Office November security updates fix remote code execution bugs

Microsoft has released the November 2020 Office security updates with a total of 22 updates and 5 cumulative updates for 7 different products, fixing 14 vulnerabilities with five of them potentially enabling remote attackers to execute arbitrary code on vulnerable systems. [...]

https://www.bleepingcomputer.com/news/security/office-november-security-updates-fix-remote-code-execution-bugs/

Microsoft now lets you run multiple Android apps in Windows 10

Microsoft has announced today that Windows 10 customers with devices running the latest Insider build can launch and interact with multiple Android apps directly on their computers' desktops. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-lets-you-run-multiple-android-apps-in-windows-10/

Alleged source code of Cobalt Strike toolkit shared online

The source code for the widely-used Cobalt Strike post-exploitation toolkit has allegedly been leaked online in a GitHub repository. [...]

https://www.bleepingcomputer.com/news/security/alleged-source-code-of-cobalt-strike-toolkit-shared-online/

Intel fixes 95 vulnerabilities in November 2020 Platform Update

Intel addressed 95 vulnerabilities as part of the November 2020 Patch Tuesday, including critical ones affecting Intel Wireless Bluetooth products and Intel Active Management Technology (AMT). [...]

https://www.bleepingcomputer.com/news/security/intel-fixes-95-vulnerabilities-in-november-2020-platform-update/

Animal Jam kids' virtual world hit by data breach, impacts 46M accounts

The immensely popular children's online playground Animal Jam has suffered a data breach impacting 46 million accounts. [...]

https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts/

ModPipe malware decrypts Oracle point-of-sale database passwords

Security researchers have discovered a new malware geared with modules that target Oracle Micros Hospitality RES 3700 point-of-sale systems, one of the most widely used management software in the hospitality industry. [...]

https://www.bleepingcomputer.com/news/security/modpipe-malware-decrypts-oracle-point-of-sale-database-passwords/

Rakuten sends cashback emails to customers in error

Japanese e-commerce giant Rakuten had sent email notifications yesterday to many of its customers congratulating them on newly earned cashback.
Today, they took their words (and the cash) back. [...]

https://www.bleepingcomputer.com/news/technology/rakuten-sends-cashback-emails-to-customers-in-error/

Steelcase furniture giant down for 2 weeks after ransomware attack

Office furniture giant Steelcase says that no information was stolen during a Ryuk ransomware attack that forced them to shut down global operations for roughly two weeks. [...]

https://www.bleepingcomputer.com/news/security/steelcase-furniture-giant-down-for-2-weeks-after-ransomware-attack/

Popular stock photo service hit by data breach, 8.3M records for sale

Stock photo site 123RF has suffered a data breach after a hacker began selling a database containing 8.3 million user records on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/popular-stock-photo-service-hit-by-data-breach-83m-records-for-sale/

New tool lets attackers easily create reply-chain phishing emails

A new email tool advertised on a cybercriminal forum provides a stealthier method for carrying out fraud or malware attacks by allowing messages to be injected directly into the victim's inbox. [...]

https://www.bleepingcomputer.com/news/security/new-tool-lets-attackers-easily-create-reply-chain-phishing-emails/

Google fixes more Chrome zero-days exploited in the wild

Google has released Chrome 86.0.4240.198 for Windows, Mac, and Linux to address two zero-day vulnerabilities exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-more-chrome-zero-days-exploited-in-the-wild/

DNS cache poisoning attacks return due to Linux weakness

Researchers from Tsinghua University and the University of California have identified a new method that can be used to conduct DNS cache poisoning attacks.
The findings reopen a vulnerability that had been discovered by Kaminsky in 2008 and thought to have been resolved. [...]

https://www.bleepingcomputer.com/news/security/dns-cache-poisoning-attacks-return-due-to-linux-weakness/

Luxottica data breach exposes 820K EyeMed, LensCrafters patients

A Luxottica data breach has exposed the personal and protected health information of 829,454 patients at LensCrafters, Target Optical, EyeMed, and other eye care practices. [...]

https://www.bleepingcomputer.com/news/security/luxottica-data-breach-exposes-820k-eyemed-lenscrafters-patients/

The North Face resets passwords after credential stuffing attack

Outdoor retail giant The North Face has reset the passwords of an undisclosed number of customers following a successful credential stuffing attack that took place last month, on October 9th. [...]

https://www.bleepingcomputer.com/news/security/the-north-face-resets-passwords-after-credential-stuffing-attack/

DarkSide ransomware is creating a secure data leak service in Iran

The DarkSide Ransomware operation claims they are creating a distributed storage system in Iran to store and leak data stolen from victims. To show they mean business, the ransomware gang has deposited $320 thousand on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/darkside-ransomware-is-creating-a-secure-data-leak-service-in-iran/

New Jupyter malware steals browser data, opens backdoor

Russian-speaking hackers have been using a new malware to steal information from their victims. Named Jupyter, the threat has kept a low profile and benefited from a fast development cycle. [...]

https://www.bleepingcomputer.com/news/security/new-jupyter-malware-steals-browser-data-opens-backdoor/

New stealthy hacker-for-hire group mimics state-backed attackers

A new mercenary hacker group tracked as CostaRicto by BlackBerry researchers is selling its services to entities requiring APT-level hacking expertise in cyber-espionage campaigns spanning the globe and targeting a multitude of industry sectors.  [...]

https://www.bleepingcomputer.com/news/security/new-stealthy-hacker-for-hire-group-mimics-state-backed-attackers/

New TroubleGrabber Discord malware steals passwords, system info

TroubleGrabber, a new credential stealer discovered by Netskope security researchers, spreads via Discord attachments and uses Discord webhooks to deliver stolen information to its operators. [...]

https://www.bleepingcomputer.com/news/security/new-troublegrabber-discord-malware-steals-passwords-system-info/

Biotech research firm Miltenyi Biotec hit by ransomware, data leaked

Biomedical and clinical research company Miltenyi Biotec says that it has fully restored systems after a malware attack that took place last month and affected the firm's global IT infrastructure. [...]

https://www.bleepingcomputer.com/news/security/biotech-research-firm-miltenyi-biotec-hit-by-ransomware-data-leaked/

IRS announces move to protect businesses from identity theft

The U.S. Internal Revenue Service (IRS) has announced today that sensitive information will be masked on all business tax transcripts starting next month to protect companies from identity theft. [...]

https://www.bleepingcomputer.com/news/security/irs-announces-move-to-protect-businesses-from-identity-theft/

The Week in Ransomware - November 13th 2020 - Extortion gone wild

There were not many known large ransomware attacks this week, but we have seen ransomware operations evolving their tactics to extort their victims further. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-13th-2020-extortion-gone-wild/