Security News > 2020 > November

Google's Project Zero has discovered and published a buffer overflow vulnerability in the Windows Kernel Cryptography Driver. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome.

Adobe announced on Monday that it has appointed Mark Adams as its new chief security officer. Adams will report to Abhay Parasnis, Adobe's chief technology officer, and he will be responsible "For security-related decisions across the company, leading the teams responsible for the security of Adobe's infrastructure, products and services, as well as teams dedicated to security incident response and communications."

Brave Browser, the privacy-focused web browser, announced today that it grew in usage by over 130% in its first year of the release of its 'Stable' version. On November 13th, 2019, Brave Browser released its first Stable version after it had already accumulated 8.7 million monthly active users and 3 million daily active users during its Beta period.

According to Jan Kopriva, a team leader of ALEFs Computer Security Incident Response Team and SANS ISC contributor, despite the attention the vulnerability received when first disclosed and the public availability of PoCs for exploiting it, Shodan searches show upwards of 100,000 systems still vulnerable. Shodan, he explains, can be used to discover systems that are affected by a specific vulnerability, although the exact manner in which the search engine determines whether a machine is vulnerable to SMBGhost attacks is unclear.

The Maze ransomware group issued a press release on November, 1 2020 announcing, "It is officially closed." Maze was one of the pioneers of 'double extortion' - stealing data before encrypting the victim's files. It seems to have originated from the discovery of data from competing ransomware groups on the Maze victim shaming website; but now Maze says there was never a cartel.

The day after WordPress pushed out a critical 5.5.2 security update, patching a remote code execution bug and nine additional flaws, it was forced push out a second update and then a third 5.5.3 update. The hiccup is tied to the WordPress auto-update feature that accidentally started sending 455 million websites a WordPress update that caused new WordPress installs to fail.

The Microsoft Tips app has leaked more evidence that Microsoft is working on rounded corners for Windows 10 windows. For some time, Microsoft has been adding rounded corners to dialog boxes in Windows 10 apps such as Photos, Maps, Calculator, and the new Microsoft Edge.

The company's response was less than solid gold - it took months to notify its users of the breach. In a notice sent to its online customers, the company said that it became aware of suspicious activity on its website on July 6.

This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub.

Scammers are leveraging a legitimate Google Drive collaboration feature to trick users into clicking on malicious links. According to reports,, the recent attack stems from Google Drive's legitimate collaboration feature, which allows users to create push notifications or emails that invite people to share a Google doc.