CISA Issues Emergency Directive on Actively Exploited Microsoft Exchange Vulnerabilities

Google to jettison individual cookies, Okta plunges after announcing $6.5 billion purchase of Auth0, Qualys latest victim of Accellion FTA flaw, Brave to launch a privacy-oriented browser, and more

Don’t miss a thing in the infosec world. Support Metacurity and sign up for a premium subscription today!

The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive following the release of fixes for zero-day vulnerabilities in Microsoft Exchange, saying that partner organizations have detected "active exploitation of vulnerabilities in Microsoft Exchange on-premise products."

The vulnerabilities represent an "unacceptable risk to Federal Civilian Executive Branch agencies,” and agencies are ordered to begin triaging their network activity, system memory, logs, Windows event logs, and registry records to find any indicators of suspicious behavior. (Charlie Osborne / ZDNet

Related: The Hill: CybersecurityFCWHealthITSecurityCyberscoopDark Reading: Vulnerabilities / Threats, Homeland Security TodayQualys BlogBlogs | ZscalerBusiness StandardNBC NewsHOTforSecurity, HackReadSC MagazineUnit 42 - Palo Alto NetworksTech.CoCyber.dhs.gov, CSO OnlineHotHardware.comBleeping ComputerRapid7Cyber KendraGraham CluleyUS-CERT Current Activityisssource.comDark Reading: OperationsTechTargetThreatpost

Under pressure to cope with rising privacy concerns, Google said it is backing away from selling ads based on individual users’ browsing data and will shift to ad technology that tracks consumers in large, anonymized groups.

Following its decision last year to remove support for third-party cookies, Google has now decided not to build alternate identifiers to track individuals as they browse across the web, nor will we use them in our products. (Karl Bode / Motherboard)

Related: MarketwatchHotHardware.comAndroid CentralMobileSyrup.comWCCFtechAndroidHeadlines.comWCCFtechMobileSyrup.comGadgets NowThe Hindu - NewsDaring FireballChicago Sun-Times - All, AppleInsiderSiliconANGLEiPhone in Canada BlogRT NewsSilicon Republicxda-developersWashingtonExaminer.comSecurityWeekPYMNTS.comInputArs Technica, Android PolicePCWorldTech InsiderSlashdotRT NewsThe SuniPhone in Canada BlogWRAL Tech WireVox, Google

Secure cloud software technology company Okta saw its stock plunge 13% after it announced that it is spending $6.5 billion to buy rival Auth0.

The all-stock deal reflects about 21% of Okta’s market cap, and Okta said it expects the transaction to close by the end of July. (Ari Levy / CNBC)

Related: CRNiTnews - SecurityThe New StackWSJ.com: WSJDBusiness Wire Technology NewsSiliconANGLETech InsiderSecurityWeekSlashdotGeekWire OriginalInvestor's Business Daily, Tech InsiderDark ReadingSlashdot, Okta

Follow Us on Twitter

Cybersecurity firm Qualys is likely the latest victim of a vulnerability in Accellion’s FTA, given that the Clop ransomware gang posted screenshots of files allegedly belonging to the cybersecurity firm Qualys.

Qualys had an Accellion FTA device located on their network. The company issued a statement saying that there is no impact on the Qualys production environments, codebase, or customer data hosted on the Qualys Cloud Platform. (Lawrence Abrams / Bleeping Computer)

Related: Security AffairsQualys BlogTechTargetCyberscoopThe Register - Security

Privacy-focused browser Brave is getting ready to launch a privacy-oriented search engine called Brave Search to compete with Google and Bing.

Brave also announced the acquisition of an open-source search engine called Tailcat, developed by the team behind the now-defunct Cliqz anti-tracking search-browser combo. Brave Search will have similar protections to the Brave Browser, including not tracking or profiling users, using open ranking models to “prevent algorithmic biases and outright censorship.” (Natasha Lomas / Riptari)

Related: Tom's GuideSlashdotSearch Engine LandAndroid PoliceThe Mac ObserverAndroid CentralSlashGearEngadgetAppleInsiderThe RegisterDevdiscourse News DeskWebProNewsSlashGearPCWorldEngadgetBrave

The US managed service provider CompuCom said it had been affected by a malware incident affecting some of the services it provides to certain customers. 

Over the weekend, CompuCom suffered an outage that prevented customers from accessing its customer portal to open troubleshooting tickets. Compucom subsequently disconnected access to some customers to prevent the malware's spread. (Lawrence Abrams / Bleeping Computer)

Related: Valdosta Daily TimesBusiness Wire Technology News

Little-known smart surveillance camera company Flock, which also makes automatic license plate reader technology, is deploying a connected network of AI-powered cameras that detect cars' movements across the United States through a program called TALON.

TALON, which offers up to 500 million scans of vehicles per month, gives police access to a nationwide network of cameras that law enforcement agencies around the country have installed. (Joseph Cox / Motherboard)

Related: PogoWasRight.org

Navajo Nation Hospital Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit by a cyberattack earlier this year, and sensitive employee files were posted online by a hacker group known for ransomware attacks.

The hackers stole files such as job applications and background check authorizations that included Social Security numbers. They posted them to their website in an apparent attempt to extort the hospital for payment. (Kevin Collier / NBC News)

Related: Slashdot