News Wrap: Barnes & Noble Hack, DDoS Extortion Threats and More
From a cyberattack on Barnes & Noble to Zoom rolling out end-to-end encryption, Threatpost editors break down the top security stories of the week.
Read More
Microsoft
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
There were 11 critical bugs and six that were unpatched but publicly known in this month’s regularly scheduled Microsoft updates.
Read MoreElection Systems Under Attack via Microsoft Zerologon Exploits
Cybercriminals are chaining Microsoft’s Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.
Read MoreTrickBot Takedown Disrupts Major Crimeware Apparatus
Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.
Read MoreOffice 365: A Favorite for Cyberattack Persistence
Bad actors are leveraging legitimate services and tools within Microsoft’s productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.
Read MoreOffice 365: A Favorite for Cyberattack Persistence
Bad actors are leveraging legitimate services and tools within Microsoft’s productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.
Read MoreSophisticated Android Ransomware Executes with the Home Button
The malware also has a unique machine-learning module.
Read MoreMicrosoft Azure Flaws Open Admin Servers to Takeover
Two flaws in Microsoft’s cloud-based Azure App Services could have allowed server-side forgery request (SSFR) and remote code-execution attacks.
Read MoreMicrosoft Zerologon Flaw Under Attack By Iranian Nation-State Actors
Microsoft warns that the MERCURY APT has been actively exploiting CVE-2020-1472 in campaigns for the past two weeks.
Read MoreEmotet Emails Strike Thousands of DNC Volunteers
Hundreds of U.S. organizations on Thursday received emails purporting to come from the Democratic National Committee, in a new politically charged Emotet spear-phishing attack.
Read More