Microsoft Exchange Server Has a Zero-Day Problem

There were global ripples in tech policy this week as VPN providers were forced to pull out of India as the country’s new data collection law takes hold, and UN countries prepare to elect a new head of the International Telecommunications Union—a key internet standards body.

After explosions and damage to the Nord Stream gas pipeline that runs between Russia and Germany, the destruction is being investigated as deliberate, and a complicated hunt is on to identify the perpetrator. And still-unidentified hackers are “hyperjacking” victims to grab data using a long-feared technique for hijacking virtualization software.

The notorious Lapsus$ hackers have been back on their hacking joyride, compromising massive companies around the world and delivering a dire but important warning about how vulnerable large institutions really are to compromise. And the end-to-end-encrypted communication protocol Matrix patched serious and concerning vulnerabilities this week.

Pornhub debuted a trial of an automated tool that pushes users searching for child sexual abuse material to seek help for their behavior. And Cloudflare rolled out a free Captcha alternative in an attempt to validate humanness online without the headache of finding bicycles in a grid or deciphering blurry text.

We’ve got advice on how to stand up to Big Tech and advocate for data privacy and users’ rights in your community, plus tips on the latest iOS, Chrome, and HP updates you need to install.

And there’s more. Each week, we highlight the news we didn’t cover in-depth ourselves. Click on the headlines below to read the full stories. And stay safe out there.

On Thursday night, Microsoft confirmed that two unpatched Exchange Server vulnerabilities are actively being exploited by cybercriminals. The vulnerabilities were discovered by a Vietnamese cybersecurity company named GTSC, which claims in a post on its website that the two zero-days have been used in attacks against its customers since early August. While the flaws only impact on-premise Exchange Servers that an attacker has authenticated access to, according to GTSC, the zero-days can be chained together to create backdoors into the vulnerable server. “The…