---

Windows 10 to get PUA/PUP protection feature

New PUA/PUP-blocking security feature to roll out with the Windows 10 May 2020 update.

---

DHS CISA and FBI share list of top 10 most exploited vulnerabilities

Office is the most exploited technology, followed by Apache Struts.

---

Huawei denies involvement in buggy Linux kernel patch proposal

Huawei says employee submitted code as part of a personal project, not on behalf of the company.

---

Website Attacks Become Quieter & More Persistent

Threat actors have pivoted from noisy attacks to intrusions where stealth and ROI are primary goals, new report says.

---

Microsoft Fixes 111 Vulnerabilities for Patch Tuesday

This marks the third month in a row that Microsoft patched more than 100 bugs, of which 16 are classified as critical.

---

Thunderbolt flaws open millions of PCs to physical hacking

A new attack method enables bad actors to access data on a locked computer via an evil maid attack within 5 minutes

The post Thunderbolt flaws open millions of PCs to physical hacking appeared first on WeLiveSecurity

---

Microsoft Patch Tuesday, May 2020 Edition

Microsoft today issued software updates to plug at least 111 security holes in Windows and Windows-based programs. None of the vulnerabilities were labeled as being publicly exploited or detailed prior to today, but as always if you're running Windows on any of your machines it's time once again to prepare to get your patches on.

---

Nine in 10 Applications Contain Outdated Software Components

Almost every application uses open-source components and 91% use libraries that are out of date or that have been abandoned altogether.

---

Secure Contact Tracing Needs More Transparent Development

Experts worry that without proper planning, today's decisions about developing contact-tracing apps could have unforeseen consequences in the years to come.

---

REvil Ransomware Attack Hits A-List Celeb Law Firm

Cybercriminals used the REvil ransomware to attack a law firm used by the likes of Lady Gaga, Drake and Madonna. Now, they're threatening to leak the 756 gigabytes of stolen data.

---

Google removed 813 creepware apps from the Android Play Store

The applications were discovered with a new algorithm called CreepRank, developed by a team of academics.

---

DHS, FBI & DoD Report on New North Korean Malware

Three new reports detail malware coming out of the Hidden Cobra cyber operations in North Korea.

---

Microsoft Addresses 111 Bugs for May Patch Tuesday

Important-rated EoP flaws made up the bulk of the CVEs; SharePoint continued its critical run with four worrying bugs.

---

Three Years After WannaCry, Ransomware Accelerating While Patching Still Problematic

Using a known exploit to infect unmaintained systems, the WannaCry ransomware worm remains a study in preventable catastrophes. Yet many companies continue to ignore its lessons.

---

The Modern SOC Demands New Skills

Automation and other technologies are improving the organizational structure of the security operations center. This is ultimately for the better, but it means that roles will change too.

---

Microsoft May 2020 Patch Tuesday fixes 111 vulnerabilities

Third-largest Patch Tuesday in Microsoft's history started rolling out earlier today.

---

On the three-year anniversary of WannaCry, US exposes new North Korean malware

US cyber-security officials expose today three new North Korean malware strains named COPPERHEDGE, TAINTEDSCRIBE, and PEBBLEDASH.

---

A-List Celebrity Law Firm Confirms Cyberattack

Attackers claim to steal 756GB of data from Grubman Shire Meiselas & Sacks, which includes Madonna and Lady Gaga among its clients.

---

WordPress Page Builder Plugin Bugs Threaten 1 Million Sites with Full Takeover

Severe CSRF to XSS bugs open the door to code execution and complete website compromise.

---

Adobe Kills 16 Critical Flaws in Acrobat and Reader, Digital Negative SDK

Adobe patched 36 flaws, including critical vulnerabilities in Acrobat and Reader and its DNG Software Development Kit.