Security News > 2020 > October

The tsunami of ransomware attacks hitting enterprises this year is having a noticeable effect on IT managers across the world, according to a new survey from cybersecurity company Sophos. One of the key factors that tied many ransomware victims together in the survey was that those IT managers often put more of a focus on detection and response.

Google and Intel are warning of a high-severity flaw in BlueZ, the Linux Bluetooth protocol stack that provides support for core Bluetooth layers and protocols to Linux-based internet of things devices. According to Google, the vulnerability affects users of Linux kernel versions before 5.9 that support BlueZ. BlueZ, which is an open-source project distributed under GNU General Public License, features the BlueZ kernel that has been part of the official Linux kernel since version 2.4.6.

Hackers have stolen nearly a terabyte of data from a Miami-based tech firm, leaking a number of the pilfered files on a Russian hacker forum. A Russian-language note left along with the leaked data alludes to the hackers waiting to see if the company will pay up before releasing the rest of the data, which likely will be more full credit-card information, a treasure trove for hackers, according to the report.

Intel on Wednesday announced the new security technologies that will be present in the company's upcoming 3rd generation Xeon Scalable processor, code-named "Ice Lake.". "Protecting data is essential to extracting value from it, and with the capabilities in the upcoming 3rd Gen Xeon Scalable platform, we will help our customers solve their toughest data challenges while improving data confidentiality and integrity. This extends our long history of partnering across the ecosystem to drive security innovations," said Lisa Spelman, corporate VP of the Data Platform Group and GM of the Xeon and Memory Group at Intel.

Intel unveiled the suite of new security features for the upcoming 3rd generation Intel Xeon Scalable platform, code-named "Ice Lake.". Intel is doubling down on its Security First Pledge, bringing its pioneering and proven Intel Software Guard Extension to the full spectrum of Ice Lake platforms, along with new features that include Intel Total Memory Encryption, Intel Platform Firmware Resilience and new cryptographic accelerators to strengthen the platform and improve the overall confidentiality and integrity of data.

The highlight of this month's Microsoft Office security updates is without a doubt CVE-2020-16947, a remote code execution vulnerability that leads to remote code execution when previewing or opening maliciously crafted emails with a vulnerable Microsoft Outlook version. CVE-2020-16947 affects several Office products including Microsoft Outlook 2016 and Microsoft Office 2019, as well as Microsoft 365 Apps for Enterprise.

Cyber warriors on NATO's eastern edge are warning that the growing number of people working from home globally due to the pandemic is increasing vulnerability to cyber attacks. The Baltic state of Estonia hosts two cyber facilities for the Western military alliance - set up following a series of cyber attacks from neighbour Russia more than a decade ago.

Microsoft's October 2020 Patch Tuesday fixed 87 security bugs, one of which is an "Important" Windows Spoofing Vulnerability that abuses CAT files. The flaw allows an attacker to combine a legitimately signed Microsoft Windows Installer package with the attacker's JAR file into an encapsulating JAR file.

FIN11, a financially-motivated hacker group with a history starting since at least 2016, has adapted malicious email campaigns to transition to ransomware as the main monetization method. Mandiant today published an overview of the FIN11 activity and its transition to the ransomware scene.

Cisco Talos this week released the details of several remotely exploitable denial-of-service vulnerabilities found by one of its researchers in an industrial automation product made by Rockwell Automation. Cisco Talos and Rockwell Automation say a total of five high-severity buffer overflow vulnerabilities have been identified.