Google Chrome to block JavaScript redirects on web page URL clicks

Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab. [...]

https://www.bleepingcomputer.com/news/security/google-chrome-to-block-javascript-redirects-on-web-page-url-clicks/

New Slipstream NAT bypass attacks to be blocked by browsers

Web browser vendors are planning to block a new attack technique that would allow attackers to bypass a victim's NAT/firewall to gain access to any TCP/UDP service hosted on their devices. [...]

https://www.bleepingcomputer.com/news/security/new-slipstream-nat-bypass-attacks-to-be-blocked-by-browsers/

Malicious NPM project steals Discord accounts, browser info

A heavily obfuscated and malicious NPM project is used to steal Discord user tokens and browser information from unsuspecting users. [...]

https://www.bleepingcomputer.com/news/security/malicious-npm-project-steals-discord-accounts-browser-info/

WordPress plugin bugs can let attackers hijack up to 100K sites

Admins of WordPress sites who use the Ultimate Member plugin are urged to update it to the latest version to block attacks attempting to exploit multiple critical and easy to exploit vulnerabilities that could lead to site takeovers. [...]

https://www.bleepingcomputer.com/news/security/wordpress-plugin-bugs-can-let-attackers-hijack-up-to-100k-sites/

5.8 million RedDoorz user records for sale on hacking forum

After suffering a data breach in September, a threat actor is selling a RedDoorz database containing 5.8 million user records on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/58-million-reddoorz-user-records-for-sale-on-hacking-forum/

Scammers impersonating the IRS threaten victims with legal action

Aggressive scammers are impersonating the U.S. Internal Revenue Service (IRS) in spoofed e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. [...]

https://www.bleepingcomputer.com/news/security/scammers-impersonating-the-irs-threaten-victims-with-legal-action/

Ubuntu's Gnome desktop could be tricked into giving root access

A vulnerability in GNOME Display Manager (gdm) could allow a standard user to create accounts with increased privileges, giving a local attacker a path to run code with administrator permissions (root). [...]

https://www.bleepingcomputer.com/news/security/ubuntus-gnome-desktop-could-be-tricked-into-giving-root-access/

Adobe releases security update for Adobe Reader for Android

Adobe has released security updates to address vulnerabilities classified as 'Important' in Adobe Reader for Android and Adobe Connect. [...]

https://www.bleepingcomputer.com/news/security/adobe-releases-security-update-for-adobe-reader-for-android/

Microsoft engineer stole $10M, used colleagues as scapegoats

Volodymyr Kvashuk, a Ukrainian citizen and former Microsoft software engineer, was sentenced to nine years in prison for stealing over $10 million worth of currency stored value (CSV) including gift cards over a span of two years. [...]

https://www.bleepingcomputer.com/news/security/microsoft-engineer-stole-10m-used-colleagues-as-scapegoats/

Windows 10 Cumulative Updates KB4586786 & KB4586781 Released

It's November 10 and Patch Tuesday, and the first batch of security updates or 'B' updates are now available for all supported versions of Windows 10 including version 20H2. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-cumulative-updates-kb4586786-and-kb4586781-released/

Microsoft Store, Outlook, and Xbox Live are down worldwide

Microsoft users are currently experiencing issues around the world, with users unable to access Windows Store (Microsoft Store), Xbox Live services, and Outlook. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-store-outlook-and-xbox-live-are-down-worldwide/

Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities

Today is Microsoft's November 2020 Patch Tuesday, and Microsoft has patched 112 security vulnerabilities, including one zero-day disclosed by Google Project Zero last week. [...]

https://www.bleepingcomputer.com/news/security/microsoft-november-2020-patch-tuesday-fixes-112-vulnerabilities/

Microsoft fixes Windows zero-day disclosed by Google last month

Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-zero-day-disclosed-by-google-last-month/

Windows 10 Intel microcode released to fix new CPU security bugs

Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-intel-microcode-released-to-fix-new-cpu-security-bugs/

Microsoft is investigating undeletable Outlook.com emails

Microsoft is investigating a recently discovered issue that causes deleted emails to reappear in the mail inbox of Outlook.com accounts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-investigating-undeletable-outlookcom-emails/

Ransomware gang hacks Facebook account to run extortion ads

​A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-hacks-facebook-account-to-run-extortion-ads/

Samsung fixes critical Android flaws with November 2020 updates

Samsung has rolled out November 2020 Android updates today on their Galaxy devices. These patch serious vulnerabilities along with enhancing the overall device functionality. [...]

https://www.bleepingcomputer.com/news/security/samsung-fixes-critical-android-flaws-with-november-2020-updates/

Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal

Muhstik botnet has been targeting cloud infrastructure for years. New details have emerged related to this malware that shed light on its nefarious activities and origins. [...]

https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/

NVIDIA fixes severe flaw in GeForce NOW cloud gaming service

NVIDIA released a security update for the GeForce Now cloud gaming Windows app to address a vulnerability that could allow attackers to execute arbitrary code or escalate privileges on systems running unpatched software. [...]

https://www.bleepingcomputer.com/news/security/nvidia-fixes-severe-flaw-in-geforce-now-cloud-gaming-service/

Office November security updates fix remote code execution bugs

Microsoft has released the November 2020 Office security updates with a total of 22 updates and 5 cumulative updates for 7 different products, fixing 14 vulnerabilities with five of them potentially enabling remote attackers to execute arbitrary code on vulnerable systems. [...]

https://www.bleepingcomputer.com/news/security/office-november-security-updates-fix-remote-code-execution-bugs/

Microsoft now lets you run multiple Android apps in Windows 10

Microsoft has announced today that Windows 10 customers with devices running the latest Insider build can launch and interact with multiple Android apps directly on their computers' desktops. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-run-multiple-android-apps-in-windows-10/