08.08.2025

CSO Online 07.08.2025 20:41
Administrators with hybrid Exchange Server environments are urged by Microsoft and the US Cybersecurity and Infrastructure Security Agency (CISA) to quickly plug a high-severity vulnerability or risk system compromise.
Hybrid Exchange deployments offer organizations the ability to extend the user features and admin controls of the on-prem version of Exchange within Microsoft 365. Hybrid deployment can serve as an intermediate step to moving completely to an Exchange Online organization, Microsoft said.

Infosecurity Magazine 07.08.2025 16:00
Microsoft Exchange customers have been urged to apply fixes set out in a hybrid deployment security update published in April

Infosecurity Magazine 07.08.2025 15:10
Google confirms it was among the victims of an ongoing data theft campaign targeting Salesforce instances, where publicly available business names and contact details were retrieved by the threat actor

Heise Security 07.08.2025 14:10
In einer aktuellen Version haben die Entwickler IBM Tivoli Monitoring vor möglichen Attacken geschützt.

CSO Online 07.08.2025 13:44
Google has now confirmed that it too was impacted by the Salesforce data theft attacks originally uncovered by its own threat intelligence group (GTIG) in June.
In an August 5 update to its June disclosure about an ongoing voice phishing (vishing) campaign targeting Salesforce customers, Google revealed that information related to some of its own customers was compromised.

CSO Online 07.08.2025 12:51
Secrets Management und Remote Code Exceution gehen nicht gut zusammen.
In Enterprise-Umgebungen übersteigt die Anzahl nicht-menschlicher Identitäten (wie sie beispielsweise von Anwendungen und Maschinen verwendet werden), die Anzahl menschlicher Identitäten schätzungsweise um das 150-Fache. Damit sind Credential- oder Secrets-Management-Systeme eine kritische Komponente der IT-Infrastruktur. Umso fataler sind die Erkenntnisse, die Sicherheitsexperten des Identity-Spezialisten Cyata bei der Analyse zweier weit verbreiteter Open-Source-Lösungen in diesem Bereich gewonnen haben.

The Hacker News 07.08.2025 12:42
Microsoft has released an advisory for a high-severity security flaw affecting on-premise versions of Exchange Server that could allow an attacker to gain elevated privileges under certain conditions.
The vulnerability, tracked as CVE-2025-53786, carries a CVSS score of 8.0. Dirk-jan Mollema with Outsider Security has been acknowledged for reporting the bug.
"In an Exchange hybrid deployment, an

The Hacker News 07.08.2025 12:40
Cybersecurity researchers have disclosed multiple security flaws in video surveillance products from Axis Communications that, if successfully exploited, could expose them to takeover attacks.
"The attack results in pre-authentication remote code execution on Axis Device Manager, a server used to configure and manage fleets of cameras, and the Axis Camera Station, client software used to view

Heise Security 07.08.2025 11:09
Admins, die Exchange in einer Hybridbereitstellung betreiben, sollten ihre Instanzen nach einer Anleitung von Microsoft vor möglichen Attacken schützen.

Spiegel Online 07.08.2025 09:59
Seit 2017 können Ermittler beim Verdacht auf schwere Straftaten heimlich Trojaner auf Computer und Handys schicken. Diese Praxis hat das Bundesverfassungsgericht im Wesentlichen nun bestätigt, der Gesetzgeber muss aber nachbessern.

Heise Security 07.08.2025 09:50
Aufgrund mangelnder Sicherheitsprüfungen können Angreifer MCP-Konfigurationen in der Cursor IDE ändern, um beliebigen Code auszuführen.