Lightning Network discloses "concerning" crypto vulnerabilities

The team behind Lightning Network have disclosed full details on multiple vulnerabilities that had been partially disclosed on October 9th, 2020. Attackers could have exploited these vulnerabilities to cause DoS and to disrupt crypto transactions by intercepting "smart contracts" made between two parties. [...]

https://www.bleepingcomputer.com/news/security/lightning-network-discloses-concerning-crypto-vulnerabilities/

LockBit ransomware moves quietly on the network, strikes fast

LockBit ransomware takes as little as five minutes to deploy the encryption routine on target systems once it lands on the victim network. [...]

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-moves-quietly-on-the-network-strikes-fast/

Windows 10 20H2 adds faster malware detection to security baseline

Microsoft announced the security baseline draft release for Windows 10 and Windows Server, version 20H2, as well as the intention to include the Microsoft Defender Antivirus 'Block At First Sight' (BAFS) feature within the new baseline. [...]

https://www.bleepingcomputer.com/news/security/windows-10-20h2-adds-faster-malware-detection-to-security-baseline/

QNAP warns of Windows Zerologon flaw affecting some NAS devices

Network-attached storage device maker QNAP warns customers that some NAS storage devices running vulnerable versions of the QTS operating system are exposed to attacks attempting to exploit the critical Windows ZeroLogon vulnerability. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-windows-zerologon-flaw-affecting-some-nas-devices/

Microsoft improves Windows 10 defrag, adds theme-aware splash screens

Microsoft has improved the defrag experience and introduced theme-aware app splash screens with the release of Windows 10 Insider Preview Build 20241, the latest Windows build available for Windows Insiders in the Dev Channel. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-improves-windows-10-defrag-adds-theme-aware-splash-screens/

Google Chrome now blocks site notifications with abusive content

Starting with Chrome 86, Google is automatically hiding website notification spam on sites showing a pattern of sending abusive notification content to visitors. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-now-blocks-site-notifications-with-abusive-content/

US govt: Iran behind fake Proud Boys voter intimidation emails

The US govt has stated that Iran is behind threatening emails sent to Democratic voters and claiming to be from the Proud Boys, the Washington Post reports. [...]

https://www.bleepingcomputer.com/news/government/us-govt-iran-behind-fake-proud-boys-voter-intimidation-emails/

Microsoft now lets you bypass Windows 10 update blocks

Microsoft has added a new Windows 10 group policy that allows users to bypass safeguard holds placed on devices due to conflicts with hardware or software. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-bypass-windows-10-update-blocks/

EU sanctions Russian hackers over 2015 German parliament attack

The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services (GTsSS) for their involvement in a 2015 hack of the German Federal Parliament (Deutscher Bundestag). [...]

https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-hackers-over-2015-german-parliament-attack/

Microsoft shares fix for broken Windows 10 'Reset this PC' feature

Microsoft has acknowledged a new known issue affecting some Windows 10 devices and preventing users from using 'Reset this PC' to reinstall Windows. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-broken-windows-10-reset-this-pc-feature/

Russian state hackers stole data from US government networks

DHS Cybersecurity and Infrastructure Security Agency (CISA) and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. [...]

https://www.bleepingcomputer.com/news/security/russian-state-hackers-stole-data-from-us-government-networks/

French IT giant Sopra Steria hit by Ryuk ransomware

French IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of their network with the Ryuk ransomware. [...]

https://www.bleepingcomputer.com/news/security/french-it-giant-sopra-steria-hit-by-ryuk-ransomware/

NVIDIA patches high severity GeForce Experience vulnerabilities

NVIDIA released a security update for the Windows NVIDIA GeForce Experience (GFE) app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service (DoS) state on systems running unpatched software. [...]

https://www.bleepingcomputer.com/news/security/nvidia-patches-high-severity-geforce-experience-vulnerabilities/

Mozilla slows Firefox 82 update due to printing issues, crashes

Mozilla has slowed the rollout of Firefox 82 just two days after its release due to printing bugs and crashes in the new version. [...]

https://www.bleepingcomputer.com/news/software/mozilla-slows-firefox-82-update-due-to-printing-issues-crashes/

Microsoft fixes known issue blocking Windows 10 upgrades

Microsoft has resolved a known issue that was blocking customers from upgrading some devices running Windows 10 1903 and 1909 to newer OS versions. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-known-issue-blocking-windows-10-upgrades/

New RAT malware gets commands via Discord, has ransomware feature

The new 'Abaddon' remote access trojan may be the first to use Discord as a full-fledged command and control server that instructs the malware on what tasks to perform on an infected PC. Even worse, a ransomware feature is being developed for the malware. [...]

https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/

Microsoft adds protection for critical accounts in Office 365

Microsoft is working on improving Microsoft Defender for Office 365 with priority protection features for accounts of high-profile employees like executive-level managers that threat actors target most often. [...]

https://www.bleepingcomputer.com/news/security/microsoft-adds-protection-for-critical-accounts-in-office-365/

WastedLocker ransomware hits Boyne Resorts ski resort operator

US-based ski and golf resort operator Boyne Resorts has suffered a cyberattack by the WastedLocker operation that has impacted company-wide reservation systems. [...]

https://www.bleepingcomputer.com/news/security/wastedlocker-ransomware-hits-boyne-resorts-ski-resort-operator/

The Week in Ransomware - October 23rd 2020 - From Russia with Love

This week has been busy with ransomware related news, including new charges against Russian state-sponsored hackers and numerous attacks against well-known organizations. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-october-23rd-2020-from-russia-with-love/

HPE fixes maximum severity remote auth bypass bug in SSMC console

Hewlett Packard Enterprise (HPE) has fixed a maximum severity remote authentication bypass vulnerability affecting the company's HPE StoreServ Management Console (SSMC) data center storage management solution. [...]

https://www.bleepingcomputer.com/news/security/hpe-fixes-maximum-severity-remote-auth-bypass-bug-in-ssmc-console/

YouTube-dl GitHub repos taken down by RIAA via DMCA takedown

The Recording Industry Association of America, Inc. (RIAA) has taken down the popular Youtube-dl GitHub repositories using a DMCA takedown notice. [...]

https://www.bleepingcomputer.com/news/software/youtube-dl-github-repos-taken-down-by-riaa-via-dmca-takedown/