Security News > 2020 > April > Week in review: TLS 1.3, full-time bug hunting, vulnerable MS Exchange servers abound
TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guysTLS provides secure communication between web browsers, end-user facing applications and servers by encrypting the transmitted information, preventing eavesdropping or tampering attacks.
Actively exploited MS Exchange flaw present on 80% of exposed serversAttackers aiming to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack.
Two critical Firefox vulnerabilities exploited by attackers, patch now!Mozilla has released critical security updates for Firefox and Firefox ESR, patching two vulnerabilities that are being actively exploited by attackers.
Attackers have built on the public's need for the latest, global COVID-19 information by creating widespread phishing attacks.
A client-side perspective on web securityThe web security community has long recognized the need to deploy functional controls to safeguard the server-side vulnerability of web servers delivering content and capability to client browsers.
News URL
http://feedproxy.google.com/~r/HelpNetSecurity/~3/VNXIIvTLBuk/
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-02-11 | CVE-2020-0688 | Improper Authentication vulnerability in Microsoft Exchange Server A remote code execution vulnerability exists in Microsoft Exchange software when the software fails to properly handle objects in memory, aka 'Microsoft Exchange Memory Corruption Vulnerability'. | 8.8 |