QR code use rises but consumers don t recognize the potential dangers
A side effect of the COVID-19 pandemic has been a rise in QR code usage as the need for touchless transactions has increased.
A new study from automation platform Ivanti reveals that 83 percent of respondents say that they used a QR code to make a payment (or complete a financial transaction) for the first time ever since March 2020, with 54 percent doing so past three months alone.
Early in the pandemic, restaurants were using QR codes as menus or payment options, but as the pandemic continued throughout 2020, consumers used QR codes more frequently for practical things like visiting a doctor s office or picking up a prescription with an increase from nine percent in 2020 to 14 percent in 2021.
Microsoft Patches Four More Critical Exchange Server Bugs
Phil Muncaster UK / EMEA News Reporter , Infosecurity Magazine
Microsoft released patches for over 100 flaws for the first time this year yesterday, including one being actively exploited in the wild and four new critical Exchange Server bugs reported by the NSA.
The haul of 110 CVEs will keep sysadmins busy, with experts highlighting the zero-day elevation of privilege flaw in Win32k (CVE-2021-28310) as worthy of attention.
Although only rated as important, it may have been exploited in attacks for over a month already, according to Ivanti senior director of product management, Chris Goettl.
NSA unearths more MS Exchange vulnerabilities
Microsoft patches more critical vulnerabilities in Exchange Server a month after the ProxyLogon incident, after being warned by the US National Security Agency
Share this item with your network: By Published: 14 Apr 2021 10:33
Just weeks after the disclosure of a series of critical zero-days in Microsoft Exchange Server caused consternation in the cyber community, Microsoft has patched four new vulnerabilities in the same product set in its April 2021 Patch Tuesday drop, after being alerted to them by the US National Security Agency (NSA).
The four vulnerabilities in question impact Exchange Server 2013, 2016 and 2019, and have been assigned CVEs 2021-28480, -28481, -28482 and -28483. Their common vulnerability scoring system (CVSS) ratings range from 8.8 to 9.8 and three are rated critical, carrying a CVSS score of more than nine. Two of them, -28480 and -28481, are pre-authentication, which means an attacker does not need to
Get Permission
Microsoft issued patches Tuesday for four new critical vulnerabilities in the company s on-premises Exchange Server software. The flaws were discovered by the U.S. National Security Agency and disclosed to Microsoft. The company says customers using on-premises Exchange should prioritize these patches. We have not seen the vulnerabilities used in attacks against our customers. However, given recent adversary focus on Exchange, we recommend customers install the updates as soon as possible to ensure they remain protected from these and other threats, the Microsoft Security Response Center says.
The NSA joined with Microsoft in urging users to make the updates immediately.