Microsoft November 2020 Patch Tuesday fixes 112 vulnerabilities

Today is Microsoft's November 2020 Patch Tuesday, and Microsoft has patched 112 security vulnerabilities, including one zero-day disclosed by Google Project Zero last week. [...]

https://www.bleepingcomputer.com/news/security/microsoft-november-2020-patch-tuesday-fixes-112-vulnerabilities/

Microsoft fixes Windows zero-day disclosed by Google last month

Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month. [...]

https://www.bleepingcomputer.com/news/security/microsoft-fixes-windows-zero-day-disclosed-by-google-last-month/

Windows 10 Intel microcode released to fix new CPU security bugs

Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-intel-microcode-released-to-fix-new-cpu-security-bugs/

Microsoft is investigating undeletable Outlook.com emails

Microsoft is investigating a recently discovered issue that causes deleted emails to reappear in the mail inbox of Outlook.com accounts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-investigating-undeletable-outlookcom-emails/

Ransomware gang hacks Facebook account to run extortion ads

​A ransomware group has now started to run Facebook advertisements to pressure victims to pay a ransom. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-hacks-facebook-account-to-run-extortion-ads/

Samsung fixes critical Android flaws with November 2020 updates

Samsung has rolled out November 2020 Android updates today on their Galaxy devices. These patch serious vulnerabilities along with enhancing the overall device functionality. [...]

https://www.bleepingcomputer.com/news/security/samsung-fixes-critical-android-flaws-with-november-2020-updates/

Chinese-linked Muhstik botnet targets Oracle WebLogic, Drupal

Muhstik botnet has been targeting cloud infrastructure for years. New details have emerged related to this malware that shed light on its nefarious activities and origins. [...]

https://www.bleepingcomputer.com/news/security/chinese-linked-muhstik-botnet-targets-oracle-weblogic-drupal/

NVIDIA fixes severe flaw in GeForce NOW cloud gaming service

NVIDIA released a security update for the GeForce Now cloud gaming Windows app to address a vulnerability that could allow attackers to execute arbitrary code or escalate privileges on systems running unpatched software. [...]

https://www.bleepingcomputer.com/news/security/nvidia-fixes-severe-flaw-in-geforce-now-cloud-gaming-service/

Office November security updates fix remote code execution bugs

Microsoft has released the November 2020 Office security updates with a total of 22 updates and 5 cumulative updates for 7 different products, fixing 14 vulnerabilities with five of them potentially enabling remote attackers to execute arbitrary code on vulnerable systems. [...]

https://www.bleepingcomputer.com/news/security/office-november-security-updates-fix-remote-code-execution-bugs/

Microsoft now lets you run multiple Android apps in Windows 10

Microsoft has announced today that Windows 10 customers with devices running the latest Insider build can launch and interact with multiple Android apps directly on their computers' desktops. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-run-multiple-android-apps-in-windows-10/

Alleged source code of Cobalt Strike toolkit shared online

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. [...]

https://www.bleepingcomputer.com/news/security/alleged-source-code-of-cobalt-strike-toolkit-shared-online/

Intel fixes 95 vulnerabilities in November 2020 Platform Update

Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT). [...]

https://www.bleepingcomputer.com/news/security/intel-fixes-95-vulnerabilities-in-november-2020-platform-update/

Animal Jam kids' virtual world hit by data breach, impacts 46M accounts

The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. [...]

https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts/

ModPipe malware decrypts Oracle point-of-sale database passwords

Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems, one of the most widely used management software in the hospitality industry. [...]

https://www.bleepingcomputer.com/news/security/modpipe-malware-decrypts-oracle-point-of-sale-database-passwords/

Rakuten sends cashback emails to customers in error

Japanese e-commerce giant Rakuten had sent email notifications yesterday to many of its customers congratulating them on newly earned cashback.
Today, they took their words (and the cash) back. [...]

https://www.bleepingcomputer.com/news/technology/rakuten-sends-cashback-emails-to-customers-in-error/

Steelcase furniture giant down for 2 weeks after ransomware attack

Office furniture giant Steelcase says that no information was stolen during a Ryuk ransomware attack that forced them to shut down global operations for roughly two weeks. [...]

https://www.bleepingcomputer.com/news/security/steelcase-furniture-giant-down-for-2-weeks-after-ransomware-attack/

Popular stock photo service hit by data breach, 8.3M records for sale

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/

New tool lets attackers easily create reply-chain phishing emails

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. [...]

https://www.bleepingcomputer.com/news/security/new-tool-lets-attackers-easily-create-reply-chain-phishing-emails/

Google fixes more Chrome zero-days exploited in the wild

Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-more-chrome-zero-days-exploited-in-the-wild/

DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks.
The findings reopen a vulnerability that had been discovered by Kaminsky in 2008 and thought to have been resolved. [...]

https://www.bleepingcomputer.com/news/security/dns-cache-poisoning-attacks-return-due-to-linux-weakness/

Luxottica data breach exposes 820K EyeMed, LensCrafters patients

A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. [...]

https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-820k-eyemed-lenscrafters-patients/