Security News > 2020 > April

Attackers looking to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack: according to an internet-wide scan performed by Rapid7 researchers, there are at least 315,000 and possibly as many as 350,000 vulnerable on-premise Exchange servers out there. Over 31,000 Exchange 2010 servers have not been updated since 2012.

Avast has released an Android version of Avast Secure Browser to extend its platform support beyond Windows and Mac on desktop to mobile. Avast Secure Browser for Android was developed following Avast's 2019 acquisition of Tenta, a private browser backed by Blockchain pioneers ConsenSys, and has been built from the ground up by privacy and cybersecurity engineers focused on total encryption.

CSIRO's Data61, the digital specialist arm of Australia's national science agency, announced the creation of the seL4 Foundation, a not-for-profit organization, to accelerate the development of the seL4 microkernel and related technologies. The seL4 Foundation will provide a global, independent and neutral organization for funding and steering the future evolution of seL4.

An Android malware package likened to a Russian matryoshka nesting doll has security researchers raising the alarm, since it appears it's almost impossible to get rid of. Known as xHelper, the malware has been spreading mainly in Russia, Europe, and Southwest Asia on Android 6 and 7 devices for the past year from unofficial app stores.

In order to help global organizations of all sizes address cybersecurity during the COVID-19 pandemic, a number of vendors provide free access to their solutions. Awake Security announced 60 days of free access to the Awake Security Platform for hospitals and other healthcare facilities that are on the frontlines of responding to the COVID-19 pandemic.

Cell phones, wearables, health performance monitors and IoT infrastructure devices all offer new and unmonitored threat surfaces to launch attacks in order to gain access to company networks and secrets. From unmanageable device attacks and IoT devices being more vulnerable than corporate-managed computers to IoT security breaches, RF espionage is a growing concern for enterprises, but the concern still lags behind the threat.

In 1965, Gordon Moore published a short informal paper, Cramming more components onto integrated circuits. Based on not much more but these few data points and his knowledge of silicon chip development - he was head of R&D at Fairchild Semiconductors, the company that was to seed Silicon Valley - he said that for the next decade, component counts by area could double every year.

For the first time ever, the findings prove the correlation between developer happiness and application security hygiene, with happy developers 3.6x less likely to neglect security when it comes to code quality. Happy developers are also 2.3x more likely to have automated security tools in place, and 1.3x more likely to follow open source security policies.

Traditionally compliance with regulations was the top driver for deploying encryption, but has dropped in priority since 2017, indicating that encryption is transitioning from a requirement to a proactive choice to safeguard critical information. With the proliferation of data from digital initiatives, cloud use, mobility, IoT devices and the advent of 5G networks, data discovery continues to be the biggest challenge in planning and executing a data encryption strategy, with 67% of respondents citing this as their top concern.

Cybersecurity researchers have discovered a new emerging IoT botnet threat that leverages compromised smart devices to stage 'distributed denial-of-service' attacks, potentially triggered on-demand through platforms offering DDoS-for-hire services. Helios as the individual behind the development of dark nexus, who is a known botnet author infamous for selling DDoS services on social media platforms and using a YouTube channel to advertise its capabilities.