Security News > 2020 > October
Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up. With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about today's Adobe Flash Player update.
Today is Microsoft's October 2020 Patch Tuesday, and your Windows administrators will be pulling their hair out as they install new updates and try to fix bugs that pop up. With the October 2020 Patch Tuesday security updates release, Microsoft has released fixes for 87 vulnerabilities in Microsoft products and an advisory about today's Adobe Flash Player update.
Today is the second Tuesday of October 2020 and the first batch of security updates or 'B' updates are now available for all supported versions of Windows 10. If you want to grab these updates, check for updates in the Settings and the update will begin installing.
Threat actors are consistently leveraging legitimate services and tools from within Microsoft Office 365 to pilfer sensitive data and launch phishing, ransomware, and other attacks across corporate networks from a persistent position inside the cloud-based suite, new research has found. Office 365 user account takeover - particularly during the COVID-19 pandemic with so many working from home - is one of the most effective ways for an attacker to gain a foothold in an organization's network, said Chris Morales, head of security analytics at Vectra AI. From there, attackers can move laterally to launch attacks, something that researchers observed in 96 percent of the 4 million Office 365 customers sampled between June to August 2020.
This new Windows 10 feature is especially useful for apps that will run minimized without any user interface showing up on the screen or for those that only start a background task. At the moment, the notification only warns of apps configured to run on startup and listed in the Settings > Apps > Startup apps page as Jen Gentleman, a Senior Community Manager at Microsoft, explained.
Orca Security used its SideScanning technology to check virtual appliances for vulnerabilities and outdated operating systems. The company scanned a total of more than 2,200 virtual appliances from 540 vendors in April and May, and identified over 400,000 vulnerabilities.
International law firm Seyfarth Shaw announced on Monday that it was the victim of a ransomware attack over the weekend. The incident occurred on Saturday, with the company describing it as a "Sophisticated and aggressive malware attack." The timing is typical for cyber attacks, ransomware in particular, as companies have fewer employees working weekends.
Hackney Council in East London has declared that it was hit by a "Cyberattack" - but both the authority and officials from the National Cyber Security Centre remain tight-lipped about what actually happened. In a statement published on the council website this morning, local mayor Philip Glanville said: "Hackney Council has been the target of a serious cyberattack, which is affecting many of our services and IT systems."
Norway's Minister of Foreign Affairs Ine Eriksen Søreide today said that Russia is behind the August 2020 cyber-attack on the Norwegian Parliament. The attackers behind the cyber-attack on Norway's Parliament successfully gained access to a limited number of email accounts of representatives and employees as Stortinget director Marianne Andreassen said at the time.
Adobe has released a security update for a critical remote code execution vulnerability in Adobe Flash Player that could be exploited by simply visiting a website. Adobe Flash has long been a source of security vulnerabilities that allow attackers to install malware, execute commands, and takeover of computers when visiting malicious websites.