Security News > 2020 > November

A widely used hotel reservation platform has exposed 10 million files related to guests at various hotels around the world, thanks to a misconfigured Amazon Web Services S3 bucket. Many of the records contain data for multiple hotel guests that were grouped together on a single reservation; thus, the number of people exposed is likely well over the 10 million, researchers said.

Google Chrome is getting a new feature that increases security when clicking on web page links that open URLs in a new window or tab. This attribute has a known security issue that allows the newly opened page to utilize javascript to redirect the original page to a different URL. This redirected URL can be anything the threat actor wants, including phishing pages or pages that automatically download malicious files.

Ransomware operators are using malicious fake ads for Microsoft Teams updates to infect systems with backdoors that deployed Cobalt Strike to compromise the rest of the network. In a non-public security advisory seen by BleepingComputer, Microsoft is warning its customers about these FakeUpdates campaigns, offering recommendations that would lower the impact of the attack via its Defender ATP service.

Let's Encrypt has warned users whose devices are running older versions of Android that they may start getting errors next year when visiting websites secured by its certificates. The organization estimates that roughly one-third of Android devices are still running these older versions, which means their users will start getting certificate errors once the cross-signed certificate expires.

Western Digital today announced a suite of new NVMe SSDs for enabling next-generation, data-centric architectures for data centers, industrial IoT, automotive and client applications. The new family includes the Ultrastar DC ZN540 ZNS NVMe SSD for designing a more efficient data center storage tier with competitive TCO; the Western Digital IX SN530 Industrial SSD for the extreme environments of industrial and automotive applications; and the 2TB WD Blue SN550 NVMe SSD for speeding up PC performance.

Taiwanese laptop maker Compal Electronics suffered a DoppelPaymer ransomware attack over the weekend, with the attackers demanding an almost $17 million ransom. Over the weekend, Taiwanese media reported that Compal suffered a cyberattack, but the laptop maker claimed it was just an "Abnormality" in their office automation system.

Microsoft says that multiple Windows 10 apps including Outlook are affected by an issue causing them to forget users' passwords after the device is upgraded to certain Windows 10, version 2004 builds. "After installing Windows 10 Version 2004 Build 19041.173 and related updates you find that Outlook and other applications do not remember your password anymore," Microsoft explains.

Bug bounty hunters have earned a total of more than $1.2 million over the weekend at the 2020 Tianfu Cup International PWN Contest, a major hacking competition that takes place every year in China. The winner was a team representing Chinese cybersecurity firm Qihoo 360, which earned over $740,000.

Microsoft will soon start force upgrading Windows 10 1903 to Windows 10 1909 to keep them protected from security threats after this Windows version reaches its end of service next month. "All editions of Windows 10, version 1903 and Windows 10 Server, version 1903 will reach end of service on December 8, 2020," Microsoft explains on the Windows 10 Message Center.

Microsoft will soon start force upgrading Windows 10 1903 to Windows 10 1909 to keep them protected from security threats after this Windows version reaches its end of service next month. "All editions of Windows 10, version 1903 and Windows 10 Server, version 1903 will reach end of service on December 8, 2020," Microsoft explains on the Windows 10 Message Center.