Security News

A static analysis feature set to appear in GCC 10, which will catch common programming errors that can lead to security vulnerabilities, has scored an early win - it snared an exploitable flaw in OpenSSL. Bernd Edlinger discovered CVE-2020-1967, a denial-of-service flaw deemed to be a high severity risk by the OpenSSL team. While the flaw is an irritation - it's not remote-code execution but it can potentially hose servers and apps - programmers may be more interested in how it was uncovered.

BittWare, a Molex company, a leading supplier of enterprise-class FPGA accelerator products, is pleased to introduce the all new TeraBox 200DE edge server. Building upon the success of our market-leading range of TeraBox servers for the data center, the TeraBox 200DE enables world-class FPGA acceleration to be deployed in the more challenging, harsh environments demanded of edge applications.

VMware has fixed a critical vulnerability affecting vCenter Server, which can be exploited to extract highly sensitive information that could be used to compromise vCenter Server or other services which depend on the VMware Directory Service for authentication. vCenter Server is server management software for controlling VMware vSphere environments.

TLS 1.3: Slow adoption of stronger web encryption is empowering the bad guysTLS provides secure communication between web browsers, end-user facing applications and servers by encrypting the transmitted information, preventing eavesdropping or tampering attacks. Actively exploited MS Exchange flaw present on 80% of exposed serversAttackers aiming to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack.

VMware has patched a critical vulnerability that can be exploited to compromise vCenter Server or other services that rely on the Directory Service for authentication. The weakness impacts vCenter Server 6.7 on Windows and virtual appliances, and it has been patched with the 6.7u3f update.

Successfully conducting cross-platform attacks targeting Linux, Windows and Android devices, the adversaries have been engaged in both financially motivated and targeted espionage attacks. For years, these groups have been strategically targeting Linux servers across a broad range of industry verticals, exploiting the immature defensive coverage within the environment and the inadequate use of endpoint protection and endpoint detection and response products, BlackBerry notes.

Most networks these days make do with one IP number that's shared between all the computers on the local network, which make do with so-called "Private IP numbers" that are reserved for internal use only. Because TURN servers can broker traffic between arbitrary services on arbitrary computers, you don't need to add TURN code to every type of server you run, meaning that you can dedicate TURN servers entirely to their job of "Packet brokering".

Attackers looking to exploit CVE-2020-0688, a critical Microsoft Exchange flaw patched by Microsoft in February 2020, don't have to look hard to find a server they can attack: according to an internet-wide scan performed by Rapid7 researchers, there are at least 315,000 and possibly as many as 350,000 vulnerable on-premise Exchange servers out there. Over 31,000 Exchange 2010 servers have not been updated since 2012.

Verimatrix, formerly known as Inside Secure, a global provider of innovative, customer-friendly cybersecurity solutions that protect content, devices, software and applications, announced a partnership with Akamai, the intelligent edge platform for securing and delivering digital experiences, to offer global enterprise server-side watermarking capabilities. By using Verimatrix server-side Watermarking pre-integrated with Akamai's Intelligent Edge Platform, Akamai customers can take advantage of a highly efficient, powerful approach to ensure that their premium video content stays protected.

Over 80 percent of exposed Exchange servers are still vulnerable to a severe vulnerability - nearly two months after the flaw was patched, and after researchers warned that multiple threat groups were exploiting it. Researchers recently used Project Sonar, a scanning tool, to analyze internet-facing Exchange servers and sniff out which were vulnerable to the flaw.