Windows 10 now warns when apps are configured to run at startup

Microsoft has recently added a new automated alert in the latest Windows 10 builds to let users know when an app registers itself to automatically launch after system startup. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-now-warns-when-apps-are-configured-to-run-at-startup/

Windows 10 Cumulative Updates KB4579311 & KB4577671 Released

Today is the second Tuesday of October 2020 and the first batch of security updates or 'B' updates are now available for all supported versions of Windows 10. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4579311-and-kb4577671-released/

Microsoft October Patch Tuesday fixes 87 bugs, six publicly disclosed

Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up. [...]

https://www.bleepingcomputer.com/news/security/microsoft-october-patch-tuesday-fixes-87-bugs-six-publicly-disclosed/

Windows 10 now blocks some third-party drivers from installing

Microsoft says that Windows 10 and Windows Server users will be blocked from installing incorrectly formatted third-party drivers after deploying this month's cumulative updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-now-blocks-some-third-party-drivers-from-installing/

Intel’s Ice Lake Xeon processors get new security features

Intel today revealed data security and privacy upgrades that will be introduced to the upcoming 3rd generation Intel Xeon Scalable processors code-named Ice Lake and built to power data center platforms. [...]

https://www.bleepingcomputer.com/news/hardware/intel-s-ice-lake-xeon-processors-get-new-security-features/

US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now

US Cyber Command warns Microsoft customers to patch their systems immediately against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/us-cyber-command-patch-windows-bad-neighbor-tcp-ip-bug-now/

FIN11 hackers jump into the ransomware money-making scheme

FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method. [...]

https://www.bleepingcomputer.com/news/security/fin11-hackers-jump-into-the-ransomware-money-making-scheme/

Microsoft fixes Windows certificate spoofing bug abusing CAT files

Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-certificate-spoofing-bug-abusing-cat-files/

Microsoft fixes critical Outlook bug exploitable via preview pane

The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with a vulnerable Microsoft Outlook version. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-outlook-bug-exploitable-via-preview-pane/

Zoom rolls out end-to-end encryption (E2EE) next week

Zoom estimates that the next E2EE rollout phase will start in 2021, adding Single sign-on (SSO) integration and better identity management [...]

https://www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/

Microsoft is forcibly installing Office PWAs in Windows 10

Microsoft is performing a test where they are installing a suite of Office progressive web apps in Windows 10 without asking permission from the user. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-forcibly-installing-office-pwas-in-windows-10/

Online Proctor service ProctorTrack disables service after hack

The online proctoring service ProctorTrack has disabled access to their service after its parent company was hacked. [...]

https://www.bleepingcomputer.com/news/security/online-proctor-service-proctortrack-disables-service-after-hack/

Barnes & Noble hit by cyberattack that may have exposed customer data

Barnes & Noble has disclosed that they were a victim of a cyberattack that may have exposed customers' data. [...]

https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-may-have-exposed-customer-data/

QQAAZZ group charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. [...]

https://www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

QQAAZZ group charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. [...]

https://www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

Crytek hit by Egregor ransomware, Ubisoft data leaked

The Egregor ransomware gang has hit game developer Crytek in a confirmed ransomware attack and leaked what they claim are files stolen from Ubisoft's network. [...]

https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/

Microsoft adds refresh rate option to the Windows 10 settings

Microsoft is continuing its push to move all Windows 10 configuration options into their modern Settings feature. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-refresh-rate-option-to-the-windows-10-settings/

Microsoft now lets you disable insecure JScript in Internet Explorer

Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-lets-you-disable-insecure-jscript-in-internet-explorer/

Twitter outage blocks users from tweeting, seeing notifications

Twitter is experiencing a worldwide service disruption preventing users from both sending tweets using Tweetdeck, the social network's apps, and website, or from seeing their notifications. [...]

https://www.bleepingcomputer.com/news/technology/twitter-outage-blocks-users-from-tweeting-seeing-notifications/

Office 365 adds protection against downgrade and MITM attacks

Microsoft is working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers' email communication security and integrity. [...]

https://www.bleepingcomputer.com/news/security/office-365-adds-protection-against-downgrade-and-mitm-attacks/

Critical SonicWall vulnerability affects 800K firewalls, patch now

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs.
When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. [...]

https://www.bleepingcomputer.com/news/security/critical-sonicwall-vulnerability-affects-800k-firewalls-patch-now/