Security News > 2020 > November

92 percent of organizations admit that they face a cloud security readiness gap. IoT in all its flavors exposes companies and consumers alike to a wide range of security threats.

Google today released Chrome 86.0.4240.183 for Windows, Mac, and Linux to address 10 security vulnerabilities including a remote code execution zero-day exploited in the wild. Today, Google patched another zero-day in Chrome for Android exploited in the wild, a sandbox escape vulnerability tracked as CVE-2020-16010.

A high-severity Windows driver bug is being exploited in the wild as a zero-day. The security vulnerability was disclosed by Google Project Zero just seven days after it was reported, since cybercriminals are already exploiting it, according to researchers.

North Korea-linked threat actor Kimsuky was recently observed using brand new malware in attacks on government agencies and human rights activists, Cybereason's security researchers say. In a newly published report, Cybereason's Nocturnus team provides details on two new malware families associated with Kimsuky, namely a previously undocumented modular spyware called KGH SPY, and a new malware downloader called CSPY Downloader.

Oracle issued an out-of-band security update over the weekend to address a critical remote code execution vulnerability impacting multiple Oracle WebLogic Server versions. Supported Oracle WebLogic Server versions that are affected by CVE-2020-14750 include 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.

Russian interference has been minimal so far in the most tempestuous U.S. presidential election in decades. Election officials fear a "Blend" of overlapping attacks intended to undermine voter confidence and incite political violence: taking over state or local government websites to spread misinformation, crippling election results-reporting websites with denial-of-service attacks, hijacking officials' social media accounts and making false claims about rigged voting.

The U.S. Cybersecurity and Infrastructure Security Agency and the Federal Bureau of Investigation have issued an alert to warn that an Iranian threat actor recently accessed voter registration data. In the previous alert, CISA and the FBI noted that the Iranian hackers targeted known vulnerabilities in virtual private network products and content management systems, including CVE-2020-5902 and CVE-2017-9248.

Bad news for those who have bought into the Nest Secure home surveillance system - Google has surprised many by halting further deployments. The Secure package consists of motion sensors for doors and windows that communicate with the Hub, a modern-day version of the traditional home alarm keypad but with NFC Tag key fobs and smartphone alerts.

Microsoft today reminded customers that some editions of Windows 10, version 1809 will reach its end of service next week. "On November 10, 2020, the Home, Pro, Pro for Workstation, and IoT Core editions of Windows 10, version 1809 will reach end of service," Microsoft explains on the Windows 10 1809 Health Dashboard.

Texas-based precious metals dealer JM Bullion has informed some customers that their payment card information may have been stolen by cybercriminals, but the disclosure came months after the breach was discovered. The company claims on its website that customer information is kept secure through "256-bit SSL encryption" and that it does not have access to payment card information as it's processed by a third party.