Security News

CodeZero has launched the ZERO BrandCard, a digital identity card of the future, backed by LISNR to enable a secure and contactless digital identity exchange. Looking for a market solution to help combat digital identity spoofing & enable contactless authentication, CodeZero recognized LISNR's ultrasonic technology as the safest and most seamless data transfer and authentication medium.

Microsoft's final batch of security patches for 2020 shipped today with fixes for at least 58 documented vulnerabilities affecting a wide range of OS and software products. The December security updates include fixes for code execution vulnerabilities in the company's flagship Windows operating system and serious problems in Microsoft Sharepoint, Microsoft Exchange, HyperV, and a Kerberos security feature bypass.

Apple's head of global security tried to bung cops hundreds of free iPads in exchange for special gun permits, it is claimed. Thomas Moyer, 50, was last week charged [PDF] with bribing senior officers in Santa Clara county, home to Apple's Cupertino headquarters.

Two never-before-seen Powershell backdoors have been uncovered, after researchers recently discovered an attack on Microsoft Exchange servers at an organization in Kuwait. The attack used two newly discovered backdoors: One that researchers called "TriFive," and the other, a variant of a previously discovered PowerShell-based backdoor, which they called "Snugy."

Researchers at the University of Rochester and Cornell University have taken an important step toward developing a communications network that exchanges information across long distances by using photons, mass-less measures of light that are key elements of quantum computing and quantum communications systems. The development of such a quantum network -designed to take advantage of the physical properties of light and matter characterized by quantum mechanics - promises faster, more efficient ways to communicate, compute, and detect objects and materials as compared to networks currently used for computing and communications.

Microsoft says that Office 365 customers can use unlimited disposable recipient email addresses after the Plus Addressing feature rolled out to all Exchange Online users. Plus addressing allows users to create an indefinite number of custom and unique email addresses by adding suffix text strings to their standard address using a '+' delimiter.

New, sophisticated adversaries are switching up their tactics in exploiting enterprise-friendly platforms - most notably Microsoft Exchange, Outlook Web Access and Outlook on the Web - in order to steal business credentials and other sensitive data. APTs Flock Exchange, OWA. One advanced persistent threat group that has been targeting Exchange and OWA is what researchers dub "BELUGASTURGEON".

Honeywell announces the launch of Honeywell Secure Media Exchange R201.1, an enterprise software offering to better protect users from advanced malware and firmware-based cybersecurity attacks from USB drives and other removable media. "We are excited to expand Honeywell SMX as an enterprise security solution to include hardware device management with our TRUST V2 ," said Jeff Zindel, vice president and general manager, Honeywell Connected Enterprise Cybersecurity.

Tokyo's Stock Exchange went offline for most of Thursday, its longest-ever outage and a very unwelcome one as it is the world's third-largest bourse, when measured by market capitalisation. The exchange yesterday morning posted news that "a technical glitch occurred to distribution of market data," and the market therefore stopped all trading.

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges - even eight months after Microsoft issued a fix. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft's February Patch Tuesday updates - and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat actors.