New Emotet attack urges recipients to upgrade Microsoft Word

Emotet operators have started using a new template that pretends to be a Microsoft Office message urging a Microsoft Word update. As one of the world’s most infamous malwares, this version uses spam messages that leverage templates to trick the victims into enabling macros to start the infection. Upon installation, it moves into a victim’s LocalAppData folder and will then download additional payloads on the machine, including ransomware and spam emails.

(Security Affairs)

Windows 10 now hides the SYSTEM control panel

With the release of Windows 10 20H2, Microsoft is now preventing access to the SYSTEM control panel and is instead redirecting users to the newly updated ‘About’ settings page. The SYSTEM control panel provides information about the installed version of Windows, the bit-type of the operating system, the computer name, workgroup, CPU, and memory. Industry experts believe this is an overall improvement to the way Windows sorts and stores its settings.

(Bleeping Computer)

Samsung Group titan Lee Kun-hee dies aged 78

Mr. Lee helped to grow his father’s small trading business into a world-famous brand, not only in tech and electronics but also in insurance and shipping. He was the richest person in South Korea, according to Forbes, with a net worth of nearly $21bn. He died on Sunday, but no cause of death was announced. He was instrumental in turning Samsung, once seen as a producer of cheap, low-quality products, into a powerhouse, famously announcing to his employees in 1993: “Let’s change everything except our wives and kids.” The firm then burned its entire mobile phone stock, consisting of 150,000 handsets.

(BBC News)

Tech Manufacturers face new pressure around the right to repair

A growing movement called “Right to Repair” has spurred a bill introduced to Congress by Democrats, as well as similar plans within the European Commission, that calls on manufacturers of high tech products from smartphones to Covid ventilators to make them easier to repair by third parties. Manufacturers have increasingly made their products difficult to repair, but advocates of the change claim these practices are anticompetitive as well as contributing to a landfill culture and climate change.

(New York Times)

Thanks to our sponsor, F5

58% of organizations say maintaining security and compliance when managing apps in a multi-cloud environment is their biggest challenge. Be sure to attend the premier virtual security summit on November 10th where F5, an expert in app security, will cover how to protect your applications from today’s advanced attacks and tomorrow’s emerging threats. Register now.

KashmirBlack botnet preys on CMS sites

A botnet focused on cryptomining, spamming, and defacement has infected hundreds of thousands of websites running popular content management systems (CMSs), such as WordPress, Joomla, Magneto, and Drupal, according to online security firm Imperva. Dubbed KashmirBlack, it stores its files on cloud storage services, such as Dropbox and GitHub for communication and to hide its presence. Its high-performance architecture was designed to make updating easy, using load-balancing features to increase responsiveness and availability.

(Darkreading.com)

Infected IoT Device Numbers Surge 100% in a Year

A new report from Nokia states the number of infected IoT devices has soared by 100% over the past year. Its Threat Intelligence Report 2020 revealed that one third of IoT devices are infected, up from 16% in the 2019 report. Nokia suggests the infection rates depend upon the visibility of the devices on the internet, and expects an even greater surge over the next year, as devices get connected to 5G networks.

(InfoSecurity Magazine)

Google urges users to update Chrome against zero-day bug

Users of Chrome should check to make sure they are running the most recent version of the Chrome browser, 86.0.4240.111. This is to offset the presence of a bug has the potential to download virus material disguised as temporary fonts for website browsing. Although Chrome tends to update itself automatically, some users leave browsers open for days without powering off or generally rely on manufacturers to push updates at them. Simply closing and re-opening Chrome will apply the fix.

(Naked Security)

Five ways that your implanted medical device can be hacked

Cybersecurity company ESET has released, through its blog, welivesecurity.com, a top five list of weaknesses in connected medical devices like insulin pumps and pacemakers that could be potentially fatal. Pointing to industry disagreements over who is responsible for ensuring security up and down the stack, the report highlights Bluetooth, Windows, Cloud, Ethernet, and wireless keyboards as primary weak points on the line between your body and a hacker.

(ESET via WeLiveSecurity)