ browsing data and will shift to ad technology that tracks consumers in large, anonymized groups.
Following its decision last year to remove support for third-party cookies, Google has now decided not to build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products. (Karl Bode / Motherboard)
Related: Marketwatch, HotHardware.com, Android Central, MobileSyrup.com, WCCFtech, AndroidHeadlines.com, WCCFtech, MobileSyrup.com, Gadgets Now, The Hindu - News, Daring Fireball, Chicago Sun-Times - All, AppleInsider, SiliconANGLE, iPhone in Canada Blog, RT News, Silicon Republic, xda-developers, WashingtonExaminer.com, SecurityWeek, PYMNTS.com, Input, Ars Technica, Android Police, PCWorld, Tech Insider, Slashdot, RT News, The Sun, iPhone in Canada Blog, WRAL Tech Wire, Vox, Google
Secure cloud software technology company Okta saw its stock plunge 13% after it announced that it is spending $6.5 billion to buy rival Auth0.
The all-stock deal reflects about 21% of Okta’s market cap, and Okta said it expects the transaction to close by the end of July. (Ari Levy / CNBC)
Related: CRN, iTnews - Security, The New Stack, WSJ.com: WSJD, Business Wire Technology News, SiliconANGLE, Tech Insider, SecurityWeek, Slashdot, GeekWire Original, Investor's Business Daily, Tech Insider, Dark Reading, Slashdot, Okta
Cybersecurity firm Qualys is likely the latest victim of a vulnerability in Accellion’s FTA, given that the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm Qualys.
Qualys had an Accellion FTA device located on their network. The company issued a statement saying that there is no impact on the Qualys production environments, codebase, or customer data hosted on the Qualys Cloud Platform. (Lawrence Abrams / Bleeping Computer)
Privacy-focused browser Brave is getting ready to launch a privacy-oriented search engine called Brave Search to compete with Google and Bing.
Brave also announced the acquisition of an open-source search engine called Tailcat, developed by the team behind the now-defunct Cliqz anti-tracking search-browser combo. Brave Search will have similar protections to the Brave Browser, including not tracking or profiling users, using open ranking models to “prevent algorithmic biases and outright censorship.” (Natasha Lomas / Riptari)
Related: Tom's Guide, Slashdot, Search Engine Land, Android Police, The Mac Observer, Android Central, SlashGear, Engadget, AppleInsider, The Register, Devdiscourse News Desk, WebProNews, SlashGear, PCWorld, Engadget, Brave
The US managed service provider CompuCom said it had been affected by a malware incident affecting some of the services it provides to certain customers.
Over the weekend, CompuCom suffered an outage that prevented customers from accessing its customer portal to open troubleshooting tickets. Compucom subsequently disconnected access to some customers to prevent the malware's spread. (Lawrence Abrams / Bleeping Computer)
Little-known smart surveillance camera company Flock, which also makes automatic license plate reader technology, is deploying a connected network of AI-powered cameras that detect cars' movements across the United States through a program called TALON.
TALON, which offers up to 500 million scans of vehicles per month, gives police access to a nationwide network of cameras that law enforcement agencies around the country have installed. (Joseph Cox / Motherboard)
Navajo Nation Hospital Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit by a cyberattack earlier this year, and sensitive employee files were posted online by a hacker group known for ransomware attacks.
The hackers stole files such as job applications and background check authorizations that included Social Security numbers. They posted them to their website in an apparent attempt to extort the hospital for payment. (Kevin Collier / NBC News)