US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now

US Cyber Command warns Microsoft customers to patch their systems immediately against the critical and remotely exploitable CVE-2020-16898 vulnerability addressed during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/us-cyber-command-patch-windows-bad-neighbor-tcp-ip-bug-now/

FIN11 hackers jump into the ransomware money-making scheme

FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method. [...]

https://www.bleepingcomputer.com/news/security/fin11-hackers-jump-into-the-ransomware-money-making-scheme/

Microsoft fixes Windows certificate spoofing bug abusing CAT files

Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-certificate-spoofing-bug-abusing-cat-files/

Microsoft fixes critical Outlook bug exploitable via preview pane

The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with a vulnerable Microsoft Outlook version. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-critical-outlook-bug-exploitable-via-preview-pane/

Zoom rolls out end-to-end encryption (E2EE) next week

Zoom estimates that the next E2EE rollout phase will start in 2021, adding Single sign-on (SSO) integration and better identity management [...]

https://www.bleepingcomputer.com/news/security/zoom-rolls-out-end-to-end-encryption-e2ee-next-week/

Microsoft is forcibly installing Office PWAs in Windows 10

Microsoft is performing a test where they are installing a suite of Office progressive web apps in Windows 10 without asking permission from the user. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-forcibly-installing-office-pwas-in-windows-10/

Online Proctor service ProctorTrack disables service after hack

The online proctoring service ProctorTrack has disabled access to their service after its parent company was hacked. [...]

https://www.bleepingcomputer.com/news/security/online-proctor-service-proctortrack-disables-service-after-hack/

Barnes & Noble hit by cyberattack that may have exposed customer data

Barnes & Noble has disclosed that they were a victim of a cyberattack that may have exposed customers' data. [...]

https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-may-have-exposed-customer-data/

QQAAZZ group charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. [...]

https://www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

QQAAZZ group charged for laundering money stolen by malware gangs

Multiple members of QQAAZZ, a multinational cybercriminal group, were charged today in the US, Portugal, Spain, and the UK for providing money-laundering services to several high-profile malware operations including Dridex, Trickbot, and GozNym. [...]

https://www.bleepingcomputer.com/news/security/qqaazz-group-charged-for-laundering-money-stolen-by-malware-gangs/

Crytek hit by Egregor ransomware, Ubisoft data leaked

The Egregor ransomware gang has hit game developer Crytek in a confirmed ransomware attack and leaked what they claim are files stolen from Ubisoft's network. [...]

https://www.bleepingcomputer.com/news/security/crytek-hit-by-egregor-ransomware-ubisoft-data-leaked/

Microsoft adds refresh rate option to the Windows 10 settings

Microsoft is continuing its push to move all Windows 10 configuration options into their modern Settings feature. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-adds-refresh-rate-option-to-the-windows-10-settings/

Microsoft now lets you disable insecure JScript in Internet Explorer

Microsoft says that customers can now disable JScript (JScript.dll) execution in Internet Explorer 11 after installing the Windows October 2020 monthly security updates. [...]

https://www.bleepingcomputer.com/news/security/microsoft-now-lets-you-disable-insecure-jscript-in-internet-explorer/

Twitter outage blocks users from tweeting, seeing notifications

Twitter is experiencing a worldwide service disruption preventing users from both sending tweets using Tweetdeck, the social network's apps, and website, or from seeing their notifications. [...]

https://www.bleepingcomputer.com/news/technology/twitter-outage-blocks-users-from-tweeting-seeing-notifications/

Office 365 adds protection against downgrade and MITM attacks

Microsoft is working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers' email communication security and integrity. [...]

https://www.bleepingcomputer.com/news/security/office-365-adds-protection-against-downgrade-and-mitm-attacks/

Critical SonicWall vulnerability affects 800K firewalls, patch now

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs.
When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. [...]

https://www.bleepingcomputer.com/news/security/critical-sonicwall-vulnerability-affects-800k-firewalls-patch-now/

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data.
These 4 packages had collected over 1,000 total downloads over the course of the last few months up until being removed by NPM yesterday. [...]

https://www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/

Microsoft releases Azure Defender for IoT in public preview

Microsoft announced today that Azure Defender for IoT, its agentless security solution for networked IoT and Operational Technology (OT) devices, has entered public preview. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-azure-defender-for-iot-in-public-preview/

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug

The U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server. [...]

https://www.bleepingcomputer.com/news/security/uk-urges-orgs-to-patch-severe-cve-2020-16952-sharepoint-rce-bug/

Microsoft issues out-of-band Windows security updates for RCE bugs

Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library. [...]

https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/

ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/thunderx-ransomware-rebrands-as-ranzy-locker-adds-data-leak-site/