Security News > 2020 > October

Microsoft is rolling out a new tool called 'Resources monitor' that will allow you to free up resources in Windows 10 using Xbox's Game Bar. This new resources monitor works just like the traditional Task Manager, but it sits on top of running games and allows you to kill background processes without having to leave your game.

Britain's data privacy watchdog on Friday said it has fined US hotels group Marriott over a data breach affecting millions of customers worldwide. The UK Information Commissioner's Office said in a statement it fined Marriott £18.4 million for breaches of data that included personal information such as passport numbers since March 2018.

Microsoft this week revealed that it continues to receive reports from customers of attacks targeting the Zerologon vulnerability. The vulnerability came into the spotlight after the DHS ordered federal agencies to immediately apply available patches, with both Microsoft and CISA publishing information on attackers actively exploiting the bug.

Such risk extends beyond anti-hacking laws, implicating copyright law and anti-circumvention provisions, electronic privacy law, and cryptography export controls, as well as broader legal areas such as contract and trade secret law. Our Guide gives the most comprehensive presentation to date of this landscape of legal risks, with an eye to both legal and technical nuance.

Your name, address, phone number, email address, passport number, date of birth, and sex are worth just £0.05 in the eyes of the UK Information Commissioner's Office, which has fined Marriott £18.4m after 339 million people's data was stolen from the hotel chain. Within the exposed data were 5.25 million guests' passport numbers, stored without encryption, as well as 18.5 million encrypted passport numbers and 9.1 million encrypted credit card numbers.

San Jose, California-based asset discovery company Lucidum emerged from stealth mode on Friday with $4 million in seed funding. Lucidum has developed a platform that leverages machine learning to analyze data from nearly 100 existing tools and platforms in an effort to provide visibility into computers, mobile and IoT devices, cloud environments, and microservices.

Project Zero, Google's 0day bug-hunting team, today disclosed a zero-day elevation of privileges vulnerability found in the Windows kernel and actively exploited in targeted attacks. The Windows kernel bug zero-day can be exploited by local attackers for privilege escalation according to Project Zero security researchers Mateusz Jurczyk and Sergei Glazunov.

This week: Facebook scammers trick you with fake copyright notices, voice scammers automate their attacks on the vulnerable, how to tune up your mobile privacy, and the best/worst IT helpdesk call ever. WHERE TO FIND THE PODCAST ONLINE. You can listen to us on Soundcloud, Apple Podcasts, Google Podcasts, Spotify, Stitcher, Overcast and anywhere that good podcasts are found.

"> LTD. Its name didn't contain the square brackets, meaning anyone reading company names off the Companies House API would potentially run a script from the web address above. Although whoever registered the company seems to have had non-hostile intentions - xss.

Several vulnerabilities found by researchers in the OpenEMR software can be exploited by remote hackers to obtain medical records and compromise healthcare infrastructure. Researchers at Swiss-based code quality and security solutions provider SonarSource discovered earlier this year that OpenEMR is affected by four types of vulnerabilities that impact servers using the Patient Portal component.