Security News > 2020 > October

Microsoft has improved password spray detection in Azure Active Directory by doubling the number of compromised accounts it detects using a new machine learning system. Microsoft built a heuristic engine focused on detecting password spray attack, which helped the company to spot and alert tenants of hundreds of thousands of attacks each month.

Credential-stuffing is accomplished by hackers who take advantage of users who often reuse the same passwords across multiple online accounts. The cyberattackers use stolen passwords and usernames from previous data breaches to brute-force accounts on a wide scale, and when a match is found, they can take over the victim's account.

Patches released by NVIDIA last week for the GeForce Experience software address two arbitrary code execution bugs assessed with a severity rating of high. The GeForce Experience software is a companion application that is being installed alongside NVIDIA's GeForce drivers.

US President Donald Trump's administration has insisted on the need to ban TikTok due to national security concerns in a new court filing ahead of a plan to make the video app unavailable on November 12. In September, a temporary injunction prevented the government from removing TikTok from mobile application download platforms.

The infrastructure reviews - published by Jisc today - took place between 2016 and 2020 and covered 118 institutions, including 59 Further Education colleges. The research went on to note that most colleges found managing the upgrade cycle of both end user kit and infrastructure "Very difficult".

Hewlett Packard Enterprise has released patches for two critical vulnerabilities, one identified in StoreServ Management Console and the other affecting BlueData EPIC Software Platform and Ezmeral Container Platform. The most severe of these issues was identified in HPE StoreServ Management Console 3.7.0.0 and could be exploited to remotely bypass authentication protections.

Palo Alto Networks has threatened legal action against cloud visibility solutions provider Orca Security after the latter published a video comparing products from the two companies. The video made by Orca in August, which is still available on YouTube, is described as a "Detailed competitive comparison" between Orca Security's platform and Palo Alto Networks' Prisma Cloud product.

A massive data breach suffered by the Nitro PDF service impacts many well-known organizations, including Google, Apple, Microsoft, Chase, and Citibank. On October 21st, Nitro Software issued an advisory to the Australia Stock Exchange, stating that they were affected by a "Low impact security incident" but that no customer data was impacted.

Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. Link previews are a common feature in most chat apps, making it easy to display a visual preview and a brief description of the shared link.

Apple has inadvertently given the thumbs up to six new malware variants, according to researchers at Mac security solutions provider Intego. Application developers have the possibility to submit their software to Apple for scanning purposes and have it automatically notarized if deemed malware-free.