Google, Intel Warn on ‘Zero-Click’ Kernel Bug in Linux-Based IoT Devices
Intel and Google are urging users to update the Linux kernel to version 5.9 or later.
Source: Threadpost
Cybercriminals Steal Nearly 1TB of Data from Miami-Based International Tech Firm
Databases of sensitive, financial and personally identifiable info and documents from Intcomex were leaked on Russian-language hacker forum after a ransomware attack.
Source: Threadpost
October Patch Tuesday: Microsoft Patches Critical, Wormable RCE Bug
There were 11 critical bugs and six that were unpatched but publicly known in this month's regularly scheduled Microsoft updates.
Source: Threadpost
Lemon Duck Cryptocurrency-Mining Botnet Activity Spikes
Researchers warn of a spike in the cryptocurrency-mining botnet since August 2020.
Source: Threadpost
Software AG Data Released After Clop Ransomware Strike – Report
The Clop group attacked Software AG, a German conglomerate with operations in more than 70 countries, threatening to dump stolen data if the whopping $23 million ransom isn’t paid.
Source: Threadpost
Critical Flash Player Flaw Opens Adobe Users to RCE
The flaw stems from a NULL Pointer Dereference error and plagues the Windows, macOS, Linux and ChromeOS versions of Adobe Flash Player.
Source: Threadpost
Election Systems Under Attack via Microsoft Zerologon Exploits
Cybercriminals are chaining Microsoft's Zerologon flaw with other exploits in order to infiltrate government systems, putting election systems at risk, a new CISA and FBI advisory warns.
Source: Threadpost
Authentication Bug Opens Android Smart-TV Box to Data Theft
The streaming box allows arbitrary code execution as root, paving the way to pilfering social-media tokens, passwords, messaging history and more.
Source: Threadpost
TrickBot Takedown Disrupts Major Crimeware Apparatus
Microsoft and partners went after the botnet using a copyright infringement tactic and hunting down C2 servers.
Source: Threadpost
Office 365: A Favorite for Cyberattack Persistence
Bad actors are leveraging legitimate services and tools within Microsoft's productivity suite to launch cyberattacks on COVID-19 stay-at-home workers, new research finds.
Source: Threadpost