Security News > 2020 > November

It's November 10 and Patch Tuesday, and the first batch of security updates or 'B' updates are now available for all supported versions of Windows 10 including version 20H2. If you want to grab these updates, check for updates in the Settings and the update will begin installing. Below is the list of all new updates for Windows 10.

In closed forums on the dark web, criminals are trading vast databases of consumer information gathered via data breaches and phishing attacks, but also through readily-available government databases. Already a marketplace for drugs, weapons, stolen bank details and leaked website databases, the dark web has now become a thriving underground community where individuals discuss and trade techniques for capitalizing on COVID-19.

Kvashuk used Microsoft Store test accounts while being a part of the company's Universal Store Team to steal about $10.1 million worth of CSV from Microsoft via unauthorized simulated purchases of products according to court documents. After initially using his test account to illegally purchase CSV, Kvashuk switched to accounts created by some of his colleagues to hide his tracks and direct future investigations to the wrong people.

What's more, the voting itself was remarkably smooth. There were not clear rules in many states for voting by mail or sufficient opportunities for voting early.

Adobe has released security updates to address vulnerabilities classified as 'Important' in Adobe Reader for Android and Adobe Connect. Adobe advises all customers to update the vulnerable products to the latest versions as soon as possible to block attacks that could attempt to exploit unpatched installations.

The European Union on Monday agreed to tighten up rules for the sale and export of cybersurveillance technology. EU lawmakers and the European Council reached a provisional deal to update controls of so-called dual use goods such as facial recognition technology and spyware to prevent them from being used to violate human rights.

A vulnerability in GNOME Display Manager could allow a standard user to create accounts with increased privileges, giving a local attacker a path to run code with administrator permissions. The process involves running a few simple commands in the terminal and modifying general system settings that do not require increased rights.

Aggressive scammers are impersonating the U.S. Internal Revenue Service in e-mails designed to trick potential victims into paying fabricated outstanding amounts related to missed or late payments. The phishing emails target users of Microsoft's Office 365 platform and have so far reached an estimated number of up to 70,000 mail inboxes according to researchers at email security company Abnormal Security.

Zoom Video Communications, the maker of the popular Zoom video conferencing solution, has agreed to settle allegations made by the US Federal Trade Commission that it "Engaged in a series of deceptive and unfair practices that undermined the security of its users." The settlement requires Zoom to - among other things - establish and implement a comprehensive security program and to not engage in further privacy and security misrepresentations.

Inventor of the world wide web, Tim Berners-Lee, is having another crack at fixing the internet's biggest problems with the launch of a new enterprise server. The Inrupt Enterprise Solid Server is the first product from a company the inventor started two years ago in response to the problem of personal data online, where tech giants like Facebook and Google build vast databases on user's profiles and sell them to advertisers to make massive profits.