SN 947: Article 45 - Citrix Bleed update, Ace Hardware cyberattack, Bitwarden get Passkeys

• Microsoft announced storing their Azure keys in an HSM after previously losing control of a private signing key


• A quartet of new 0-day vulnerabilities in Exchange Server that Microsoft declined to fix


• Apache ActiveMQ servers under attack exploiting a 0-day, with over half of publicly exposed servers vulnerable


• Update on the Citrix Bleed vulnerability with evidence of hackers gaining access and post-exploitation activity


• CVSS version 4 released with new metrics for better granularity and clarity of vulnerability scores


• Ace Hardware …

ace ace hardware activemq apache apache activemq article attack azure bitwarden citrix citrix bleed control cyberattack exchange exchange server exploiting exposed fix hardware help & how to hsm iab19 key keys leo laporte losing control microsoft passkeys private security security now server servers signing signing key steve gibson technology twit under update vulnerabilities