A 2018 Presidential finding authorized the US Central Intelligence Agency to conduct offensive cyber operations against a range of foreign targets, according to Yahoo. Iran, Russia, China, and North Korea figured prominently on the target list, former Government officials said. The activities authorized extended beyond intelligence collection to include actively disruptive measures and influence operations. The finding was sufficiently broad to encompass organizations credibly believed to be acting on behalf of or in cooperation with hostile intelligence services.
Yesterday's Patch Tuesday appears, BleepingComputer says, to have been Microsoft's second largest ever. The tally of 123 vulnerabilities addressed is exceeded only by last month's round, which fixed 129 bugs. Eighteen of this month's vulnerabilities are rated "critical," and one hundred five are assessed as "important." The vulnerability that's drawn the most attention is CVE-2020-1350, which the discoverers at Check Point call "SigRed." It's a flaw in Windows DNS Server that could be exploited for remote code execution, and for creation of a worm able to propagate through infected networks.
BleepingComputer reports that popular storytelling site Wattpad was hacked for a 270-million-record database. The information, formerly for sale, is now being offered for free. Its authenticity is under investigation.
CNBC, which has been watching Chinese state media closely, says that Beijing is advising itself through those media to retaliate in a “public and painful” way for Britain's "ill-founded" decision to boot Huawei from the UK's 5G infrastructure.
The US Securities and Exchange Commission has issued a ransomware warning to publicly traded companies.