Security News > 2020 > September

The source code for Windows XP and other elderly Microsoft operating systems appears to have leaked online as the mega-corp's Ignite developer shindig came to an end. The source of the alleged code leak is unclear; a torrent for the archive popped up on internet armpit 4chan and contains what appears to be Windows XP Service Pack 1, as well as some other past-their-sell-by-date flavours of Microsoft's greatest hits.

Spain's highways agency is using bulk mobile phone data for monitoring speeding hotspots, according to local reports. Equipped with data on customers handed over by local mobile phone operators, Spain's Directorate-General for Traffic may be gathering data on "Which roads and at what specific kilometer points the speed limits are usually exceeded," according to Granadan newspaper Ideal.

Two cybersecurity companies focused on election security are teaming up ahead of the November elections to protect dozens of states from a variety of potential attacks on voting infrastructure. This week SpyCloud and CyberDefenses announced a partnership that will see the companies help one in every five election jurisdictions in the United States with cybersecurity around digital election tools.

In one instance, Facebook removed 35 pages, 18 groups, 214 users as well as 34 accounts on Instagram. As part of the announcement, Facebook also revealed details about the number of followers and advertising expenditures related to these accounts.

An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. Microsoft has suspended 18 Azure Active Directory applications that were being leveraged for command-and-control infrastructure by what it says is a Chinese nation-state actor.

Apple on Thursday informed customers that it patched a total of four vulnerabilities across macOS Catalina, High Sierra and Mojave. Apple says exploitation of the flaw, which involves the processing of a malicious USD file, could lead to arbitrary code execution or a DoS condition.

Someone has leaked what appear to be source code files for the Windows XP and Windows Server 2003 operating systems. The source code files for Windows XP and Windows Server 2003 appear to have been made public for the first time.

John Bernard, the subject of a story here last week about a self-proclaimed millionaire investor who has bilked countless tech startups, appears to be a pseudonym for John Clifton Davies, a U.K. man who absconded from justice before being convicted on multiple counts of fraud in 2015. The Private Office of John Bernard, which advertises itself as a capital investment firm based in Switzerland, has for years been listed on multiple investment sites as the home of a millionaire who made his fortunes in the dot-com boom 20 years ago and who has oodles of cash to invest in tech startups.

Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution-with default configuration-to enable employees to connect remotely are vulnerable to man-in-the-middle attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. The main reason for this is that the bundled default SSL certificate uses the router's serial number as the server name for the certificate.

Washington state is among those being targeted by a "Large-scale, highly sophisticated" nationwide phishing campaign, the office of Gov. Jay Inslee said Thursday. At a press conference Thursday, Inslee said that the state is taking proactive measures to protect state systems, but he said that no ransomware activity has occurred among the agencies targeted, and no state services have been impacted.