Security News > 2020 > November

A new banking trojan has been discovered targeting Android users, with the capabilities to spy on 153 mobile apps from various banks, cryptocurrencies and exchanges. Kaspersky telemetry shows that all victims of the Ghimob mobile banking trojan are currently located in Brazil at the moment.

Microsoft is investigating a recently discovered issue that causes deleted emails to reappear in the mail inbox of Outlook.com accounts. The exact cause behind these Outlook.com undeletable emails but the company says that it's working on a fix to be deployed when a resolution is available.

Amidst all the different types of cyberthreats, distributed denial of services attacks don't typically strike as much fear as do ransomware and malware, but a concerted DDoS attack can wreak major havoc. Further, DDoS attacks have become more dangerous and challenging as they've adopted a range of innovative tactics.

Microsoft has released a new batch of Intel microcode updates for Windows 10 20H2, 2004, 1909, and older versions to fix new hardware vulnerabilities discovered in Intel CPUs. When Intel finds bugs in their CPUs, they release microcode updates that allow operating systems to patch the behavior of the CPU to fix, or at least mitigate, the bug.

Silicon Valley is welcoming the election of Joe Biden as US president even as it girds for a series of battles over tech policy in Washington. At the same time, the Biden campaign has cultivated ties with current and former tech personalities; and Vice President-elect Kamala Harris has ties to the sector, including her friend Sandberg of Facebook and her brother-in-law Tony West, Uber's chief legal officer.

Attackers are using ads for fake Microsoft Teams updates to deploy backdoors, which use Cobalt Strike to infect companies' networks with malware. In the advisory, Microsoft said it's seen attackers in the latest FakeUpdates campaign using search-engine ads to push top results for Teams software to a domain that they control and use for nefarious activity, according to the report.

Microsoft has fixed today a Windows kernel zero-day vulnerability exploited in the wild as part of targeted attacks and publicly disclosed by Project Zero, Google's 0day bug-hunting team, last month. According to Project Zero researchers Mateusz Jurczyk and Sergei Glazunov who discovered it, the security flaw currently tracked as CVE-2020-17087 is a pool-based buffer overflow found in the Windows Kernel Cryptography Driver.

Today is Microsoft's November 2020 Patch Tuesday, and Windows administrators worldwide will be running around putting out fires all day, so be nice to them. With the November 2020 Patch Tuesday security updates release, Microsoft has released fixes for 112 vulnerabilities in Microsoft products.

Microsoft users are currently experiencing issues around the world, with users unable to access Windows Store, Xbox Live services, and Outlook. When attempting to access Microsoft Store, users are seeing loading screen, which suggests that the Store is unable to connect to the Microsoft servers.

Scorecards provides an assessment of open-source packages, which developers can use to judge whether they are safe to introduce into their projects or systems. Introducing unknown code into a software can be risky, which is why Google is introducing a new scorecard system to help developers assess the risk of open-source dependencies before introducing them to their systems.