Category Archives: Uncategorized

Post-quantum encryption contender is taken out by single-core PC and 1 hour

Enlarge (credit: Getty Images) In the US government’s ongoing campaign to protect data in the age of quantum computers, a new and powerful attack that used a single traditional computer to completely break a fourth-round candidate highlights the risks involved in standardizing the next generation of encryption algorithms. Last month, the US Department of Commerce’s… Read More »

Microsoft Exchange servers worldwide hit by stealthy new backdoor

Enlarge (credit: Getty Images) Researchers have identified stealthy new malware that threat actors have been using for the past 15 months to backdoor Microsoft Exchange servers after they have been hacked. Dubbed SessionManager, the malicious software poses as a legitimate module for Internet Information Services (IIS), the web server installed by default on Exchange servers.… Read More »

Code execution 0-day in Windows has been under active exploit for 7 weeks

reader comments 58 with 48 posters participating, including story author Share this story A critical code execution zero-day in all supported versions of Windows has been under active exploit for seven weeks, giving attackers a reliable means for installing malware without triggering Windows Defender and a roster of other endpoint protection products. The Microsoft Support… Read More »

Mac malware spreading for ~14 months installs backdoor on infected systems

reader comments 34 with 33 posters participating, including story author Share this story Mac malware known as UpdateAgent has been spreading for more than a year, and it is growing increasingly malevolent as its developers add new bells and whistles. The additions include the pushing of an aggressive second-stage adware payload that installs a persistent… Read More »

Exchange/Outlook autodiscover bug exposed 100,000+ email passwords

Enlarge / If you own the right domain, you can intercept hundreds of thousands of innocent third parties’ email credentials, just by operating a standard webserver. reader comments 35 with 25 posters participating, including story author Share this story Security researcher Amit Serper of Guardicore discovered a severe flaw in Microsoft’s autodiscover—the protocol which allows… Read More »

The NSA warns enterprises to beware of third-party DNS resolvers

Getty Images reader comments 74 with 43 posters participating Share this story DNS over HTTPS is a new protocol that protects domain-lookup traffic from eavesdropping and manipulation by malicious parties. Rather than an end-user device communicating with a DNS server over a plaintext channel—as DNS has done for more than three decades—DoH, as DNS over… Read More »