Curated Daily News for March 3, 2021

---

Today’s articles include: Four Exchange server zero-days under active attack, Ryuk new wormable features, Compromised website images avoid detection to deliver malware, BSides – How to build a SecOps program, and New breakthrough steps us closer to a Quantum internet.

• HAFNIUM targeting Exchange Servers with four 0-day exploits
• Attacker Expands Use of Malicious SEO Techniques to Distribute Malware
• ‘Clear and Present Danger’: Why Cybersecurity Risk Management Needs to Keep Evolving
• Ryuk Ransomware: Now with Worming Self-Propagation
• Why Cloud Security Risks Have Shifted to Identities and Entitlements
• A quantum internet is closer to reality, thanks to this switch
• Compromised Website Images Camouflage ObliqueRAT Malware
• BSides Calgary 2020 – Kyle Howson’s ‘How To Build A Security Operations Program’
• Should You Be Concerned About the Recently Leaked Spectre Exploits?

Tool Of The Day

OWASP ASST (Automated Software Security Toolkit) – A Novel Open Source Web Security Scanner: ASST is an Open Source, Source Code Scanning Tool, it is a CLI (Command Line Interface) application, developed with JavaScript (Node.js framework). Currently concentrates on PHP and MySQL programming languages, but since its core functionalities are ready and available for everyone, programmers can contribute and add plugins or extensions to it, to add features and make it scan for other programming languages such as Java, C#, Python, etc.., and their frameworks. So its infrastructure is designed to be contributed with other programmers to make it better and more novel. The best of our knowledge, ASST is the only tool that scans PHP language according to OWASP Top 10 Web Application Security Risks.