Meer dan veertig procent van de Exchange-servers in Nederland is kwetsbaar voor aanvallen omdat beheerders hebben nagelaten door Microsoft beschikbare beveiligingsupdates te installeren.

Volgens de Amerikaanse overheid worden kwetsbare Exchange-servers inmiddels wereldwijd en op grote schaal aangevallen. De Duitse overheid liet vorige week weten dat alle nog niet gepatcht Exchange-servers als besmet moeten worden beschouwd.

Vorige week dinsdag kwam Microsoft met beveiligingsupdates voor vier kwetsbaarheden in Exchange Server 2013, 2016 en 2019 waardoor een aanvaller kwetsbare servers op afstand kan overnemen, om die vervolgens met malware te infecteren en voor verdere aanvallen te gebruiken.

By now, most people know that hackers tied to the Russian government compromised the SolarWinds software build system and used it to push a malicious update to some 18,000 of the company’s customers.

On Monday, researchers published evidence that hackers from China also targeted SolarWinds customers in what security analysts have said was a distinctly different operation.

The parallel hack campaigns have been public knowledge since December, when researchers revealed that, in addition to the supply chain attack, hackers exploited a vulnerability in SolarWinds software called Orion.

Last week, news emerged that Microsoft's Exchange email server software was hacked. Microsoft blamed a state-sponsored group out of China, but Beijing has denied any involvement.

The company released several security updates to address vulnerabilities, but the hacks remain an "active threat," according to the U.S. government.

Reuters reports that while Microsoft released a patch that addresses the vulnerability, that any server already compromised by the attack can still be accessed through a "back-door."

Focusing on all how 2020 has been a challenging year is straightforward: the Covid-19 pandemic, a sputtering economy, and an explosion of new and increasingly dangerous cyber threats (cybersecurity professionals).

However, we should not neglect how the changes we have seen in 2020, such as the transition to remote work and how it's driven long-overdue reconsiderations of our connectivity, collaboration, and cybersecurity standards and approaches.

For most of 2020, Covid-19 has been a daily reality, and forward-looking businesses should be seriously thinking about not only how they will navigate the rest of the pandemic, but how they will approach the post-Covid-19 era.

With cyberattacks escalating in the healthcare industry, about 20 percent of Americans have a healthcare provider that has been affected by cyberattacks in the last year. Consumers said this could influence them to change providers, a March 3 Morphisec report titled "Consumer Healthcare Cybersecurity: Threat Index" finds.

The report surveyed more than 1,000 consumers across the U.S. in January to gauge how they view cyber threats in the healthcare sector.

Five key takeaways for healthcare providers:

Elara Caring, a home-based care provider, began notifying 100,400 patients that an unauthorized party received unauthorized access to corporate email accounts.

Upon discovery of the data breach in mid-December 2020, Elara Caring launched an investigation led by third-party security experts, notified law enforcement and reset passwords for all employees, the Addison, Texas-based organization said in a recent news release.

Elara Caring said it believes patient and employee information may have been viewed, including Social Security numbers, bank account information and driver's license numbers.

Although many public and private sector organizations have elements of SASE in their IT stack, only 12% worldwide currently have a comprehensive SASE architecture, according to NetMotion.

As the unexpected growth of remote working greatly accelerated conversations around secure remote access solutions, NetMotion surveyed 750 IT leaders, including CIOs, CTOs, IT and network directors, as well as security analysts across legal, finance, public safety, transportation, healthcare and government sectors in Australia, Germany, Japan, the United Kingdom and the United States.

The goal was to quantify and qualify the hype around SASE while ascertaining the popularity of various network and security solutions deployed by organizations around the world.

Google is failing to do enough to combat fake reviews within its business listings, and must be held to account by a UK watchdog, according to Which?

The consumer group set up a fake company and bought bogus five-star reviews as part of an investigation.

In doing so, it was able to tie its sham "customers" to dozens of other highly-rated British firms, including a dentist and a stockbroker.

We have seen the future of dating apps, and they’ll all be AI-powered. Why? Researchers used electroencephalography (EEG) measurements to identify what kind of facial features people found to be attractive, and then uploaded the data to an artificial intelligence program, or a generative adversarial neural network (GAN).

This program then familiarized itself with the types of faces individual people found desirable, and then synthesized new ones tailored exactly to their preferences. Read more for a video and additional information.

The new AI-generated faces were then shown to the 30 volunteers alongside multiple additional faces, which were rated by participants as attractive 80 percent of the time, compared to just 20 percent for the randomized faces.