Security News > 2020 > October

Finance ministers from the G7 industrialized countries expressed "Concern" on Tuesday over the rise in "Malicious cyber-attacks" in the midst of the Covid-19 pandemic, including some involving cryptocurrencies. These ransomware attacks demanding payments often to facilitate money laundering "Have been growing in scale, sophistication, and frequency" over the past two years, causing "Significant economic damage and customer protection and data privacy," the ministers said.

It's Cybersecurity Awareness Month! In keeping with that theme, if youuse Microsoft Windows computers you should be aware the company shipped a bevy of software updates today to fix at least 87 security problems in Windows and programs that run on top of the operating system. Worst in terms of outright scariness is probably CVE-2020-16898, which is a nasty bug in Windows 10 and Windows Server 2019 that could be abused to install malware just by sending a malformed packet of data at a vulnerable system.

Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products. According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement packets.

Microsoft has plugged 87 security holes, including critical ones in the Windows TCP/IP stack and Microsoft Outlook and Microsoft 365 Apps for Enterprise. CVE-2020-16898 - A Windows TCP/IP vulnerability that could be remotely exploited by sending a specially crafted ICMPv6 router advertisement to an affected Windows server or client and could allow code execution.

Clop and the group's signature malware has struck again - this time hitting a giant target in the form of German software conglomerate Software AG. The company isn't paying a mammoth $23 million ransom, and over the weekend it confirmed that the crooks were releasing company data, according to reports. The company released a statement on October 5 publicly announcing the attack, adding, "While services to its customers, including its cloud-based services, remain unaffected, as a result, Software AG has shut down the internal systems in a controlled manner in accordance with the company's internal security regulations," the statement read. But that assessment turned out to be prematurely rosy.

DevSecOps and risk management solutions provider apiiro on Tuesday emerged from stealth mode with $35 million in funding. The company aims to integrate security into design and development, to "Reinvent secure development lifecycle."

Getting your first watch after learning to tell the time is still a delightful childhood rite of passage, at least in countries where watches are affordable. The irony of buying a watch to improve your child's safety only to find that it simultaneously reduces their security is not lost on the researchers who wrote up the findings we'll be covering here.

The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player. Adobe is warning of a critical vulnerability in its Flash Player application for users on Windows, macOS, Linux and ChromeOS operating systems.

Norway's government on Tuesday said that it believes Russia was behind an August cyber attack targeting the email system of the country's parliament. The attack was detected in August, when Norway announced hackers had attacked the parliament's email system, gaining access to some lawmakers' messages.

Windows and Mac users running Foxit's popular PhantomPDF reader should update their installations to the latest version after the US CISA cybersecurity agency warned of a handful of high-severity product vulnerabilities. Foxit has published updates for its software in both Windows and Apple Mac formats.