From Security Weekly WikiJump to navigationJump to search
#[https://helpnetsecurity.com/2020/10/26/exploit-and-bypass-office-365-defenses/ Attackers finding new ways to exploit and bypass Office 365 defenses - Help Net Security] - Oh, all we need is Zero Trust: ''Zero-trust email: Adhere to a zero-trust-email approach, which should serve as a baseline for an email security strategy. All email, especially ongoing interactions with external partners and suppliers, should be considered areas of compromise.''
#[http://exploit.kitploit.com/2020/10/oracle-vm-virtualbox-buffer-overflow.html Oracle VM VirtualBox Buffer Overflow] - ''A buffer overflow vulnerability in Oracle VM VirtualBox was privately reported to Oracle on September 22, 2020 and was silently patched in VM VirtualBox version 6.1.16r140961.'' Not-so-silent (though no exploit example was provided, I didn't look further).
#[https://threatpost.com/ie-browser-death-march/160571/ Microsoft IE Browser Death March Hastens]
#[https://www.helpnetsecurity.com/2020/10/27/activate-microsoft-365-mfa/ 78% of Microsoft 365 admins don't activate MFA - Help Net Security]
#[https://www.troyhunt.com/humans-are-bad-at-urls-and-fonts-dont-matter/ Humans are Bad at URLs and Fonts Dont Matter]