Security News > 2020 > October

Control servers included in the configuration file of new TrickBot samples fail to respond to bot requests, according to researchers at threat intelligence company Intel 471. Days after the announcement Intel 471's researchers revealed that TrickBot resumed operations, and that Emotet was observed serving TrickBot payloads to infected machines.

Microsoft's Chromium-based Edge was first released in January to Windows consumers and enterprises, and it was later released to macOS users. Edge is already available on Android and iOS, and now Linux users can finally get a taste of Microsoft's new browser.

Amazon, Apple, Netflix, Facebook and WhatsApp are top brands leveraged by cybercriminals in phishing and fraud attacks - including a recent strike on a half-million Facebook users. Facebook has been a top cybercriminal favorite in phishing attacks so far this year, with recent research shedding light on 4.5 million phishing attempts that have leveraged the social media platform between April and September 2020.

Google has released Chrome 86.0.4240.111 today, October 20th, 2020, to the Stable desktop channel to address five security vulnerabilities, one of them an actively exploited zero-day bug. "Google is aware of reports that an exploit for CVE-2020-15999 exists in the wild," the Google Chrome 86.0.4240.111 announcement reads.

UPDATE. Pharma giant Pfizer has leaked the private medical data of prescription-drug users in the U.S. for months or even years, thanks to an unprotected Google Cloud storage bucket. Some of the transcripts were related to conversations about Advil, which is manufactured by Pfizer in a joint venture with GlaxoSmithKline.

Microsoft has released the Windows 10 1909 KB4580386 monthly "C" release preview cumulative update with quality improvements and fixes for Microsoft Xbox Game Pass, USB printer, and screen flashing issues. This preview cumulative update addresses an issue preventing Microsoft Xbox Game Pass users from playing some games that they were eligible to play and fixes a reliability issue that causes the display to flash constantly.

Insider threats, ransomware and cyber espionage were all in decline in the early part of 2020, according to the EU's cybersecurity agency - though the risk of an "Uncontrolled cyber arms race" among nation states is growing. The EU Agency for Cybersecurity said in its annual report issued today that those three categories of cyber threat were in decline up until April this year when COVID-19-related lockdowns began.

The Egregor ransomware gang is claiming responsibility for the cyberattack on U.S. Bookstore giant Barnes & Noble on October 10th, 2020. "It is with the greatest regret we inform you that we were made aware on October 10, 2020 that Barnes & Noble had been the victim of a cybersecurity attack, which resulted in unauthorized and unlawful access to certain Barnes & Noble corporate systems."

Office 365 users are receiving emails purporting to come from cryptocurrency platform Coinbase, which ask them to download updated Terms of Service via an OAuth consent app. Here, attackers are betting that they are targeting Office 365 users who are also Coinbase users, researchers said.

Austin, Texas-based security product testing company NSS Labs has announced that it ceased operations on October 15, 2020. "Due to Covid-related impacts, NSS Labs ceased operations on October 15th," a message on the company's website reads.