Security News

Researchers develop data exchange approach with blockchain-based security features
2020-03-10 04:30

An IT startup has developed a novel blockchain-based approach for secure linking of databases, called ChainifyDB. "Our software resembles keyhole surgery. With a barely noticeable procedure we enhance existing database infrastructures with blockchain-based security features. Our software is seamlessly compatible with the most common database management systems, which drastically reduces the barrier to entry for secure digital transactions," explains Jens Dittrich, Professor of Computer Science at Saarland University at Saarbrücken, Germany. "If a doctor changes something in his table, it affects all other tables in the network. Subsequent changes to older table states are only possible if all doctors in the network agree," explains Jens Dittrich.

Microsoft Exchange Server Flaw Exploited in APT Attacks
2020-03-09 18:01

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. After Microsoft patched the flaw in February researchers with the Zero Day Initiative, which first reported the vulnerability, published further details of the flaw and how it could be exploited.

Microsoft Exchange Server Flaw Exploited in APT Attacks
2020-03-09 18:01

Multiple threat groups are actively exploiting a vulnerability in Microsoft Exchange servers, researchers warn. After Microsoft patched the flaw in February researchers with the Zero Day Initiative, which first reported the vulnerability, published further details of the flaw and how it could be exploited.

Week in review: Attackers probing for vulnerable Exchange servers, RSA Conference 2020 coverage
2020-03-01 09:00

Healthcare industry at greatest risk of data breachThe healthcare industry has significantly more exposed attack surfaces than any other industry surveyed, according to Censys's research findings of cloud risks and cloud maturity by industry, revealed at RSA Conference 2020. Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them?CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a vector for ransomware groups in coming months, warns cybersecurity researcher Kevin Beaumont.

Hackers Looking for Exchange Servers Affected by Recently Patched Flaw
2020-02-27 14:49

Hackers have started scanning the Internet for Microsoft Exchange Server instances that are affected by a remote code execution vulnerability patched earlier this month. The issue resides in the Exchange Control Panel component and consists of Exchange Server installations having the same validationKey and decryptionKey values in web.

Attackers probing for vulnerable Microsoft Exchange Servers, is yours one of them?
2020-02-26 13:37

CVE-2020-0688, a remote code execution bug in Microsoft Exchange Server that has been squashed by Microsoft in early February, is ripe for exploitation and could become a vector for ransomware groups in coming months, warns cybersecurity researcher Kevin Beaumont. Organizations running on-premise Exchange - any supported version up until the recent patch - would do well to patch as soon as possible, as scanning for vulnerable internet-facing servers has already begun.

Assange lawyer: Trump offered WikiLeaker a pardon in exchange for denying Russia hacked Democrats' email
2020-02-19 20:58

Julian Assange was offered a pardon by the White House only if he publicly said Russia did not hack the Democratic National Committee, according to the WikiLeaks supremo's lawyer. Assange appeared in the central London court via video link from prison.

Farsight Security enhances its Security Information Exchange data-sharing platform
2020-02-13 03:45

Farsight Security announced enhancements to its flagship, Security Information Exchange data-sharing platform to help security professionals measurably improve the prevention, detection and response of the latest cyberattacks. Newly active domains: The industry's first real-time DNS Intelligence data feed that reports domains as they resume activity on the Internet after a period of inactivity.

Russian super-crook behind $20m internet fraud den Cardplanet and malware-exchange forum pleads guilty
2020-01-24 04:40

A 29-year-old Russian scumbag has admitted masterminding the Cardplanet underworld marketplace as well as a second forum for elite fraudsters. Aleksei Burkov appeared in a US federal district court in Virginia this week to plead guilty [PDF] to access device fraud, and conspiracy to commit computer intrusion, identity theft, wire and access device fraud, and money laundering.