Coinbase phishing hijacks Microsoft 365 accounts via OAuth app

A new phishing campaign uses a Coinbase-themed email to install an Office 365 consent app that gives attackers access to a victim's email. [...]

https://www.bleepingcomputer.com/news/microsoft/coinbase-phishing-hijacks-microsoft-365-accounts-via-oauth-app/

US Treasury hits bitcoin mixer with $60 million penalty

The US Department of Treasury's Financial Crimes Enforcement Network (FinCEN) today announced the first-ever penalty against a Helix and Coin Ninja cryptocurrency mixing services. [...]

https://www.bleepingcomputer.com/news/security/us-treasury-hits-bitcoin-mixer-with-60-million-penalty/

Windows 10 KB4579311 update won't install, causes Explorer crashes

​Windows 10 users face numerous issues installing the latest KB4579311 cumulative update, and for those who can install, they are reporting various bugs, including performance issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb4579311-update-wont-install-causes-explorer-crashes/

NSA: Top 25 vulnerabilities actively abused by Chinese hackers

The U.S. National Security Agency (NSA) warns that Chinese state-sponsored hackers exploit 25 different vulnerabilities in attacks against United States organizations and interests. [...]

https://www.bleepingcomputer.com/news/security/nsa-top-25-vulnerabilities-actively-abused-by-chinese-hackers/

Darkside ransomware donates $20K of extortion money to charities

The operators of Darkside ransomware have donated some of the money they made extorting victims to non-profits Children International and The Water Project. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-donates-20k-of-extortion-money-to-charities/

Windows 10 20H2 is released, here are the new features

Microsoft is rolling out the next version of Windows 10 called "October 2020 Update" and the update is available for those who check for updates using the Settings app. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-20h2-is-released-here-are-the-new-features/

The new Microsoft Edge is now mandatory in Windows 10 20H2

Today's release of Windows 10 20H2 is the first release to automatically replace Microsoft Edge Legacy with the new Chromium-based Microsoft Edge regardless of any policies you have in place. [...]

https://www.bleepingcomputer.com/news/microsoft/the-new-microsoft-edge-is-now-mandatory-in-windows-10-20h2/

Adobe fixes 18 critical bugs affecting its Windows, macOS apps

Adobe has released security updates to address critical vulnerabilities affecting ten of its Windows and macOS products that could allow attackers to execute arbitrary code on devices running vulnerable software versions. [...]

https://www.bleepingcomputer.com/news/security/adobe-fixes-18-critical-bugs-affecting-its-windows-macos-apps/

How to download the Windows 10 20H2 ISO from Microsoft

Now that Windows 10 20H2 is released, otherwise known as the October 2020 Update, Microsoft has made new ISO disk images for the operating system available. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-the-windows-10-20h2-iso-from-microsoft/

Barnes & Noble hit by Egregor ransomware, strange data leaked

​U.S. Bookstore giant Barnes & Noble was hit by the Egregor ransomware gang on October 10th, 2020, that led to a disruption of services and the theft of unencrypted files. [...]

https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-egregor-ransomware-strange-data-leaked/

Windows 10 1909 KB4580386 fixes XBOX, display, USB printer issues

​Microsoft has released the Windows 10 1909 KB4580386 monthly "C" release preview cumulative update with quality improvements and fixes for Microsoft Xbox Game Pass, USB printer, and screen flashing issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-1909-kb4580386-fixes-xbox-display-usb-printer-issues/

New Google Chrome version fixes actively exploited zero-day bug

Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day. [...]

https://www.bleepingcomputer.com/news/security/new-google-chrome-version-fixes-actively-exploited-zero-day-bug/

Microsoft Edge for Linux released, how to install

Microsoft's Chromium-based Edge was first released in January to Windows consumers and enterprises, and it was later released to macOS users. Edge is already available on Android and iOS, and now Linux users can finally get a taste of Microsoft's new browser. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-for-linux-released-how-to-install/

Cisco warns of attacks targeting high severity router vulnerability

Cisco today warned of attacks actively targeting the CVE-2020-3118 high severity vulnerability found to affect multiple carrier-grade routers that run the company's Cisco IOS XR Software. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-attacks-targeting-high-severity-router-vulnerability/

TrickBot malware under siege from all sides, and it's working

The Trickbot malware operation is on the brink of going down completely following efforts from an alliance of cybersecurity and hosting providers targeting the botnet's command and control servers. [...]

https://www.bleepingcomputer.com/news/security/trickbot-malware-under-siege-from-all-sides-and-its-working/

Montreal's STM public transport system hit by ransomware attack

Montreal's Société de transport de Montréal (STM) public transport system was hit with a RansomExx ransomware attack that has impacted services and online systems. [...]

https://www.bleepingcomputer.com/news/security/montreals-stm-public-transport-system-hit-by-ransomware-attack/

Lightning Network discloses "concerning" crypto vulnerabilities

The team behind Lightning Network have disclosed full details on multiple vulnerabilities that had been partially disclosed on October 9th, 2020. Attackers could have exploited these vulnerabilities to cause DoS and to disrupt crypto transactions by intercepting "smart contracts" made between two parties. [...]

https://www.bleepingcomputer.com/news/security/lightning-network-discloses-concerning-crypto-vulnerabilities/

LockBit ransomware moves quietly on the network, strikes fast

LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network. [...]

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/

Windows 10 20H2 adds faster malware detection to security baseline

Microsoft announced the security baseline draft release for Windows 10 and Windows Server, version 20H2, as well as the intention to include the Microsoft Defender Antivirus 'Block At First Sight' (BAFS) feature within the new baseline. [...]

https://www.bleepingcomputer.com/news/security/windows-10-20h2-adds-faster-malware-detection-to-security-baseline/

QNAP warns of Windows Zerologon flaw affecting some NAS devices

Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon vulnerability. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-windows-zerologon-flaw-affecting-some-nas-devices/

Microsoft improves Windows 10 defrag, adds theme-aware splash screens

Microsoft has improved the defrag experience and introduced theme-aware app splash screens with the release of Windows 10 Insider Preview Build 20241, the latest Windows build available for Windows Insiders in the Dev Channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-improves-windows-10-defrag-adds-theme-aware-splash-screens/