Security News > 2020 > October

Google is rolling out 35 security fixes, and a new password feature, in Chrome 86 versions for Windows, Mac, Android and iOS users. Google's latest version of its browser, Chrome 86, is now being rolled out with 35 security fixes - including a critical bug - and a feature that checks if users have any compromised passwords.

A phishing campaign pushing a network-compromising backdoor pretends to have the inside scoop on President Trump's health after being infected with COVID-19. To capitalize on this, the threat actors behind the BazarLoader trojan have started a new phishing campaign that pretends to have insider information on Trump's condition.

Microsoft 365 is currently experiencing an outage affecting users on both coasts of the United States and preventing them from accessing multiple Office 365 services. Starting at approximately 2:30 PM EST today, Office 365 users all over the United States began having difficulty accessing their Outlook mail and using Microsoft Teams, with active calls getting dropped.

Hackers compromised mobile-based Asian food delivery service Chowbus, stole customer data, and emailed victims a link pointing to the stolen data. Information in the CSV files included names, email addresses, phone numbers, addresses, rates, and addresses for the Chowbus partner restaurants.

UK cashless school payments firm Wisepay has pulled its website offline after spotting a miscreant trying to spoof its card payment page. The Hampshire-based company, which bills itself as "Allowing parents and guardians to make cashless payments to their school or college", said its website was "Down for maintenance".

September featured two stories on a phony tech investor named John Bernard, a pseudonym used by a convicted thief named John Clifton Davies who's fleeced dozens of technology companies out of an estimated $30 million with the promise of lucrative investments. As described in Part II of this series, John Bernard is in fact John Clifton Davies, a 59-year-old U.K. citizen who absconded from justice before being convicted on multiple counts of fraud in 2015.

Researchers from segmentation solutions provider Guardicore have identified a series of vulnerabilities that could have been exploited by a hacker to turn a TV remote into a spying device. The research focused on the XR11 remote provided by Comcast to Xfinity customers.

A security flaw in an internet-connected male chastity device could allow hackers to remotely lock it - leaving users trapped, researchers have warned. The locking mechanism is controlled with a smartphone app via Bluetooth - marketed as both an anti-cheating and a submission sex play device - but security researchers have found multiple flaws that leave it vulnerable to hacking.

In this attack, the initial email promised an important update on the recipient's COVID relief funds to be disbursed to the person's address. The initial email snuck past Microsoft 365 email security because it didn't follow the usual traits of traditional phishing attacks, according to Armorblox.

A new iteration of the PoetRAT spyware, sporting improvements to operational security, code efficiency and obfuscation, is making the rounds in Azerbaijan, targeting the public sector and other key organizations as the country's conflict with Armenia over disputed territory intensifies. This time around, the attacks use Microsoft Word documents alleged to be from the Azerbaijan government - complete with the National Emblem of Azerbaijan in the top corners - to install PoetRAT in two separate files on victims' machines, according to researchers Warren Mercer, Paul Rascagneres and Vitor Ventura.