Windows 10 Zero-Click Security Exploit Wanted. Reward: $3 Million
www.forbes.com/sites/daveywinder/2021/11/21/windows-10-zero-click-security-exploit-wanted-reward-3-million/ Million-dollar security exploits, the one-click and zero-day vulnerabilities that can cause so much harm, pretty much used to be the sole territory of state-sponsored actors. However, the ransomware pandemic has changed all that. This is very bad news for everyone, including Windows 10 users, as new research reveals. The report, ‘Vulnerability Intelligence: Do you know where your flaws are?’ found that the ceiling for such zero-day pricing has now hit $10 million. Not that there is evidence, as of yet, that these sums have been realized, but the chatter is there, and that’s worrying. As is the $3 million that has been put on the table by one threat actor looking for a working zero-click remote code execution exploit for Windows 10.
US SEC warns investors of ongoing govt impersonation attacks
www.bleepingcomputer.com/news/security/us-sec-warns-investors-of-ongoing-govt-impersonation-attacks/ The Securities and Exchange Commission (SEC) has warned US investors of scammers impersonating SEC officials in government impersonator schemes via phone calls, voicemails, emails, and letters. The alert comes from SEC’s Office of Investor Education and Advocacy (OIEA), which regularly issues warnings to inform investors about the latest developments in investment frauds and scams. “We are aware that several individuals recently received phone calls or voicemail messages that appeared to be from an SEC phone number, ” OIEA said. “The calls and messages raised purported concerns about unauthorized transactions or other suspicious activity in the recipients’ checking or cryptocurrency accounts.”