Security researchers from Google have disclosed today a zero-day vulnerability in the Windows operating system that is currently under active exploitation.
The zero-day is expected to be patched on November 10, which is the date of Microsoft’s next Patch Tuesday, according to Ben Hawkes, team lead for Project Zero, Google’s elite vulnerability research team.

On Twitter, Hawkes said the Windows zero-day (tracked as CVE-2020-17087) was used as part of a two-punch attack, together with another a Chrome zero-day (tracked as CVE-2020-15999) that his team disclosed last week.
The Chrome zero-day was used to allow attackers to run malicious code inside Chrome, while the Windows zero-day was the second part of this attack, allowing threat actors to escape Chrome’s secure container and run code on the underlying operating system — in what security experts call a sandbox escape.
The Google Project Zero team notified Microsoft last week and gave the company seven days to patch the bug. Details were published today, as Microsoft did not release a patch in the allotted time.

Currently we expect a patch for this issue to be available on November 10. We have confirmed with the Director of Google’s Threat Analysis Group, Shane Huntley (@ShaneHuntley), that this is targeted exploitation and this is not related to any US election related targeting.
— Ben Hawkes (@benhawkes) October 30, 2020

Windows 7 to Windows 10 are impacted
According to Google’s report, the zero-day is a bug in the Windows kernel that can be exploited to elevate an attacker’s code with additional permissions.
Per the report, the vulnerability impacts all Windows versions between Windows 7 and the most recent Windows 10 release.

Proof of concept code to reproduce attacks was also include.
Hawkes did not provide details about who was using these two zero-days. Usually, most zero-days are discovered by nation-sponsored hacking groups or large cybercrime groups.
Per the same Google report, the attacks were also confirmed by a second Google security team, Google’s Threat Analysis Group (TAG).
Shane Huntley, Google TAG Director, said the attacks are not related to the US election.
The Chrome zero-day was patched in Chrome version 86.0.4240.111.
This is the second time that Google discloses a two-pronged attack that involved a Windows and a Chrome zero-day. In March 2019, Google said that threat actors have also combined a Chrome zero-day (CVE-2019-5786) with a Windows zero-day (CVE-2019-0808). More

New South Wales Health has confirmed being impacted by a cyber attack involving the file transfer system owned by Accellion.  The system was widely used to share and store files by organisations around the world, including NSW Health, the government entity said on Friday afternoon.”Following the NSW government’s advice earlier this year around a world-wide cyber attack that included NSW government agencies, NSW Health is notifying people whose data may have been accessed in the global Accellion cyber attack,” it said in a statement.The state entity said medical records in public hospitals were not affected and the software involved is no longer in use by NSW Health.”Different types of information, including identity information and in some cases, health-related personal information, were included in the attack,” it added.NSW Health said it has been working with NSW Police and Cyber Security NSW and that to date, there is no evidence any of the information has been misused.See also: How NSW Health used tech to respond to COVID-19

“A cyber incident help line has been set up to provide further information and support to those people NSW Health is contacting,” it said. “If you are contacted by NSW Health, you will be given the cyber incident help line details; if you are not contacted by NSW Health, no action is required.”The NSW Police Force and Cyber Security NSW have set up Strike Force Martine to determine the impact on NSW government agencies that were caught up in the attack on Accellion.Accellion’s file-sharing program, File Transfer Appliance, is an enterprise product used to transfer large files. While now discontinued and supplanted by other software such as Kiteworks, a zero-day vulnerability in the legacy software was found in December and has since been exploited by attackers in the wild. It is estimated that some 100 organisations around the world were among those affected by the breach.Transport for NSW in February confirmed being caught up in the breach.The Australian Securities and Investments Commission (ASIC) in January said one of its servers was breached earlier in the month in relation to Accellion software used by the agency to transfer files and attachments.Accellion was also used as the vector to breach the Reserve Bank of New Zealand (RBNZ) in January.HERE’S MORE More

Newly-formed cryptocurrency platform Saitama announced Wednesday that its smart wallet, SaitaMask, has passed an audit. It received certification from blockchain cryptocurrency auditing firm CertiK, declaring that SaitaMask is “issue free and hacker resistant.”

Passing the audit will make it easier for the six-month-old crypto platform “to apply for, and be listed on, additional exchanges,” making its $SAITAMA tokens more accessible. Currently, there are about 300,000 token holders with a market cap of $4 billion, the company said in its press release. Saitama noted that its SaitaMask smart wallet is designed to be a “one stop shop” for its users who can link their choice of payment system to buy, sell, and transfer any crypto coin without having to leave its mobile app, which will be available for download in January. To give its users the ability to be more in control of their assets, the company said it plans to make SaitaMask “a hub connecting users to multiple tools helping them analyze and make investment choices.” Among the tools is an “Edutainment platform” to educate users about finance and investing, Saitama said.Launched on May 31, Saitama’s $SAITAMA token is built on the Ethereum blockchain ERC-20, the standard that’s used for all smart contracts on the Ethereum blockchain to administer tokens. The company said that the ERC-20 network incorporates “smart coding” that benefits loyal token holders with “rewards to protect against big wallet holders (whales) from trying to manipulate the price in their favor or from dumping tokens by selling out.”This is a busy time for New York-based CertiK, which is working with PeckShield to help crypto exchange platform Binance provide comprehensive security audits when reviewing project tokens that get listed on the exchange. Dubbed “Project Shield,” CertiK and PeckShield are providing the latest level of protection designed to safeguard Binance users and provide them access to secure projects. More

Kerry Wan/ZDNETA week after unveiling its Galaxy Buds 3 Pro at its Unpacked event, Samsung is pulling them off the market because of quality issues.After users began reporting quality issues with the $249.99 earbuds, Samsung’s website shows the company has delayed the product’s release to late August, while the Amazon listing has disappeared entirely. The earbuds were previously available for preorder and had an official release date of July 24, although a limited number of units were already in the hands of some customers and reviewers.Also: The best earbuds: Expert tested and reviewedIn a statement to Android Authority, Samsung confirmed that it won’t be delivering the current product to retail stores right now.”There have been reports relating to a limited number of early production Galaxy Buds 3 Pro devices,” the statement said. “To ensure all products meet our quality standards, we have temporarily suspended deliveries of Galaxy Buds 3 Pro devices to distribution channels.” Customers who have the Galaxy Buds 3 Pro should contact Samsung.The most common issue seems to involve the earbud tips. Some early owners who tried changing the tips for a different size ended up ripping the tips and leaving the plastic circular base attached. A Samsung support page in South Korean warns not to hold the earbuds with your fingernails, but that message apparently isn’t making it to most people. More

June Wan/ZDNETIf you’re a Samsung phone user, the company is making a change you’ll need to pay attention to.For the past two years, Samsung has been phasing out its Samsung Messages app in favor of Google Messages. Samsung’s messaging app has continued to be available — since the Galaxy S22 — but Google’s app was the default option.Also: The best Samsung phones you can buy: Expert testedFirst spotted by Max Weinbach on X, it appears the transition to Google Messages is nearly complete. Starting with the Flip6 and Fold6, you won’t find Samsung Messages pre-installed on new Samsung phones. You will be able to download the Samsung Messages app to a new device, but the company notes that “some features will be excluded.” If you’re a current user, the app isn’t going anywhere and you can continue using it. If you’re a Samsung Messages user, is it time to change? There’s no pressing reason to change at this exact moment, but if you’re planning for the future, there are plenty of reasons to change.  More