Security News > 2020 > October

The popular password manager 1Password is now available for Linux users in beta version. Pegged for an official release in early 2021, the Linux release for 1Password - which has been used by Windows and Mac users for years - offers a "Full-featured desktop app" where users can securely manage and store passwords and other important credentials, such as credit card information.

The Common Vulnerability Scoring System was originally designed to convey the severity of vulnerabilities found in IT systems, and it may not be as relevant in some areas, such as industrial control systems or medical devices. MITRE developed the new rubric last year and the FDA announced this week that it has qualified as a Medical Device Development Tool.

Microsoft has acknowledged a new known issue affecting some Windows 10 devices and preventing users from using 'Reset this PC' to reinstall Windows. The Reset this PC feature comes with all Windows 10 versions and it allows users to reinstall the OS using a local recovery image or the latest Windows 10 version on Microsoft's servers.

The world's biggest social media companies may have to put more of a priority on security now that a New York state financial watchdog is calling for the creation of a designated regulator tasked with monitoring their cyber defense. The New York State Department of Financial Services made the determination in a lengthy report on the Twitter hack in July after the Justice Department said two teenagers and a 22-year-old took over more than 100 prominent Twitter accounts, including the accounts of former President Barack Obama and former Vice President Joe Biden.

French-headquartered IT outsourcer Sopra Steria has been struck by a "Cyberattack," reportedly linked to the Ryuk ransomware gang. The business declined to say what had happened, though French media reports indicated that Sopra Steria's Active Directory infrastructure had been compromised, seemingly by hackers linked to the Ryuk malware crowd.

Malwarebytes security researchers have identified a new campaign in which tech support scammers are exploiting a cross-site scripting vulnerability and are relying exclusively on links posted on Facebook to reach potential victims. This, they say, suggests that the tech support scammers were regularly changing these links to avoid blacklisting.

Federal officials claim that Iranian threat actors are behind two separate email campaigns that assailed Democratic voters this week with threats to "Vote for Trump or else." The campaigns claimed to be from violent extremist group Proud Boys. Two specific email campaigns - one on Tuesday Oct. 20 and one on Wednesday, Oct. 21 - threatened Democratic voters in Alaska, Arizona and Florida that attackers accessed "All of your information." They warned that there would be dire repercussions if voters didn't cast their ballot for President Trump in the upcoming election, according to a Wednesday Proofpoint report.

Image: Tauno Tõhk. The Council of the European Union today announced sanctions imposed on Russian military intelligence officers part of the 85th Main Centre for Special Services for their involvement in a 2015 hack of the German Federal Parliament. EU's sanctions include both travel bans and asset freezes and also block EU organizations and individuals from making fund transfers to sanctioned entities and individuals.

Fugitive US whistleblower Edward Snowden has been granted permanent residency in Russia, his lawyer said on Thursday. Snowden, the former US intelligence contractor who revealed in 2013 that the US government was spying on its citizens, has been living in exile in Russia since the revelations.

Cisco on Wednesday announced the release of patches for 17 high-severity vulnerabilities in its security appliances as part of its Security Advisory Bundled Publication for October 2020. The vulnerabilities have been found to impact Adaptive Security Appliance, Firepower Threat Defense, and Firepower Management Center.