Security News > 2020 > October

Open Shell, originally known as Classic Shell, is open-source software that allows you to replace the standard Start Menu on Windows 10 and Windows 8. With Open Shell, you can change the appearance of the Start Menu and replace with the likes of Windows 7.

A threat actor is selling account databases containing an aggregate total of 34 million user records that they claim were stolen from seventeen companies during data breaches. On October 28th, a data breach broker created a new topic on a hacker forum to sell the stolen user databases for seventeen companies.

To take advantage of the trick-or-treating festivities, the Emotet malware gang is sending out spam emails that invite you to a Halloween party. Emotet is a malware infection that spreads through emails containing Word documents containing malicious macros.

"Authorities and election officials know this is the case and have taken precautions to try to ensure a safe election. These include election infrastructure assessment and securing voting registration systems. However, given the recent hack involving Hall County, Ga., where election data was released to public for failure to pay a ransom, it really brings into question how effective the measures will be in the final stretch of the election." "If ransomware hits a county, the mail-in count will be thrown into question. Because Republicans are known to vote in person on election day and Democrats favor mail-in ballots, this is a danger."

Google's Project Zero bug-hunting team has disclosed a Windows kernel flaw that's being actively exploited by miscreants to gain control of computers. The web giant's bug report was privately disclosed to Microsoft on October 22, and publicly revealed just seven days later, after it detected persons unknown exploiting the programming blunder.

So not only have you eliminated by far the majority of messages, you've also broken the "OTP proof" of "All messages are equiprobable". Using compression does alow you to change the encrypted message length, which for years was also desirable because reducing the size of a message had other benifits, not the least of which was cost, which is why the later Victorians were apparently "Code book crazy".

The update patches a high-severity bug, which could allow a remote unauthenticated attacker to take over a targeted website via a narrowly tailored denial-of-service attack. Of the ten security bugs patched by WordPress a standout flaw, rated high-severity, could be exploited to allow an unauthenticated attacker to execute remote code on systems hosting the vulnerable website.

An APT group is starting fires with a new Android malware loader, which uses a legitimate Google messaging service to bypass detection. The malware, dubbed "Firestarter," is used by an APT threat group called "DoNot." DoNot uses Firebase Cloud Messaging, which is a cross-platform cloud solution for messages and notifications for Android, iOS and web applications.

It's just the latest in a litany of attacks related to the upcoming election, and it showcases a big problem area when it comes to cybersecurity, researchers said. In a typical BEC attack, criminals will do their research to make their communications seem credible, according to Agari's recent deep dive on the state of BEC attacks.

Worse still, Flash bugs seemed to show up very frequently as zero-days, the jargon term for exploitable security holes that are found by attackers before a patch is available, thus leaving even the most disciplined and swift-acting system administrators with zero days during which they could have been ahead of the crooks. If anything showed that Adobe's heart hasn't really been in Flash for many years, it was the story of how Apple banned Flash from the iPhone in 2010.