Twitter outage blocks users from tweeting, seeing notifications

Twitter is experiencing a worldwide service disruption preventing users from both sending tweets using Tweetdeck, the social network's apps, and website, or from seeing their notifications. [...]

https://www.bleepingcomputer.com/news/technology/twitter-outage-blocks-users-from-tweeting-seeing-notifications/

Office 365 adds protection against downgrade and MITM attacks

Microsoft is working on adding SMTP MTA Strict Transport Security (MTA-STS) support to Exchange Online to ensure Office 365 customers' email communication security and integrity. [...]

https://www.bleepingcomputer.com/news/security/office-365-adds-protection-against-downgrade-and-mitm-attacks/

Critical SonicWall vulnerability affects 800K firewalls, patch now

A critical stack-based Buffer Overflow vulnerability has been discovered in SonicWall VPNs.
When exploited, it allows unauthenticated remote attackers to execute arbitrary code on the impacted devices. [...]

https://www.bleepingcomputer.com/news/security/critical-sonicwall-vulnerability-affects-800k-firewalls-patch-now/

NPM nukes NodeJS malware opening Windows, Linux reverse shells

NPM has removed multiple packages hosted on its repository this week that established connection to remote servers and exfiltrated user data.
These 4 packages had collected over 1,000 total downloads over the course of the last few months up until being removed by NPM yesterday. [...]

https://www.bleepingcomputer.com/news/security/npm-nukes-nodejs-malware-opening-windows-linux-reverse-shells/

Microsoft releases Azure Defender for IoT in public preview

Microsoft announced today that Azure Defender for IoT, its agentless security solution for networked IoT and Operational Technology (OT) devices, has entered public preview. [...]

https://www.bleepingcomputer.com/news/security/microsoft-releases-azure-defender-for-iot-in-public-preview/

UK urges orgs to patch severe CVE-2020-16952 SharePoint RCE bug

The U.K. National Cyber Security Centre (NCSC) today issued an alert highlighting the risks behind the recently addressed CVE2020-16952 remote code execution (RCE) vulnerability in Microsoft SharePoint Server. [...]

https://www.bleepingcomputer.com/news/security/uk-urges-orgs-to-patch-severe-cve-2020-16952-sharepoint-rce-bug/

Microsoft issues out-of-band Windows security updates for RCE bugs

Microsoft has released two out-of-band security updates designed to address remote code execution (RCE) bugs found to affect Visual Studio Code and the Microsoft Windows Codecs Library. [...]

https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-windows-security-updates-for-rce-bugs/

ThunderX Ransomware rebrands as Ranzy Locker, adds data leak site

ThunderX has changed its name to Ranzy Locker and launched a data leak site where they shame victims who do not pay the ransom. [...]

https://www.bleepingcomputer.com/news/security/thunderx-ransomware-rebrands-as-ranzy-locker-adds-data-leak-site/

Google warned users of 33,000 state-sponsored attacks in 2020

Google delivered over 33,000 alerts to its users during the first three quarters of 2020 to warn them of state-sponsored phishing attacks targeting their accounts. [...]

https://www.bleepingcomputer.com/news/security/google-warned-users-of-33-000-state-sponsored-attacks-in-2020/

The Week in Ransomware - October 16th 2020 - The weekend is upon us

Ransomware continues to target government entities and the enterprise, while victims quietly pay ransoms that power this cycle of attacks. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-16th-2020-the-weekend-is-upon-us/

The Windows 10 Calculator has been ported to Linux

The Windows 10 Calculator has been ported to Linux and can be installed from the Canonical Snap Store. [...]

https://www.bleepingcomputer.com/news/security/the-windows-10-calculator-has-been-ported-to-linux/

Hackers now abuse BaseCamp for free malware hosting

Phishing campaigns have started to use Basecamp as part of malicious phishing campaigns that distribute malware or steal your login credentials. [...]

https://www.bleepingcomputer.com/news/security/hackers-now-abuse-basecamp-for-free-malware-hosting/

Unlock Windows 10's God Mode to access all settings in one screen

God Mode lets you access all management features in one location and it's still better than the modern Windows 10 Settings. Here's how to enable it and extend its capabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/unlock-windows-10s-god-mode-to-access-all-settings-in-one-screen/

Microsoft released a new Windows 10 task manager for gamers

If your PC games are lagging or running slow, you can free up resources in Windows 10 using a new XBOX Game Bar task manager that overlays on top of running games. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-released-a-new-windows-10-task-manager-for-gamers/

Google Chrome and Edge are creating random debug.log log files

A bug in the latest release of Chrome, and other Chromium-based browsers, is causing random debug.log files to be created on user's desktops and other folders. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-and-edge-are-creating-random-debuglog-log-files/

Using Windows 10 in-place upgrades to fix Windows Update issues

In some cases, some folks have noticed that the Windows Update fails with an uninformative error message almost every month. Even those who have successfully downloaded the update have hit trouble during the installation process. In this article, we'll highlight steps to use in-place upgrades to resolve update issues. [...]

https://www.bleepingcomputer.com/news/microsoft/using-windows-10-in-place-upgrades-to-fix-windows-update-issues/

Watch out for Emotet malware's new 'Windows Update' attachment

The Emotet botnet has begun to use a new malicious attachment that pretends to be a message from Windows Update telling you to upgrade Microsoft Word. [...]

https://www.bleepingcomputer.com/news/security/watch-out-for-emotet-malwares-new-windows-update-attachment/

Bug bounty reporter cashes out on someone else's exploit

While bug bounty programs have gained increased momentum and interest from the security research community for their role in promoting security awareness and responsible vulnerability disclosure, they are not without their share of problems.  [...]

https://www.bleepingcomputer.com/news/security/bug-bounty-reporter-cashes-out-on-someone-elses-exploit/

Microsoft removed another Windows 10 2004 safeguard hold

Microsoft removed a Windows 10, version 2004 compatibility hold blocking devices with certain WWAN LTE modems from upgrading to the latest Windows version. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-removed-another-windows-10-2004-safeguard-hold/

Windows GravityRAT malware now also targets Android, macOS

GravityRAT, a malware strain known for checking the CPU temperature of Windows computers to detect virtual machines or sandboxes, is now multi-platform spyware as it can now also be used to infect Android and macOS devices. [...]

https://www.bleepingcomputer.com/news/security/windows-gravityrat-malware-now-also-targets-android-macos/

Hackers hijack Telegram, email accounts in SS7 mobile attack

Hackers with access to the Signaling System 7 (SS7) used for connecting mobile networks across the world were able to gain access to Telegram messenger and email data of high-profile individuals in the cryptocurrency business. [...]

https://www.bleepingcomputer.com/news/security/hackers-hijack-telegram-email-accounts-in-ss7-mobile-attack/