Microsoft is currently experiencing an outage where some users are unable to login to Xbox Live, have issues with matchmaking, and are unable to access support.xbox.com.

At approximately 5:00 PM EST, users started reporting that they were unable to login to Xbox Live, access their saved games, or have issues with matchmaking. Since then, users have also been having issues opening support.xbox.com.

Microsoft has confirmed these issues in the Xbox Support Twitter account as can be seen below.

Tweet about Xbox Live being down
Tweet about Xbox Live being down
Tweet about support.xbox.com being down
Tweet about support.xbox.com being down

When users try to access support.xbox.com, they will simply be greeted

This has been a slow week in terms of new variants, but we continue to see enterprise-targeting ransomware operators threatening to release data for non-paying victims.

With Coronavirus on everyone’s minds, malware developers have turned to campaigns utilizing COVID-19 themed phishing scams or malware to take advantage of the panic and anxiety induced by the outbreak.

Of particular interest, are two ransomware infections called CoronaVirus Ransomware and CovidLock that use the outbreak as a theme for their infections.

Stay safe out there!

Contributors and those who provided new ransomware information and stories this week include: @fwosar, @malwareforme, @BleepinComputer

Slack has fixed a security flaw that allowed hackers to automate the takeover of arbitrary accounts after stealing session cookies using an HTTP Request Smuggling CL.TE hijack attack on https://slackb.com/.

Web security researcher and bug bounty hunter Evan Custodio reported the bug to the team collaboration platform’s security team via Slack’s HackerOne bug bounty program on November 14th.

The researcher discovered the vulnerability after targeting several HTTP Request Smuggling (1, 2) exploits on Slack in-scope assets using tooling he developed.

Slack fixed the bug within 24 hours according to the bug report’s timeline and rewarded Custodio with

Vulnerabilities in the Popup Builder WordPress plugin could allow unauthenticated attackers to inject malicious JavaScript code into popups displayed on tens of thousands of websites, to steal information, and to potentially fully take over targeted sites.

Popup Builder enables site owners to create, deploy, and manage customizable popups containing a wide range of content from HTML and JavaScript code to images and videos.

Sygnoos, the plugin’s developer, markets it as a tool that can help increase sales and revenue via smart pop-ups used to display ads, subscription requests, discounts, and various other types of promotional content.

Unauthenticated XSS and information

Google announced today that a new ‘Default to Guest mode’ feature is now available for Windows, Linux, and macOS power users of the Chrome web browser.

The new Google Chrome feature can be enabled using a command-line switch or an enterprise policy, and it allows users to configure the web browser to always launch into Guest Mode.

In this browsing mode, Chrome will delete all browsing activity from the computer after exiting the browser, providing its users with “a stateless browsing experience from session to session.”

Google Chrome Guest mode
Google Chrome Guest mode

‘Default to Guest’ mode for Chrome

The Guest mode can

A new phishing scam is pretending to be your HIV test results to make you more likely to open up a malicious Excel document and become infected.

Over the past year, phishing campaigns have been getting nastier and nastier with scammers coming up with wild stories to get you to open a malicious document or click a link.

In what could be a new low, Proofpoint researchers have found scammers sending phishing emails with malicious Excel spreadsheets that pretend to be your HIV test results from Vanderbilt University.

Fake HIV Test Results
Fake HIV Test Results

While the scammers mess up and misspell ‘Vanderbit