Weekly Cyber Security News 24/09/2021

A selection of this week’s more interesting vulnerability disclosures and cyber security news. For a daily selection see our twitter feed at #ionCube24. Complex features require a little more care and understanding. If unsure I would advise disabling them and looking at the documentation – that is assuming such features have correct documentation!:

• Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

Basic validation failure which is a common fault on web based products occasionally occur elsewhere. Such as this golden one:

• Apple tried to patch this security hole in macOS Finder but didn’t consider upper and lowercase characters

Using ‘authority’ figure impersonation that we are trained to never question are a common scammer and con-artist trick. One that often works when used against the right target susceptible to ‘no questions asked’:

• Brits open doors for tech-enabled fraudsters because they “don”t want to seem rude”