The National Security Agency warned Vulnerability-related.DiscoverVulnerability Microsoft about a vulnerability in Windows after a hacker group began to leak hacking tools used by the agency online , the Washington Post reported late Tuesday . The vulnerability has been the center of attention in recent days , following the outbreak of the global “Wanna Cry” ransomware attack Attack.Ransom that crippled Britain ’ s hospital system and has spread to at least 150 countries . The ransomware is widely believed to be based on an alleged NSA hacking tool leaked by the group Shadow Brokers earlier this year . The government has not publicly acknowledged that the NSA developed the tool . “ NSA identified a risk and communicated it to Microsoft , who put out Vulnerability-related.PatchVulnerability an immediate patch , ” Mike McNerney , a former Defense Department cybersecurity official , told the Post . McNerney said , however , that no top government official emphasized the seriousness of the vulnerability . Microsoft issued Vulnerability-related.PatchVulnerability a patch for its supported systems in March , weeks before Shadow Brokers released the exploit , but many computer systems around the world remained unpatched , leaving them vulnerable to the latest ransomware attack Attack.Ransom . The ransomware campaign has been less devastating to the United States than other countries , but has affected some American companies including FedEx . The events have renewed debate over the secretive process by which the federal government decides whether to disclose Vulnerability-related.DiscoverVulnerability a zero-day vulnerability to the product ’ s manufacturer , as well as spurring scrutiny of the NSA . Microsoft president and chief legal officer Brad Smith said Sunday that the ransomware attack Attack.Ransom should serve as a “ wake-up call ” to governments not to hoard vulnerabilities . On Wednesday , a bipartisan group of lawmakers introduced legislation that would codify what is known as the vulnerabilities equities process into law , bringing more transparency and oversight to it . View the discussion thread .

De Ceukelaire has discovered Vulnerability-related.DiscoverVulnerability that he can exploit Facebook to obtain cell phone numbers of users ; which they want to remain hidden . According to De Ceukelaire , he can easily identify the cell phone numbers of well-known personalities including top politicians and “ Flemish ” celebs simply through checking out their Facebook profile . This is done by analyzing the numbers that are associated with their profiles . It must be noted that these numbers are supposed to be confidential information and aren ’ t viewable by the public . Must Read : Hacking Facebook Account by Knowing Account Phone Number Reportedly , De Ceukelaire proved his claim Vulnerability-related.DiscoverVulnerability by obtaining the cell number of Jan Jambon , the Interior Minister for Belgium , through his Facebook profile . He further stated that : “ For clarity , I could find out his number on his account , not vice versa ; roughly , I think you get the number 20 percent of the Flemish people can find that way . Of all the people who have their mobile number linked to their profile goes to the 80 percent ” . De Ceukelaire already warned Vulnerability-related.DiscoverVulnerability the Facebook security team twice about this issue and stated that he might expose it to the public if the social network does not fix Vulnerability-related.PatchVulnerability the issue and make necessary changes . However , according to Facebook ’ s representatives , this isn ’ t a vulnerability that has been exploited Vulnerability-related.DiscoverVulnerability but a feature . He also notified law enforcement authorities about the exploitable aspect of this feature . “ If the users enter their private phone numbers and don ’ t lock them down in the privacy settings section , chances of a privacy leak are quite bright ” . Facebook informed De Ceukelaire about how to control the searching criteria , that is , who can search for you through your phone number or email address but De Ceukelaire asserts that this is a privacy leak because phone numbers are visible to the public while these are supposed to remain confidential . This problem was identified way back in 2012 because the cell number ’ s setting could not be set to visible by “ Only Me ” . Facebook did make Vulnerability-related.PatchVulnerability some modifications in its privacy settings feature , due to which only a limited number of reverse lookups would come from a particular IP address . This happened after a security researcher managed to access thousands of random phone numbers . But , it is apparent that the problem hasn ’ t been fixed Vulnerability-related.PatchVulnerability even today . It is worth noting that De Ceukelaire didn ’ t release details about how he managed to exploit Facebook to conduct this privacy leak and whether he used any different method than previous security researchers or not . But , yet again Facebook is paying no heed to his pleas of getting this feature fixed and he has been given the same ‘ Feature not Flaw ’ reply this time as well

Hackers are likely exploiting the easy-to-find vulnerabilities , according to the security researcher who warned Vulnerability-related.DiscoverVulnerability the Pentagon of the flaws months ago . The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department 's systems to make it look as though it originated from US networks . Dan Tentler , founder of cybersecurity firm Phobos Group , who discovered Vulnerability-related.DiscoverVulnerability the vulnerable hosts , warned Vulnerability-related.DiscoverVulnerability the flaws are so easy to find Vulnerability-related.DiscoverVulnerability that he believes he was probably not the first person to find Vulnerability-related.DiscoverVulnerability them . `` It 's very likely that these servers are being exploited in the wild , '' he told me on the phone . While the Pentagon is said to be aware Vulnerability-related.DiscoverVulnerability of the vulnerable servers , it has yet to implement any fixes Vulnerability-related.PatchVulnerability -- more than eight months after the department was alerted Vulnerability-related.DiscoverVulnerability . It 's a unique case that casts doubts on the effectiveness of the Trump administration 's anticipated executive order on cybersecurity , which aims to review all federal systems of security issues and vulnerabilities over a 60-day period . The draft order was leaked Attack.Databreach last week , but it was abruptly pulled minutes before it was expected to be signed on Tuesday . Tentler , a critic of the plans , argued that the draft plans are `` just not feasible . '' `` It 's laughable that an order like this was drafted in the first place because it demonstrates a complete lack of understanding what the existing problems are , '' he said . `` The order will effectively demand a vulnerability assessment on the entire government , and they want it in 60 days ? It 's been months -- and they still have n't fixed it , '' he said . In the past year , the Pentagon became the first government department to ease up on computer hacking laws by allowing researchers to find and report bugs and flaws in systems in exchange for financial rewards . Trump aides ' use of encrypted messaging may violate records law Using disappearing messages in government could be a `` recipe for corruption , '' says one expert . Researchers must limit their testing to two domains -- `` defense.gov '' ( and its subdomains ) and any `` .mil '' subdomain . In an effort to pare down the list of hosts from `` all public Department of Defense hosts '' to `` only the ones in scope , '' Tentler was able to identify several hosts that answered to the domain names in scope . `` There were hosts that were discovered Vulnerability-related.DiscoverVulnerability that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country , who could want to implicate the US as culprits in hacking attacks if they so desire , '' he told me . `` The flaw could allow politically motivated attacks that could implicate the US , '' he added . In other words , a foreign hacker or nation-state attacker could launch a cyberattack and make it look like it came from the Pentagon 's systems . Tentler argued that the hosts were covered by the scope of the wildcard domains . A Pentagon spokesperson confirmed Tuesday that the vulnerabilities had been fixed Vulnerability-related.PatchVulnerability , and encouraged researchers to continue to submit Vulnerability-related.DiscoverVulnerability bugs and vulnerabilities , which are covered under the Pentagon 's vulnerability disclosure policy .

Hackers are likely exploiting the easy-to-find vulnerabilities , according to the security researcher who warned Vulnerability-related.DiscoverVulnerability the Pentagon of the flaws months ago . The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department 's systems to make it look as though it originated from US networks . Dan Tentler , founder of cybersecurity firm Phobos Group , who discovered Vulnerability-related.DiscoverVulnerability the vulnerable hosts , warned Vulnerability-related.DiscoverVulnerability the flaws are so easy to find Vulnerability-related.DiscoverVulnerability that he believes he was probably not the first person to find Vulnerability-related.DiscoverVulnerability them . `` It 's very likely that these servers are being exploited in the wild , '' he told me on the phone . While the Pentagon is said to be aware Vulnerability-related.DiscoverVulnerability of the vulnerable servers , it has yet to implement any fixes Vulnerability-related.PatchVulnerability -- more than eight months after the department was alerted Vulnerability-related.DiscoverVulnerability . It 's a unique case that casts doubts on the effectiveness of the Trump administration 's anticipated executive order on cybersecurity , which aims to review all federal systems of security issues and vulnerabilities over a 60-day period . The draft order was leaked Attack.Databreach last week , but it was abruptly pulled minutes before it was expected to be signed on Tuesday . Tentler , a critic of the plans , argued that the draft plans are `` just not feasible . '' `` It 's laughable that an order like this was drafted in the first place because it demonstrates a complete lack of understanding what the existing problems are , '' he said . `` The order will effectively demand a vulnerability assessment on the entire government , and they want it in 60 days ? It 's been months -- and they still have n't fixed it , '' he said . In the past year , the Pentagon became the first government department to ease up on computer hacking laws by allowing researchers to find and report bugs and flaws in systems in exchange for financial rewards . Trump aides ' use of encrypted messaging may violate records law Using disappearing messages in government could be a `` recipe for corruption , '' says one expert . Researchers must limit their testing to two domains -- `` defense.gov '' ( and its subdomains ) and any `` .mil '' subdomain . In an effort to pare down the list of hosts from `` all public Department of Defense hosts '' to `` only the ones in scope , '' Tentler was able to identify several hosts that answered to the domain names in scope . `` There were hosts that were discovered Vulnerability-related.DiscoverVulnerability that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country , who could want to implicate the US as culprits in hacking attacks if they so desire , '' he told me . `` The flaw could allow politically motivated attacks that could implicate the US , '' he added . In other words , a foreign hacker or nation-state attacker could launch a cyberattack and make it look like it came from the Pentagon 's systems . Tentler argued that the hosts were covered by the scope of the wildcard domains . A Pentagon spokesperson confirmed Tuesday that the vulnerabilities had been fixed Vulnerability-related.PatchVulnerability , and encouraged researchers to continue to submit Vulnerability-related.DiscoverVulnerability bugs and vulnerabilities , which are covered under the Pentagon 's vulnerability disclosure policy .