Facebook reports 4Q profit, user growth despite challengesUpdated: 01/29/2020 5:00 PMSan Francisco (AP) — Facebook had a strong fourth quarter as it made more money on advertising and added more users despite challenges around regulati...
Record sales push Tesla to 2nd straight quarterly profitUpdated: 01/29/2020 4:45 PMDETROIT (AP) — Record electric vehicle sales in the fourth quarter helped to push Tesla Inc. to its second-straight quarterly profit, giving bullish i...
Microsoft plows ahead in cloud business growthUpdated: 01/29/2020 4:41 PMMicrosoft on Wednesday reported another solid quarterly report card to Wall Street, as it plows ahead in selling its cloud computing services to big b...
Europe steps up China virus fight, aims to repatriate 600Updated: 01/29/2020 4:30 PMPARIS (AP) — Europe stepped up efforts Wednesday to counter a spreading virus from China that has killed more than 130 people. Airlines have canceled ...
Fed leaves key rate alone but sees virus among global risksUpdated: 01/29/2020 4:03 PMWASHINGTON (AP) — The Federal Reserve kept its key interest rate unchanged at a low level Wednesday amid an economy that looks solid but faces potenti...
Leaked report shows United Nations suffered hackUpdated: 01/29/2020 3:59 PMGENEVA (AP) — Sophisticated hackers infiltrated U.N. networks in Geneva and Vienna last year in an apparent espionage operation that top officials at ...
Grounded jet sends Boeing to first annual loss in 2 decadesUpdated: 01/29/2020 3:47 PMBoeing, an icon of American manufacturing, suffered its first annual financial loss in more than two decades while the cost of fixing its marquee airc...
More airlines drop flights to China as virus spreadsUpdated: 01/29/2020 3:30 PMBANGKOK (AP) — British Airways halted all flights to China and American Airlines suspended Los Angeles flights to and from Shanghai and Beijing as eff...
Trump celebrates major rewrite of North American trade rulesUpdated: 01/29/2020 3:28 PMWASHINGTON (AP) — President Donald Trump on Wednesday signed into law a major rewrite of the rules of trade with Canada and Mexico, celebrating the fu...
Advocates: Crucial bank law softened under Trump proposalUpdated: 01/29/2020 2:46 PMWASHINGTON (AP) — The Trump administration is proposing changes to a decades-old law designed to keep banks from discriminating against the poor and d...
|Last Update: 5:12 PM ET 01/14/2020|
|NSA finds major security flaw in Windows 10, free fix issued|
By MATT O'BRIEN
The National Security Agency has discovered a major security flaw in Microsoft's Windows 10 operating system that could let hackers intercept seemingly secure communications.
But rather than exploit the flaw for its own intelligence needs, the NSA tipped off Microsoft so that it can fix the system for everyone.
Microsoft released a free software patch to fix the flaw Tuesday and credited the intelligence agency for discovering it. The company said it has not seen any evidence that hackers have used the technique.
Amit Yoran, CEO of security firm Tenable, said it is - exceptionally rare if not unprecedented - for the U.S. government to share its discovery of such a critical vulnerability with a company.
Yoran, who was a founding director of the Department of Homeland Security's computer emergency readiness team, urged all organizations to prioritize patching their systems quickly.
An advisory sent by the NSA on Tuesday said - the consequences of not patching the vulnerability are severe and widespread. -
Microsoft said an attacker could exploit the vulnerability by spoofing a code-signing certificate so it looked like a file came from a trusted source.
"The user would have no way of knowing the file was malicious, because the digital signature would appear to be from a trusted provider," the company said.
If successfully exploited, attackers would have been able to conduct "man-in-the-middle attacks" and decrypt confidential information they intercept on user connections, the company said.
- The biggest risk is to secure communications, - said Adam Meyers, vice president of intelligence for security firm CrowdStrike.
Some computers will get the fix automatically, if they have the automatic update option turned on. Others can get it manually by going to Windows Update in the computer's settings.
Microsoft typically releases security and other updates once a month and waited until Tuesday to disclose the flaw and the NSA's involvement. Microsoft and the NSA both declined to say when the agency privately notified the company.
The agency shared the vulnerability with Microsoft - quickly and responsibly, - Neal Ziring, technical director of the NSA's cybersecurity directorate, said in a blog post Tuesday.
Priscilla Moriuchi, who retired from the NSA in 2017 after running its East Asia and Pacific operations, said this is a good example of the - constructive role - that the NSA can play in improving global information security. Moriuchi, now an analyst at the U.S. cybersecurity firm Recorded Future, said it - s likely a reflection of changes made in 2017 to how the U.S. determines whether to disclose a major vulnerability or exploit it for intelligence purposes.
The revamping of what - s known as the - Vulnerability Equities Process - put more emphasis on disclosing vulnerabilities whenever possible to protect core internet systems and the U.S. economy and general public.
Those changes happened after a mysterious group calling itself the - Shadow Brokers - released a trove of high-level hacking tools stolen from the NSA, forcing companies including Microsoft to repair their systems. The U.S. believes that North Korea and Russia were able to capitalize on those stolen hacking tools to unleash devastating global cyberattacks.
Copyright 2020 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.