Security News > 2020 > October

Adding a user with admin privileges on Linux is easier than you think. Problem is, when you create a new user, that user doesn't have admin privileges.

NVIDIA released a security update for the Windows NVIDIA GeForce Experience app to address vulnerabilities that could enable attackers to execute arbitrary code, escalate privileges, gain access to sensitive info, or trigger a denial of service state on systems running unpatched software. The three vulnerabilities fixed in the October 2020 security update are detailed below, together with full descriptions and the CVSS V3 base score assigned by NVIDIA. CVE IDs Description Base Score CVE‑2020‑5977 NVIDIA GeForce Experience contains a vulnerability in NVIDIA Web Helper NodeJS Web Server in which an uncontrolled search path is used to load a node module, which may lead to code execution, denial of service, escalation of privileges, and information disclosure.

Dutch ethical hacker Victor Gevers claims it only took five attempts to guess the password to President Donald Trump's Twitter account - "Maga2020!". Twitter Safety & 2FA. Twitter said it is dubious about the report.

If you have loads of apps installed, don't worry: you can check some of the most important permissions for all of them in one go. With iOS 14 small arrows now appear alongside an app in the list or on the home screen when the app is in use to let you know if a location service is being or has been accessed by that app.

Browser lockers are a type of redirection attack where web surfers will click on a site, only to be sent to a page warning them that their computer is infected with "a virus" or malware. In a recent, widespread campaign, cyberattackers are using Facebook to distribute malicious links that ultimately redirect to a browser locker page, according to researchers.

Researchers are warning of a phishing campaign that pretends to be an automated message from Microsoft Teams. The initial phishing email displays the name "There's new activity in Teams," making it appear like an automated notification from Microsoft Teams.

French IT services giant Sopra Steria suffered a cyberattack on October 20th, 2020, that reportedly encrypted portions of their network with the Ryuk ransomware. Sopra Steria is a European information technology company with 46,000 employees in 25 countries worldwide.

Google has added a new feature to Chrome 86 that aims to stomp out abusive notification content. Google first implemented controls that went against abusive notifications with Chrome 80, when it introduced a "Quiet notification permission UI" feature.

DHS Cybersecurity and Infrastructure Security Agency and the FBI today warned that a Russian state-sponsored APT threat group known as Energetic Bear has hacked and stolen data from US government networks during the last two months. Energetic Bear, a hacking group active since at least 2010, has targeted the networks of both US state, local, territorial, and tribal government organizations and aviation entities.

A database with information on virtually the entire US voting population has been circulated on hacker forums, opening up the potential for disinformation and scams that could impact the November 3 election, security researchers say. A report released Wednesday by the security firm Trustwave said its researchers "Discovered massive databases with detailed information about US voters and consumers offered for sale on several hacker forums."