Security News

Equinix, the global interconnection and data center company, announced one of its largest expansions of Equinix Cloud Exchange Fabric in seven new EMEA markets to help global businesses simplify hybrid and multicloud infrastructures. In response to this market shift, Equinix is extending its ECX Fabric service in EMEA to help digital businesses simplify hybrid multicloud deployments and expand their global interconnection opportunities on Platform Equinix®.

TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guysTLS provides secure communication between web browsers, end-user facing applications and servers by encrypting the transmitted information, preventing eavesdropping or tampering attacks. Actively exploited MS Exchange flaw present on 80% of exposed serversAttackers aiming to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack.

Attackers looking to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack: according to an internet-wide scan performed by Rapid7 researchers, there are at least 315,000 and possibly as many as 350,000 vulnerable on-premise Exchange servers out there. Over 31,000 Exchange 2010 servers have not been updated since 2012.

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability - nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. Researchers recently used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.

Online exchange rate data provider Open Exchange Rates has exposed an undisclosed amount of user data via an Amazon database, according to a notification letter published on Twitter this week. Open Exchange Rates provides foreign exchange data for over 200 currencies worldwide, including digital ones.

Organizations have fallen behind with the patching of a Microsoft Exchange Server vulnerability addressed with Microsoft's February 2020 Patch Day updates and already targeted in attacks. The issue, which exists because keys created at installation are not unique, is tracked as CVE-2020-0688 and impacts Microsoft Exchange 2010, 2013, 2016, and 2019.

Currency data provider Open Exchange Rates has started informing customers that their information was likely stolen by hackers. Open Exchange Rates provides a currency data API that is used by over 80,000 web developers.

Multiple threat actors are already targeting Microsoft Exchange servers in an attempt to exploit a vulnerability fixed by Microsoft with its February 2020 Patch Tuesday updates. Tracked as CVE-2020-0688 and found in Microsoft Exchange 2010, 2013, 2016, and 2019, the issue exists because the server doesn't create unique cryptographic keys at the time of installation, which allows an authenticated attacker to trick the server into deserializing malicious ViewState data.

An IT startup has developed a novel blockchain-based approach for secure linking of databases, called ChainifyDB. "Our software resembles keyhole surgery. With a barely noticeable procedure we enhance existing database infrastructures with blockchain-based security features. Our software is seamlessly compatible with the most common database management systems, which drastically reduces the barrier to entry for secure digital transactions," explains Jens Dittrich, Professor of Computer Science at Saarland University at Saarbrücken, Germany. "If a doctor changes something in his table, it affects all other tables in the network. Subsequent changes to older table states are only possible if all doctors in the network agree," explains Jens Dittrich.

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. After Microsoft patched the flaw in February researchers with the Zero Day Initiative, which first reported the vulnerability, published further details of the flaw and how it could be exploited.