Various government-backed hacking groups and APTs are targeting and exploiting a vulnerability in Microsoft Exchange email servers. The vulnerability was patched last month February 2020. Volexity, a UK cyber security firm was the first to discover these exploitation attempts on Friday. But neither did they share the names of the hacking groups nor did they comment further on the matter. It is rumoured that the...
Read More
MITRE has released version 4.0 of the community-developed Common Weakness Enumeration (CWE) list. Previous CWE list versions describe common software security weaknesses. With version 4.0, the CWE list expands to include hardware security weaknesses. Additionally, version 4.0 simplifies the presentation of weaknesses into various views and adds a search function to enable easier navigation of the information. The CWE List of Common Security Weaknesses can...
Read More
Academics from Israel have detailed and demoed a new method for stealing data from air-gapped computers. The method relies on making small tweaks to an LCD screen’s brightness settings. The tweaks are imperceptible to the human eye, but can be detected and extracted from video feeds using algorithmical methods. This article describes this innovative new method of stealing data, but readers should be aware from...
Read More
Facebook is watching you — but thanks to a newly-unveiled feature, it’s now possible to keep tabs on how Facebook is tracking your activity. Facebook rolled out its new “Off-Facebook Activity” tracker on Tuesday. The tool gives users an itemized list of the websites, apps, and real-life stores Facebook knows that they visited, and lets them turn off that tracking. The feature fulfills a longstanding...
Read More
Today, Microsoft released patch for CVE-2020-0601, a vulnerability in windows “crypt32.dll” component that could allow attackers to perform spoofing attacks. This was discovered and reported by National Security Agency (NSA) Researchers. The vulnerability affects Windows 10 and Windows Server 2016/2019 systems. This is a serious vulnerability and patches should be applied immediately. An attacker could exploit this vulnerability by using a spoofed code-signing certificate, meaning an...
Read More