Headline
Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials
An unpatched design flaw in the implementation of Microsoft Exchange’s Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide. “This is a severe security issue, since if an attacker can control such domains or has the ability to ‘sniff’ traffic in the same network, they can capture domain credentials in plain text (HTTP<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/nI_vQihlxnA” height="1" width="1" alt=""/>
Related news
Unidentified threat actors breached a server running an unpatched, 11-year-old version of Adobe's ColdFusion 9 software in minutes to remotely take over control and deploy file-encrypting Cring ransomware on the target's network 79 hours after the hack. The server, which belonged to an unnamed services company, was used to collect timesheet and accounting data for payroll as well as to host a<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/USuDSvrWDUo" height="1" width="1" alt=""/>
A recently discovered wave of malware attacks has been spotted using a variety of tactics to enslave susceptible machines with easy-to-guess administrative credentials to co-opt them into a network with the goal of illegally mining cryptocurrency. "The malware's primary tactic is to spread by taking advantage of vulnerable systems and weak administrative credentials. Once they've been infected,<img src="http://feeds.feedburner.com/~r/TheHackersNews/~4/LNnBCXKL1w0" height="1" width="1" alt=""/>