|
|
|
January 16, 2025
|
|
US cracks down on North Korean IT worker army with more sanctions
The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. |
January 16, 2025
|
|
Biden signs executive order to bolster national cybersecurity
Days before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. |
January 16, 2025
|
|
Wolf Haldenstein law firm says 3.5 million impacted by data breach
Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. |
January 16, 2025
|
|
FTC sues GoDaddy for years of poor hosting security practices
The FTC will require web hosting giant GoDaddy to implement basic security protections, such as multi-factor authentication and HTTPS APIs, to settle charges that it failed to secure its hosting services against attacks since 2018. |
January 16, 2025
|
|
New UEFI Secure Boot flaw exposes systems to bootkits, patch now
A new UEFI Secure Boot bypass vulnerability tracked as CVE-2024-7344 that affects a Microsoft-signed application could be exploited to deploy bootkits even if Secure Boot protection is active. |
January 16, 2025
|
|
MFA Failures - The Worst is Yet to Come
This article delves into the rising tide of MFA failures, the alarming role of generative AI in amplifying these attacks, the growing user discontent weakening our defenses, and the glaring vulnerabilities being frequently exploited. The storm is building, and the worst is yet to come. |
January 15, 2025
|
|
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. |
January 15, 2025
|
|
SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. |
January 15, 2025
|
|
CISA shares guidance for Microsoft expanded logging capabilities
CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. |
January 15, 2025
|
|
MikroTik botnet uses misconfigured SPF DNS records to spread malware
A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. |
January 15, 2025
|
|
Label giant Avery says website hacked to steal credit cards
Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. |
January 15, 2025
|
|
Hackers use Google Search ads to steal Google Ads accounts
Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers' credentials for the Google Ads platform. |
January 15, 2025
|
|
Microsoft ends support for Office apps on Windows 10 in October
Microsoft says it will drop support for Office apps in Windows 10 after the operating system reaches its end of support on October 14. |
January 15, 2025
|
|
Over 660,000 Rsync servers exposed to code execution attacks
Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers. |
January 15, 2025
|
|
Windows BitLocker bug triggers warnings on devices with TPMs
Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker. |
January 14, 2025
|
|
January Windows updates may fail if Citrix SRA is installed
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. |
January 14, 2025
|
|
Allstate car insurer sued for tracking drivers without permission
Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. |
January 14, 2025
|
|
WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites
A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. |
January 14, 2025
|
|
US govt says North Korea stole over $659 million in crypto last year
North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. |
January 14, 2025
|
|
Windows 10 KB5049981 update released with new BYOVD blocklist
Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. |
January 14, 2025
|
|
Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws
Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. |
January 14, 2025
|
|
Windows 11 KB5050009 & KB5050021 cumulative updates released
Microsoft has released the Windows 11 KB5050009 and KB5050021 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. |
January 14, 2025
|
|
Google OAuth flaw lets attackers gain access to abandoned accounts
A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. |
January 14, 2025
|
|
FBI wipes Chinese PlugX malware from over 4,000 US computers
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. |
January 14, 2025
|
|
Hackers use FastHTTP in new high-speed Microsoft 365 password attacks
Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. |
January 14, 2025
|
|
Fortinet warns of auth bypass zero-day exploited to hijack firewalls
Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. |
January 14, 2025
|
|
Microsoft 365 apps crash on Windows Server after Office update
Microsoft says a known issue is causing Classic Outlook and Microsoft 365 applications to crash on Windows Server 2016 or Windows Server 2019 systems. |
January 13, 2025
|
|
OneBlood confirms personal data stolen in July ransomware attack
Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer. |
January 13, 2025
|
|
CISA orders agencies to patch BeyondTrust bug exploited in attacks
CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. |
January 13, 2025
|
|
Stolen Path of Exile 2 admin account used to hack player accounts
Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. |
January 13, 2025
|
|
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. |
January 13, 2025
|
|
Hackers exploit critical Aviatrix Controller RCE flaw in attacks
Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. |
January 13, 2025
|
|
UK domain registry Nominet confirms breach via Ivanti zero-day
Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. |
January 13, 2025
|
|
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. |
January 13, 2025
|
|
Microsoft MFA outage blocking access to Microsoft 365 apps
Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. |
January 12, 2025
|
|
Phishing texts trick Apple iMessage users into disabling protection
Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. |
January 12, 2025
|
|
Pastor who saw crypto project in his "dream" indicted for fraud
A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023. |
January 11, 2025
|
|
Scammers file first — Get your IRS Identity Protection PIN now
The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns. |
January 11, 2025
|
|
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. |
January 10, 2025
|
|
Telefónica confirms internal ticketing system breach after data leak
Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum. |
January 10, 2025
|
|
New Web3 attack exploits transaction simulations to steal crypto
Threat actors are employing a new tactic called "transaction simulation spoofing" to steal crypto, with one attack successfully stealing 143.45 Ethereum, worth approximately $460,000. |
January 10, 2025
|
|
US charges operators of cryptomixers linked to ransomware gangs
The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. |
January 10, 2025
|
|
Treasury hackers also breached US foreign investments review office
Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks. |
January 10, 2025
|
|
Docker Desktop blocked on Macs due to false malware alert
Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. |
January 10, 2025
|
|
Proton worldwide outage caused by Kubernetes migration, software change
Swiss tech company Proton, which provides privacy-focused online services, says that a Thursday worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. |
January 10, 2025
|
|
STIIIZY data breach exposes cannabis buyers’ IDs and purchases
Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. |
January 10, 2025
|
|
Microsoft to force install new Outlook on Windows 10 PCs in February
Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's security update. |
January 9, 2025
|
|
Fake CrowdStrike job offer emails target devs with crypto miners
CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). |
January 9, 2025
|
|
Largest US addiction treatment provider notifies patients of data breach
BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. |
January 9, 2025
|
|
Banshee stealer evades detection using Apple XProtect encryption algo
A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple's XProtect. |
January 9, 2025
|
|
Microsoft fixes OneDrive bug causing macOS app freezes
Microsoft has fixed a known issue causing macOS applications to freeze when opening or saving files in OneDrive. |
January 9, 2025
|
|
Proton Mail still down as Proton recovers from worldwide outage
Privacy firm Proton suffered a massive worldwide outage today, taking down most services, with Proton Mail and Calendar users still unable to connect to their accounts. |
January 9, 2025
|
|
MirrorFace hackers targeting Japanese govt, politicians since 2019
The National Police Agency (NPA) and the Cabinet Cyber Security Center in Japan have linked a cyber-espionage campaign targeting the country to the Chinese state-backed "MirrorFace" hacking group. |
January 9, 2025
|
|
US Treasury hack linked to Silk Typhoon Chinese state hackers
Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December. |
January 9, 2025
|
|
Google: Chinese hackers likely behind Ivanti VPN zero-day attacks
Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group. |
January 9, 2025
|
|
Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook
AI SPERA announced today that it launched its Criminal IP Malicious Link Detector add-in on the Microsoft Marketplace. Learn more about how this tool provides real-time phishing email detection and URL blocking for Microsoft Outlook. |
January 9, 2025
|
|
Microsoft fixes bug causing Outlook freezes when copying text
Microsoft has fixed a known issue causing the classic Outlook email client to stop responding when copying text with the CTRL+C keyboard shortcut. |
January 8, 2025
|
|
Unpatched critical flaws impact Fancy Product Designer WordPress plugin
Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. |
January 8, 2025
|
|
Ivanti warns of new Connect Secure flaw used in zero-day attacks
Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. |
January 8, 2025
|
|
Russian ISP confirms Ukrainian hackers "destroyed" its network
Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance |
January 8, 2025
|
|
SonicWall urges admins to patch exploitable SSLVPN bug immediately
SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." |
January 8, 2025
|
|
Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens
Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. |
January 8, 2025
|
|
Over 4,000 backdoors hijacked by registering expired domains
Over 4,000 abandoned but still active web backdoors were hijacked and their communication infrastructure sinkholed after researchers registered expired domains used for commanding them. |
January 8, 2025
|
|
Medical billing firm Medusind discloses breach affecting 360,000 people
Medusind, a leading billing provider for healthcare organizations, is notifying hundreds of thousands of individuals of a data breach that exposed their personal and health information more than a year ago, in December 2023. |
January 8, 2025
|
|
Thousands of credit cards stolen in Green Bay Packers store breach
American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. |
January 8, 2025
|
|
How initial access brokers (IABs) sell your users’ credentials
Initial Access Brokers (IABs) are specialized cybercriminals that break into corporate networks and sell stolen access to other attackers. Learn from Specops Software about how IABs operate and how businesses can protect themselves. |
January 8, 2025
|
|
UN aviation agency confirms recruitment database security breach
The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. |
January 7, 2025
|
|
PowerSchool hack exposes student, teacher data from K-12 districts
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. |
January 7, 2025
|
|
Casio says data of 8,500 people exposed in October ransomware attack
Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. |
January 7, 2025
|
|
New Mirai botnet targets industrial routers with zero-day exploits
A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. |
January 7, 2025
|
|
US govt launches cybersecurity safety label for smart devices
Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. |
January 7, 2025
|
|
BIOS flaws expose iSeq DNA sequencers to bootkit attacks
BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. |
January 7, 2025
|
|
CISA warns of critical Oracle, Mitel flaws exploited in attacks
CISA has warned U.S. federal agencies to secure their systems against critical vulnerabilities in Oracle WebLogic Server and Mitel MiCollab systems that are actively exploited in attacks. |
January 7, 2025
|
|
Washington state sues T-Mobile over 2021 data breach security failures
Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. |
January 7, 2025
|
|
UN aviation agency investigating 'potential' security breach
On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." |
January 7, 2025
|
|
Telegram hands over data on thousands of users to US law enforcement
Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. |
January 7, 2025
|
|
Malicious Browser Extensions are the Next Frontier for Identity Attacks
A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. |
January 7, 2025
|
|
Green Bay Packers' online store hacked to steal credit cards
The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information. |
January 6, 2025
|
|
CISA says recent government hack limited to US Treasury
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. |
January 6, 2025
|
|
Vulnerable Moxa devices expose industrial networks to attacks
Industrial networking and communications provider Moxa is warning of a high-severity and a critical vulnerability that impact various models of its cellular routers, secure routers, and network security appliances. |
January 6, 2025
|
|
Chinese hackers also breached Charter and Windstream networks
More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. |
January 6, 2025
|
|
Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs
New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. |
January 6, 2025
|
|
Microsoft Bing shows misleading Google-like page for 'Google' searches
Microsoft Bing is displaying what is being categorized as a misleading Google-esque search page when users search for Google, making it look you are on the competing search engine. |
January 5, 2025
|
|
Microsoft may have scrapped Windows 11's dynamic wallpapers feature
Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. |
January 5, 2025
|
|
Windows 10 users urged to upgrade to avoid "security fiasco"
Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. |
January 5, 2025
|
|
Cryptocurrency wallet drainers stole $494 million in 2024
Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. |
January 4, 2025
|
|
Nuclei flaw bypasses template signature checks to execute commands
A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. |
January 4, 2025
|
|
Google Chrome is making it easier to share specific parts of long PDFs
Google is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. |
January 4, 2025
|
|
New FireScam Android malware poses as RuStore app to steal data
A new Android malware named 'FireScam' is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia's app market for mobile devices. |
January 3, 2025
|
|
Bad Tenable plugin updates take down Nessus agents worldwide
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. |
January 3, 2025
|
|
US sanctions Chinese company linked to Flax Typhoon hackers
The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech (also known as Yongxin Zhicheng) for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. |
January 3, 2025
|
|
Malicious npm packages target Ethereum developers' private keys
Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. |
January 3, 2025
|
|
Apple offers $95 million in Siri privacy violation settlement
Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. |
January 3, 2025
|
|
French govt contractor Atos denies Space Bears ransomware attack claims
French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. |
January 2, 2025
|
|
Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach
The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. |
January 2, 2025
|
|
New DoubleClickjacking attack exploits double-clicks to hijack accounts
A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. |
January 2, 2025
|
|
Chinese hackers targeted sanctions office in Treasury attack
Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. |
January 2, 2025
|
|
Over 3 million mail servers without encryption exposed to sniffing attacks
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. |
January 1, 2025
|
|
The biggest cybersecurity and cyberattack stories of 2024
2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024. |
December 31, 2024
|
|
New details reveal how hackers hijacked 35 Google Chrome extensions
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. |
December 31, 2024
|
|
Over 3.1 million fake "stars" on GitHub projects used to boost rankings
GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. |
December 31, 2024
|
|
Massive healthcare breaches prompt US cybersecurity rules overhaul
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients' health data following a surge in massive healthcare data leaks. |
December 30, 2024
|
|
US Treasury Department breached through remote support platform
Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. |
December 30, 2024
|
|
Hackers exploit Four-Faith router flaw to open reverse shells
Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. |
December 30, 2024
|
|
Microsoft issues urgent dev warning to update .NET installer link
Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. |
December 30, 2024
|
|
AT&T and Verizon say networks secure after Salt Typhoon breach
AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. |
December 29, 2024
|
|
Malware botnets exploit outdated D-Link routers in recent attacks
Two botnets tracked as 'Ficora' and 'Capsaicin' have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. |
December 28, 2024
|
|
Hackers steal ZAGG customers' credit cards in third-party breach
ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company's e-commerce provider, BigCommerce. |
December 28, 2024
|
|
Customer data from 800,000 electric cars and owners exposed online
Volkswagen's automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers' names and reveal precise vehicle locations. |
December 27, 2024
|
|
White House links ninth telecom breach to Chinese hackers
A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. |
December 27, 2024
|
|
Hackers exploit DoS flaw to disable Palo Alto Networks firewalls
Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. |
December 27, 2024
|
|
Cybersecurity firm's Chrome extension hijacked to steal users' data
At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. |
December 26, 2024
|
|
Apache warns of critical flaws in MINA, HugeGraph, Traffic Control
The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. |
December 26, 2024
|
|
New 'OtterCookie' malware used to backdoor devs in fake job offers
North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. |
December 26, 2024
|
|
Windows 11 installation media bug causes security update failures
Microsoft is warning of an issue when using a media support to install Windows 11, version 24H2, that causes the operating system to not accept further security updates. |
December 25, 2024
|
|
Five lesser known Task Manager features in Windows 11
Windows 11 is far from perfect, but it does make Task Manager significantly better. In this article, we're going to take a closer look at some of our favourite Task Manager features. |
December 24, 2024
|
|
New botnet exploits vulnerabilities in NVRs, TP-Link routers
A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. |
December 24, 2024
|
|
European Space Agency's official store hacked to steal payment cards
European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. |
December 24, 2024
|
|
FBI links North Korean hackers to $308 million crypto heist
The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. |
December 24, 2024
|
|
Clop ransomware is now extorting 66 Cleo data-theft victims
The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. |
December 23, 2024
|
|
Adobe warns of critical ColdFusion bug with PoC exploit code
Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. |
December 23, 2024
|
|
FTC orders Marriott and Starwood to implement strict data security
The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches. |
December 23, 2024
|
|
Premium WPLMS WordPress plugins address seven critical flaws
Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. |
December 23, 2024
|
|
US court finds spyware maker NSO liable for WhatsApp hacks
A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices. |
December 23, 2024
|
|
Apache fixes remote code execution bypass in Tomcat web server
Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. |
December 23, 2024
|
|
Microsoft fixes bug behind random Office 365 deactivation errors
Microsoft has rolled out a fix for a known issue that causes random "Product Deactivated" errors for customers using Microsoft 365 Office apps. |
December 22, 2024
|
|
North Korean hackers stole $1.3 billion worth of crypto this year
North Korean hackers have stolen $1.34 billion worth of cryptocurrency across 47 cyberattacks that occurred in 2024, according to a new report by blockchain analysis company Chainalysis. |
December 21, 2024
|
|
New FlowerStorm Microsoft phishing service fills void left by Rockstar2FA
A new Microsoft 365 phishing-as-a-service platform called "FlowerStorm" is growing in popularity, filling the void left behind by the sudden shutdown of the Rockstar2FA cybercrime service. |
December 20, 2024
|
|
Google says new scam protection feature in Chrome uses AI
Google is planning to use "AI" in Chrome to detect scams when you browse random web pages. |
December 20, 2024
|
|
Malicious Rspack, Vant packages published using stolen NPM tokens
Three popular npm packages, @rspack/core, @rspack/cli, and Vant, were compromised through stolen npm account tokens, allowing threat actors to publish malicious versions that installed cryptominers. |
December 20, 2024
|
|
US charges Russian-Israeli as suspected LockBit ransomware coder
The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. |
December 20, 2024
|
|
Sophos Firewall vulnerable to critical remote code execution flaw
Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. |
December 20, 2024
|
|
Krispy Kreme breach, data theft claimed by Play ransomware gang
The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. |
December 20, 2024
|
|
Ascension: Health data of 5.6 million stolen in ransomware attack
Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. |
December 20, 2024
|
|
Massive live sports piracy ring with 812 million yearly visits taken offline
The Alliance for Creativity and Entertainment (ACE) has taken down one of the world's largest live sports streaming piracy rings, with over 821 million visits last year. |
December 20, 2024
|
|
Romanian Netwalker ransomware affiliate sentenced to 20 years in prison
Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. |
December 19, 2024
|
|
BadBox malware botnet infects 192,000 Android devices despite disruption
The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany. |
December 19, 2024
|
|
Microsoft 365 users hit by random product deactivation errors
Microsoft is investigating a known issue randomly triggering "Product Deactivated" errors for customers using Microsoft 365 Office apps. |
December 19, 2024
|
|
Android malware found on Amazon Appstore disguised as health app
A malicious Android spyware application named 'BMI CalculationVsn' was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. |
December 19, 2024
|
|
Juniper warns of Mirai botnet targeting Session Smart routers
Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. |
December 19, 2024
|
|
Windows 11 24H2 upgrades blocked on some PCs due to audio issues
Microsoft has added another Windows 11 24H2 upgrade block for systems with Dirac audio improvement software due to compatibility issues breaking sound output. |
December 19, 2024
|
|
Fortinet warns of FortiWLM bug giving hackers admin privileges
Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. |
December 19, 2024
|
|
Microsoft says Auto HDR causes game freezes on Windows 11 24H2
Microsoft is now blocking Windows 11 24H2 upgrades on systems with Auto HDR enabled due to a compatibility issue that causes game freezes. |
December 19, 2024
|
|
BeyondTrust says hackers breached Remote Support SaaS instances
Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances. |
December 18, 2024
|
|
Ongoing phishing attack abuses Google Calendar to bypass spam filters
An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. |
December 18, 2024
|
|
Raccoon Stealer malware operator gets 5 years in prison after guilty plea
Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. |
December 18, 2024
|
|
Russian hackers use RDP proxies to steal data in MiTM attacks
The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. |
December 18, 2024
|
|
US considers banning TP-Link routers over cybersecurity risks
The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. |
December 18, 2024
|
|
HubSpot phishing targets 20,000 Microsoft Azure accounts
A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. |
December 18, 2024
|
|
CISA urges switch to Signal-like encrypted messaging apps after telecom hacks
Today, CISA urged senior government and political officials to switch to end-to-end encrypted messaging apps like Signal following a wave of telecom breaches across dozens of countries, including eight carriers in the United States. |
December 18, 2024
|
|
Malicious Microsoft VSCode extensions target devs, crypto community
Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. |
December 18, 2024
|
|
Recorded Future CEO applauds "undesirable" designation by Russia
Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an "undesirable" organization. |
December 18, 2024
|
|
Interpol replaces dehumanizing "Pig Butchering" term with "Romance Baiting"
Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. |
December 17, 2024
|
|
NVIDIA shares fix for game performance issues with new NVIDIA App
Nvidia has shared a temporary fix for a known issue impacting systems running its recently unveiled NVIDIA App and causing gaming performance to drop by up to 15%. |
December 17, 2024
|
|
'Bitter' cyberspies target defense orgs with new MiyaRAT malware
A cyberespionage threat group known as 'Bitter' was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. |
December 17, 2024
|
|
New fake Ledger data breach emails try to steal crypto wallets
A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. |
December 17, 2024
|
|
CISA orders federal agencies to secure Microsoft 365 tenants
CISA has issued this year's first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their Microsoft 365 cloud environments by implementing a list of required configuration baselines. |
December 17, 2024
|
|
New critical Apache Struts flaw exploited to find vulnerable servers
A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. |
December 17, 2024
|
|
Ireland fines Meta $264 million over 2018 Facebook data breach
The Irish Data Protection Commission (DPC) fined Meta €251 million ($263.6M) over General Data Protection Regulation (GDPR) violations arising from a 2018 personal data breach impacting 29 million Facebook accounts. |
December 17, 2024
|
|
Over 25,000 SonicWall VPN Firewalls exposed to critical flaws
Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. |
December 17, 2024
|
|
Might need a mass password reset one day? Read this first.
Organizations are often caught off-guard when a data breaches occurs, forcing them to quickly perform mass password resets Learn from Specops Software about some of the common mass password reset scenarios and the challenges you may face. |
December 16, 2024
|
|
FBI spots HiatusRAT malware attacks targeting web cameras, DVRs
The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. |
December 16, 2024
|
|
Texas Tech University System data breach impacts 1.4 million patients
The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. |
December 16, 2024
|
|
Kali Linux 2024.4 released with 14 new tools, deprecates some features
Kali Linux has released version 2024.4, the fourth and final version of 2024, and it is now available with fourteen new tools, numerous improvements, and deprecates some features. |
December 16, 2024
|
|
Windows kernel bug now exploited in attacks to gain SYSTEM privileges
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. |
December 16, 2024
|
|
Malicious ads push Lumma infostealer via fake CAPTCHA pages
A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. |
December 16, 2024
|
|
ConnectOnCall breach exposes health data of over 910,000 patients
Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall. |
December 16, 2024
|
|
Rhode Island confirms data breach after Brain Cipher ransomware attack
Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems. |
December 16, 2024
|
|
New Android NoviSpy spyware linked to Qualcomm zero-day bugs
The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors. |
December 15, 2024
|
|
Clop ransomware claims responsibility for Cleo data theft attacks
The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. |
December 15, 2024
|
|
Winnti hackers target other threat actors with new Glutton PHP backdoor
The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. |
December 14, 2024
|
|
390,000 WordPress accounts stolen from hackers in supply chain attack
A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. |
December 13, 2024
|
|
Auto parts giant LKQ says cyberattack disrupted Canadian business unit
Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. |
December 13, 2024
|
|
Citrix shares mitigations for ongoing Netscaler password spray attacks
Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. |
December 13, 2024
|
|
CISA confirms critical Cleo bug exploitation in ransomware attacks
CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. |
December 13, 2024
|
|
FTC warns of online task job scams hooking victims like gambling
The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as "task scams," that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. |
December 13, 2024
|
|
CISA warns water facilities to secure HMI systems exposed online
CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. |
December 13, 2024
|
|
Russia blocks Viber in latest attempt to censor communications
Russian telecommunications watchdog Roskomnadzor has blocked the Viber encrypted messaging app, used by hundreds of millions worldwide, for violating the country's legislation. |
December 13, 2024
|
|
Russian cyberspies target Android users with new spyware
Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices. |
December 13, 2024
|
|
Germany sinkholes BadBox malware pre-loaded on Android devices
Germany's Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. |
December 12, 2024
|
|
New stealthy Pumakit Linux rootkit malware spotted in the wild
A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. |
December 12, 2024
|
|
Police shuts down Rydox cybercrime market, arrests 3 admins
International law enforcement operation seizes the Rydox cybercrime marketplace and arrests three administrators. |
December 12, 2024
|
|
New IOCONTROL malware used in critical infrastructure attacks
Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. |
December 12, 2024
|
|
US offers $5 million for info on North Korean IT worker farms
The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. |
December 12, 2024
|
|
Cleo patches critical zero-day exploited in data theft attacks
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. |
December 12, 2024
|
|
Spain busts voice phishing ring for defrauding 10,000 bank customers
The Spanish police, working with colleagues in Peru, conducted a simultaneous crackdown on a large-scale voice phishing (vishing) scam ring in the two countries, arresting 83 individuals. |
December 12, 2024
|
|
Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed
US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. |
December 11, 2024
|
|
Hunk Companion WordPress plugin exploited to install vulnerable plugins
Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. |
December 11, 2024
|
|
Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation
The 2024 MITRE ATT&CK Evaluation results are now available with Cynet achieving 100% Visibility and 100% Protection in the 2024 evaluation. Learn more from Cynet about what these results mean. |
December 11, 2024
|
|
New EagleMsgSpy Android spyware used by Chinese police, researchers say
A previously undocumented Android spyware called 'EagleMsgSpy' has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. |
December 11, 2024
|
|
Microsoft lifts Windows 11 24H2 block on PCs with USB scanners
Microsoft has lifted a compatibility block preventing Windows 11 24H2 upgrades after fixing a bug causing USB connection issues to some scanners. |
December 11, 2024
|
|
Facebook, Instagram, WhatsApp hit by massive worldwide outage
Facebook, Instagram, Threads, and WhatsApp suffered a massive worldwide Wednesday afternoon, with services impacted in varying degrees based on user's region. |
December 11, 2024
|
|
Russian cyber spies hide behind other hackers to target Ukraine
Russian cyber-espionage group Turla, aka "Secret Blizzard," is utilizing other threat actors' infrastructure to target Ukrainian military devices connected via Starlink. |
December 11, 2024
|
|
Operation PowerOFF shuts down 27 DDoS-for-hire platforms
Law enforcement agencies from 15 countries have taken 27 DDoS-for-hire services offline, also known as "booters" or "stressers," arrested three administrators, and identified 300 customers of the platforms. |
December 11, 2024
|
|
Lynx ransomware behind Electrica energy supplier cyberattack
The Romanian National Cybersecurity Directorate (DNSC) says the Lynx ransomware gang breached Electrica Group, one of the largest electricity suppliers in the country. |
December 11, 2024
|
|
Krispy Kreme cyberattack impacts online orders and operations
US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. |
December 10, 2024
|
|
Wyden proposes bill to secure US telecoms after Salt Typhoon hacks
U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. |
December 10, 2024
|
|
WPForms bug allows Stripe refunds on millions of WordPress sites
A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. |
December 10, 2024
|
|
Ivanti warns of maximum severity CSA auth bypass vulnerability
Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. |
December 10, 2024
|
|
Windows 10 KB5048652 update fixes new motherboard activation bug
Microsoft has released the KB5048652 cumulative update for Windows 10 22H2, which contains six fixes, including a fix that prevented Windows 10 from activating when you change a device's motherboard. |
December 10, 2024
|
|
Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws
Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. |
December 10, 2024
|
|
Windows 11 KB5048667 & KB5048685 cumulative updates released
Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. |
December 10, 2024
|
|
FTC distributes $72 million in Fortnite refunds from Epic Games
The Federal Trade Commission (FTC) is distributing over $72 million in Epic Game Fortnite refunds for the company's use of dark patterns to trick players into making unwanted purchases. |
December 10, 2024
|
|
US sanctions Chinese firm for hacking firewalls in ransomware attacks
The U.S. Treasury Department has sanctioned Chinese cybersecurity company Sichuan Silence and one of its employees for their involvement in a series of Ragnarok ransomware attacks targeting U.S. critical infrastructure companies and many other victims worldwide in April 2020. |
December 10, 2024
|
|
New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. |
December 10, 2024
|
|
Inside the incident: Uncovering an advanced phishing attack
Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. |
December 10, 2024
|
|
Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. |
December 10, 2024
|
|
Chinese hackers use Visual Studio Code tunnels for remote access
Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent access to compromised systems. |
December 9, 2024
|
|
Ransomware attack hits leading heart surgery device maker
Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. |
December 9, 2024
|
|
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. |
December 9, 2024
|
|
Ubisoft fixes Windows 11 24H2 conflicts causing game crashes
Microsoft has now partially lifted a compatibility hold blocking the Windows 24H2 update on systems with some Ubisoft games after the French video game publisher has fixed bugs causing crashes, freezes, and audio issues. |
December 9, 2024
|
|
Radiant links $50 million crypto heist to North Korean hackers
Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. |
December 9, 2024
|
|
Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades
Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they're causing Outlook launch issues. |
December 9, 2024
|
|
Cybercrime gang arrested after turning Airbnbs into fraud centers
Eight members of an international cybercrime network that stole millions of Euros from victims and set up Airbnb fraud centers were arrested in Belgium and the Netherlands. |
December 9, 2024
|
|
Romanian energy supplier Electrica hit by ransomware attack
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today. |
December 8, 2024
|
|
QR codes bypass browser isolation for malicious C2 communication
Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. |
December 7, 2024
|
|
Anna Jaques Hospital ransomware breach exposed data of 300K patients
Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. |
December 6, 2024
|
|
Microsoft expands Recall preview to Intel and AMD Copilot+ PCs
Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. |
December 6, 2024
|
|
Ultralytics AI model hijacked to infect thousands with cryptominer
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) |
December 6, 2024
|
|
Blue Yonder SaaS giant breached by Termite ransomware gang
The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. |
December 6, 2024
|
|
New Windows zero-day exposes NTLM credentials, gets unofficial patch
A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. |
December 6, 2024
|
|
Crypto-stealing malware posing as a meeting app targets Web3 pros
Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. |
December 5, 2024
|
|
Nebraska Man pleads guilty to dumb cryptojacking operation
A Nebraska man pleaded guilty on Thursday to operating a large-scale cryptojacking operation after being arrested and charged in April. |
December 5, 2024
|
|
Romania's election systems targeted in over 85,000 cyberattacks
A declassified report from Romania's Intelligence Service says that the country's election infrastructure was targeted by more than 85,000 cyberattacks. |
December 5, 2024
|
|
U.S. org suffered four month intrusion by Chinese hackers
A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. |
December 5, 2024
|
|
US arrests Scattered Spider suspect linked to telecom hacks
U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. |
December 5, 2024
|
|
Police shuts down Manson cybercrime market, arrests key suspects
German law enforcement has seized over 50 servers that hosted the Manson Market cybercrime marketplace and fake online shops used in phishing operations. |
December 5, 2024
|
|
New Android spyware found on phone seized by Russian FSB
After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. |
December 5, 2024
|
|
Latrodectus malware and how to defend against it with Wazuh
Latrodectus is a versatile malware family that infiltrate systems, steal sensitive data, and evades detection. Learn more from Wazuh about Latrodectus malware and how to defend against it using the open-source XDR. |
December 5, 2024
|
|
Mitel MiCollab zero-day flaw gets proof-of-concept exploit
Researchers have uncovered an arbitrary file read zero-day in the Mitel MiCollab collaboration platform, allowing attackers to access files on a server's filesystem. |
December 4, 2024
|
|
Microsoft says having a TPM is "non-negotiable" for Windows 11
Microsoft made it abundantly clear this week that Windows 10 users won't be able to upgrade to Windows 11 unless their systems come with TPM 2.0 support, stating it's a "non-negotiable" requirement. |
December 4, 2024
|
|
White House: Salt Typhoon hacked telcos in dozens of countries
Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. |
December 4, 2024
|
|
FBI shares tips on how to tackle AI-powered fraud schemes
The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. |
December 4, 2024
|
|
UK disrupts Russian money laundering networks used by ransomware
A law enforcement operation led by the United Kingdom's National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs. |
December 4, 2024
|
|
BT unit took servers offline after Black Basta ransomware breach
Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. |
December 4, 2024
|
|
New DroidBot Android banking malware spreads across Europe
A new Android banking malware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal. |
December 4, 2024
|
|
Solana Web3.js library backdoored to steal secret, private keys
The legitimate Solana JavaScript SDK was temporarily compromised yesterday in a supply chain attack, with the library backdoored with malicious code to steal cryptocurrency private keys and drain wallets. |
December 4, 2024
|
|
Russian hackers hijack Pakistani hackers' servers for their own attacks
The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156's infrastructure to launch their own covert attacks on already compromised networks. |
December 4, 2024
|
|
Japan warns of IO-Data zero-day router flaws exploited in attacks
Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. |
December 4, 2024
|
|
Six password takeaways from the updated NIST cybersecurity framework
Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST's new guidance that help create strong password policies. |
December 3, 2024
|
|
Vodka maker Stoli files for bankruptcy in US after ransomware attack
Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. |
December 3, 2024
|
|
Cloudflare’s developer domains increasingly abused by threat actors
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. |
December 3, 2024
|
|
US shares tips to block hackers behind recent telecom breaches
CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. |
December 3, 2024
|
|
Exploit released for critical WhatsUp Gold RCE flaw, patch now
A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. |
December 3, 2024
|
|
Veeam warns of critical RCE bug in Service Provider Console
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. |
December 3, 2024
|
|
Police seizes largest German online crime marketplace, arrests admin
Germany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services. |
December 3, 2024
|
|
FTC bans data brokers from selling Americans’ sensitive location data
Today, the FTC banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. |
December 3, 2024
|
|
Police seize Matrix encrypted chat service after spying on criminals
An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police. |
December 2, 2024
|
|
Korea arrests CEO for adding DDoS feature to satellite receivers
South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. |
December 2, 2024
|
|
Russia sentences Hydra dark web market leader to life in prison
Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. |
December 2, 2024
|
|
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
The recently uncovered 'Bootkitty' UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka 'LogoFAIL,' to infect computers running on a vulnerable UEFI firmware. |
December 2, 2024
|
|
Mozilla really wants you to easily set Firefox as default Windows browser
Mozilla is testing a fresh approach that could persuade more people to switch their default browser on Windows. |
December 2, 2024
|
|
Google Chrome’s AI feature lets you quickly check website trustworthiness
Google Chrome's upcoming feature uses AI to provide a summary of reviews from independent websites about the store or website you're visiting. |
December 1, 2024
|
|
Novel phising campaign uses corrupted Word documents to evade security
A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. |
November 30, 2024
|
|
SpyLoan Android malware on Google play installed 8 million times
A new set of 15 SpyLoan apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. |
November 29, 2024
|
|
New Rockstar 2FA phishing service targets Microsoft 365 accounts
A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. |
November 29, 2024
|
|
Russia arrests cybercriminal Wazawaka for ties with ransomware gangs
Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. |
November 29, 2024
|
|
Russia arrests cybercriminal Wazawaka for ties with ransomware gangs
Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. |
November 29, 2024
|
|
Bologna FC confirms data breach after RansomHub ransomware attack
Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. |
November 29, 2024
|
|
Bologna FC confirms data breach after RansomHub ransomware attack
Bologna Football Club 1909 has confirmed it suffered a ransomware attack after its stolen data was leaked online by the RansomHub extortion group. |
November 29, 2024
|
|
New Windows Server 2012 zero-day gets free, unofficial patches
Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. |
November 29, 2024
|
|
New Windows Server 2012 zero-day gets free, unofficial patches
Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. |
November 28, 2024
|
|
Tor needs 200 new WebTunnel bridges to fight censorship
The Tor Project has put out an urgent call to the privacy community asking volunteers to help deploy 200 new WebTunnel bridges by the end of the year to fight government censorship. |
November 28, 2024
|
|
UK hospital network postpones procedures after cyberattack
Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. |
November 27, 2024
|
|
Microsoft re-releases Exchange updates after fixing mail delivery
Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. |
November 27, 2024
|
|
Hackers abuse popular Godot game engine to infect thousands of PCs
Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. |
November 27, 2024
|
|
Hackers exploit ProjectSend flaw to backdoor exposed servers
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. |
November 27, 2024
|
|
Zello asks users to reset passwords after security incident
Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. |
November 27, 2024
|
|
Microsoft says it's not using your Word, Excel data for AI training
Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. |
November 27, 2024
|
|
Researchers discover first UEFI bootkit malware for Linux
The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats that previously focused on Windows. |
November 27, 2024
|
|
Chinese hackers breached T-Mobile's routers to scope out network
T-Mobile says the Chinese "Salt Typhoon" hackers who recently compromised its systems as part of a series of telecom breaches first hacked into some of its routers to explore ways to navigate laterally through the network. |
November 27, 2024
|
|
Cloudflare says it lost 55% of logs pushed to customers for 3.5 hours
Internet security giant Cloudflare announced that it lost 55% of all logs pushed to customers over a 3.5-hour period due to a bug in the log collection service on November 14, 2024. |
November 27, 2024
|
|
Police bust pirate streaming service making €250 million per month
An international law enforcement operation has dismantled a pirate streaming service that served over 22 million users worldwide and made €250 million ($263M) per month. |
November 27, 2024
|
|
The Black Friday 2024 Cybersecurity, IT, VPN, & Antivirus Deals
Black Friday 2024 is almost here, and great deals are already live in computer security, software, online courses, system admin services, antivirus, and VPN software. These promotions offer deep discounts from various companies and are only available for a limited time. |
November 26, 2024
|
|
New NachoVPN attack uses rogue VPN servers to install malicious updates
A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. |
November 26, 2024
|
|
NordVPN Black Friday Deal: Save up to 74% on yearly subscriptions
Want the best VPN with a 74% discount? The NordVPN Black Friday deal is live and runs until December 10. This is the perfect chance to lock in a 2-year plan for the low cost of $2.99 per month, with an extra 3 months for free. |
November 26, 2024
|
|
Over 1,000 arrested in massive ‘Serengeti’ anti-cybercrime operation
Law enforcement agencies in Africa arrested as part of 'Operation Serengeti' more than a thousand individuals suspected of being involved in major cybercriminal activities that caused close to $193 million in financial losses all over the world. |
November 26, 2024
|
|
Get 50% off Malwarebytes during Black Friday 2024
Malwarebytes' Black Friday 2024 deals are now live, offering a 50% discount for one and two-year subscriptions to personal, family, and business subscriptions to its standalone anti-malware software, VPN, and Personal Data Remover services. |
November 26, 2024
|
|
Why Cybersecurity Leaders Trust the MITRE ATT&CK Evaluations
The "MITRE Engenuity ATT&CK Evaluations: Enterprise" stand out as an essential resource for cybersecurity decision makers. Learn more from Cynet on what to expect in the upcoming 2024 MITRE ATT&CK Evaluation results. |
November 26, 2024
|
|
Hackers exploit critical bug in Array Networks SSL VPN products
America's cyber defense agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. |
November 26, 2024
|
|
Firefox and Windows zero-days exploited by Russian RomCom hackers
Russian-based RomCom cybercrime group chained two zero-day vulnerabilities in recent attacks targeting Firefox and Tor Browser users across Europe and North America. |
November 25, 2024
|
|
QNAP addresses critical flaws across NAS, router software
QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. |
November 25, 2024
|
|
New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times
Microsoft has shared a new method to fix a bug preventing app uninstalls or updates on Windows 10 for those unwilling to deploy this month's preview update. |
November 25, 2024
|
|
Blue Yonder ransomware attack disrupts grocery store supply chain
Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK. |
November 25, 2024
|
|
DOJ: Man hacked networks to pitch cybersecurity services
A Kansas City man has been indicted for allegedly hacking into computer networks and using this access to promote his cybersecurity services. |
November 25, 2024
|
|
Microsoft blocks Windows 11 24H2 on some PCs with USB scanners
Microsoft now blocks the Windows 11 24H2 update on computers with standalone scanners, multi-function printers, fax machines, modems, and other network devices with eSCL protocol support. |
November 25, 2024
|
|
Salt Typhoon hackers backdoor telcos with new GhostSpider malware
The Chinese state-sponsored hacking group Salt Typhoon has been observed utilizing a new "GhostSpider" backdoor in attacks against telecommunication service providers. |
November 25, 2024
|
|
Microsoft 365 outage impacts Exchange Online, Teams, Sharepoint
Microsoft is working on fixing an ongoing and widespread Microsoft 365 outage that is impacting multiple services and features, including Exchange Online, Microsoft Teams, and SharePoint Online. |
November 24, 2024
|
|
Meta removes over 2 million accounts pushing pig butchering scams
Meta announced that it has taken down 2 million accounts across its platforms since the beginning of the year that are linked to pig butchering and other scams. |
November 24, 2024
|
|
Bangkok busts SMS Blaster sending 1 million scam texts from a van
The Thai police, working together with Thailand's largest telecommunications service provider, Advanced Info Service (AIS), located and busted the Chinese operators of an SMS blaster device that spammed fraudulent messages across Bangkok. |
November 23, 2024
|
|
Windows 11 24H2 update blocked on PCs with Assassin's Creed, Star Wars Outlaws
Microsoft is blocking the Windows 11 24H2 update on computers with some Ubisoft games, like Assassin's Creed, Star Wars Outlaws, and Avatar: Frontiers of Pandora, after changes in the operating system cause the games to crash, freeze, or have audio issues. |
November 23, 2024
|
|
Microsoft testing Windows 11 support for third-party passkeys
Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11 passwordless authentication. |
November 23, 2024
|
|
Hackers abuse Avast anti-rootkit driver to disable defenses
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. |
November 22, 2024
|
|
Windows 10 KB5046714 update fixes bug preventing app uninstalls
Microsoft has released the optional KB5046714 Preview cumulative update for Windows 10 22H2 with six bug fixes, including a fix for a bug preventing users from uninstalling or updating packaged applications. |
November 22, 2024
|
|
QNAP pulls buggy QTS firmware causing widespread NAS issues
QNAP has pulled a recently released firmware update after widespread customer reports that it's breaking connectivity and, in some cases, locking users out of their devices. |
November 22, 2024
|
|
Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack'
Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack." |
November 22, 2024
|
|
Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs
Microsoft announced today that its controversial AI-powered Recall feature is finally rolling out to Windows Insiders in the Dev Channel using Snapdragon-powered Copilot+ PCs. |
November 21, 2024
|
|
Windows 11 KB5046740 update released with 14 changes and fixes
Microsoft has released the November 2024 preview cumulative update for Windows 11 24H2, with 14 improvements and fixes for multiple issues, including some affecting File Explorer, the Clipboard history, and secondary displays. |
November 21, 2024
|
|
Chinese hackers target Linux with new WolfsBane malware
A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group. |
November 21, 2024
|
|
Over 2,000 Palo Alto firewalls hacked using recently patched bugs
Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerabilities. |
November 21, 2024
|
|
Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls
Microsoft has confirmed that, since November 12, some Windows 10 users have been unable to update or uninstall packaged applications like Microsoft Teams. |
November 21, 2024
|
|
CISA says BianLian ransomware now focuses only on data theft
The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. |
November 21, 2024
|
|
Microsoft disrupts ONNX phishing-as-a-service infrastructure
Microsoft has seized 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across the United States and worldwide since at least 2017. |
November 21, 2024
|
|
US seizes PopeyeTools cybercrime marketplace, charges administrators
The U.S. has seized the cybercrime website 'PopeyeTools' and unsealed charges against three of its administrators, Abdul Ghaffar, Abdul Sami, and Javed Mirza, for selling stolen data. |
November 21, 2024
|
|
Fortinet VPN design flaw hides successful brute-force attacks
A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. |
November 21, 2024
|
|
Now BlueSky hit with crypto scams as it crosses 20 million users
As users are flocking to BlueSky from social media platforms like X/Twitter, so are threat actors. BleepingComputer has spotted cryptocurrency scams popping up on BlueSky just as the decentralized microblogging service surpassed 20 million users this week. |
November 20, 2024
|
|
Cyberattack at French hospital exposes health data of 750,000 patients
A data breach at an unnamed French hospital exposed the medical records of 750,000 patients after a threat actor gained access to its electronic patient record system. |
November 20, 2024
|
|
Fintech giant Finastra investigates data breach after SFTP hack
Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. |
November 20, 2024
|
|
MITRE shares 2024's top 25 most dangerous software weaknesses
MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. |
November 20, 2024
|
|
US charges five linked to Scattered Spider cybercrime gang
The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. |
November 20, 2024
|
|
Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root
Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. |
November 20, 2024
|
|
Microsoft confirms game audio issues on Windows 11 24H2 PCs
Microsoft says a Windows 24H2 bug causes game audio to unexpectedly increase to full volume when using USB DAC sound systems. |
November 20, 2024
|
|
New Ghost Tap attack abuses NFC mobile payments to steal money
Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide. |
November 20, 2024
|
|
Amazon and Audible flooded with 'forex trading' and warez listings
Amazon, Amazon Music, and Audible, an Amazon-owned online audiobook and podcast service, have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software. |
November 19, 2024
|
|
Apple fixes two zero-days used in attacks on Intel-based Macs
Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. |
November 19, 2024
|
|
CISA tags Progress Kemp LoadMaster flaw as exploited in attacks
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. |
November 19, 2024
|
|
Ford investgates alleged breach following customer data leak
Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. |
November 19, 2024
|
|
Oracle warns of Agile PLM file disclosure flaw exploited in attacks
Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. |
November 19, 2024
|
|
D-Link urges users to retire VPN routers impacted by unfixed RCE flaw
D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. |
November 19, 2024
|
|
Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365
Microsoft announced today that hotpatching is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices. |
November 19, 2024
|
|
Helldown ransomware exploits Zyxel VPN flaw to breach networks
The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. |
November 19, 2024
|
|
Botnet fueling residential proxies disrupted in cybercrime crackdown
The Ngioweb botnet, which supplies most of the 35,000 bots in the cybercriminal NSOCKS proxy service, is being disrupted as security companies block traffic to and from the two networks. |
November 19, 2024
|
|
New Windows 11 recovery tool to let admins remotely fix unbootable devices
Microsoft is working on a new Windows "Quick Machine Recovery" feature that will allow IT administrators to use Windows Update "targeted fixes" to remotely fix systems rendered unbootable. |
November 19, 2024
|
|
Microsoft shares more details on Windows 11 admin protection
Microsoft has shared more details about the new Windows 11 administrator protection security feature, which is available in preview and uses Windows Hello authentication prompts to block access to critical system resources. |
November 19, 2024
|
|
Microsoft launches Zero Day Quest hacking event with $4 million in rewards
Microsoft announced today at its Ignite annual conference in Chicago, Illinois, that it's expanding its bug bounty programs with Zero Day Quest, a new hacking event focusing on cloud and AI products and platforms. |
November 19, 2024
|
|
Spotify abused to promote pirated software and game cheats
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites. By injecting targeted keywords and links in playlist names and podcast descriptions, threat actors may benefit from boosting SEO for their dubious online properties appearing in Google. |
November 18, 2024
|
|
Brave on iOS adds new "Shred" button to wipe site-specific data
Brave Browser 1.71 for iOS introduces a new privacy-focused feature called "Shred," which allows users to easily delete site-specific mobile browsing data. |
November 18, 2024
|
|
Chinese hackers exploit Fortinet VPN zero-day to steal credentials
Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. |
November 18, 2024
|
|
US space tech giant Maxar discloses employee data breach
Hackers breached U.S. satellite maker Maxar Space Systems and accessed personal data belonging to its employees, the company informs in a notification to impacted individuals. |
November 18, 2024
|
|
Palo Alto Networks patches two firewall zero-days used in attacks
Palo Alto Networks has finally released security updates for an actively exploited zero-day vulnerability in its Next-Generation Firewalls (NGFW). |
November 18, 2024
|
|
US charges Phobos ransomware admin after South Korea extradition
Evgenii Ptitsyn, a Russian national and suspected administrator of the Phobos ransomware operation, was extradited from South Korea and is facing cybercrime charges in the United States. |
November 18, 2024
|
|
Critical RCE bug in VMware vCenter Server now exploited in attacks
Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. |
November 18, 2024
|
|
Fake Bitwarden ads on Facebook push info-stealing Chrome extension
Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. |
November 18, 2024
|
|
Microsoft 365 Admin portal abused to send sextortion emails
The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the emails appear trustworthy and bypassing email security platforms. |
November 17, 2024
|
|
Phishing emails increasingly use SVG attachments to evade detection
Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. |
November 17, 2024
|
|
Security plugin flaw in millions of WordPress sites gives admin access
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions. |
November 16, 2024
|
|
Fake AI video generators infect Windows, macOS with infostealers
Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices. |
November 16, 2024
|
|
T-Mobile confirms it was hacked in recent wave of telecom breaches
T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests. |
November 16, 2024
|
|
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker's true intentions. |
November 15, 2024
|
|
NSO Group used another WhatsApp zero-day after being sued, court docs say
Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. |
November 15, 2024
|
|
Botnet exploits GeoVision zero-day to install Mirai malware
A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. |
November 15, 2024
|
|
FTC reports 50% drop in unwanted call complaints since 2021
On Friday, the U.S. Federal Trade Commission (FTC) reported that the number of consumer complaints about unwanted telemarketing phone calls has dropped over 50% since 2021, continuing a trend that started three years ago. |
November 15, 2024
|
|
Bitfinex hacker gets 5 years in prison for 120,000 bitcoin heist
A hacker responsible for stealing 119,754 Bitcoin in a 2016 hack on the Bitfinex cryptocurrency exchange was sentenced to five years in prison by U.S. authorities. |
November 15, 2024
|
|
Microsoft pulls Exchange security updates over mail delivery issues
Microsoft has pulled the November 2024 Exchange security updates released during this month's Patch Tuesday because of email delivery issues on servers using custom mail flow rules. |
November 15, 2024
|
|
Palo Alto Networks warns of critical RCE zero-day exploited in attacks
Palo Alto Networks is warning that a critical zero-day vulnerability on Next-Generation Firewalls (NGFW) management interfaces, currently tracked as 'PAN-SA-2024-0015,' is actively being exploited in attacks. |
November 14, 2024
|
|
Microsoft just killed the Windows 10 Beta Channel again
Five months after reviving it in June, Microsoft has shut down the Windows 10 Beta Channel and will move all enrolled Windows Insiders to the Release Preview Channel. |
November 14, 2024
|
|
Fraud network uses 4,700 fake shopping sites to steal credit cards
A financially motivated Chinese threat actor dubbed "SilkSpecter" is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. |
November 14, 2024
|
|
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. |
November 14, 2024
|
|
New Glove infostealer malware bypasses Chrome’s cookie encryption
New Glove Stealer information-stealing malware can bypass Google Chrome's Application-Bound (App-Bound) encryption to steal browser cookies. |
November 14, 2024
|
|
Hacker gets 10 years in prison for extorting US healthcare provider
Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts. |
November 14, 2024
|
|
ChatGPT allows access to underlying sandbox OS, “playbook” data
OpenAI's containerized ChatGPT environment is open to limited yet extensive access to core instructions while allowing arbitrary file uploads and command execution within the isolated sandbox. |
November 14, 2024
|
|
The true (and surprising) cost of forgotten passwords
Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expensive and how a self-service password reset solution can save you money. |
November 13, 2024
|
|
Hackers use macOS extended file attributes to hide malicious code
Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr. |
November 13, 2024
|
|
US govt officials’ communications compromised in recent telecom hack
CISA and the FBI confirmed that Chinese hackers compromised the "private communications" of a "limited number" of government officials after breaching multiple U.S. broadband providers. |
November 13, 2024
|
|
Leaked info of 122 million linked to B2B data aggregator breach
The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. |
November 13, 2024
|
|
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. |
November 13, 2024
|
|
US indicts Snowflake hackers who extorted $2.5 million from 3 victims
The Department of Justice has unsealed the indictment against two suspected Snowflake hackers, who breached more than 165 organizations using the services of the Snowflake cloud storage company. |
November 13, 2024
|
|
Critical bug in EoL D-Link NAS devices now exploited in attacks
Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. |
November 13, 2024
|
|
New Google Pixel AI feature analyzes phone conversations for scams
Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that warn when the caller may be a scammer. |
November 13, 2024
|
|
New ShrinkLocker ransomware decryptor recovers BitLocker password
Bitdefender has released a decryptor for the 'ShrinkLocker' ransomware strain, which uses Windows' built-in BitLocker drive encryption tool to lock victim's files. |
November 12, 2024
|
|
Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues
Microsoft has fixed several bugs that cause install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count. |
November 12, 2024
|
|
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. |
November 12, 2024
|
|
D-Link won’t fix critical bug in 60,000 exposed EoL modems
Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. |
November 12, 2024
|
|
Windows 10 KB5046613 update released with fixes for printer bugs
Microsoft has released the KB5046613 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes ten changes and fixes, including the new Microsoft account manager on the Start menu and fixes for multi-function printer issues. |
November 12, 2024
|
|
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws
Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. |
November 12, 2024
|
|
Windows 11 KB5046617 and KB5046633 cumulative updates released
Microsoft has released the Windows 11 KB5046617 and KB5046633 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. |
November 12, 2024
|
|
Signal introduces convenient "call links" for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. |
November 12, 2024
|
|
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. |
November 12, 2024
|
|
Volt Typhoon rebuilds malware botnet following FBI disruption
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. |
November 12, 2024
|
|
North Korean hackers create Flutter apps to bypass macOS security
North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by legitimate Apple developer IDs. |
November 11, 2024
|
|
iPhones now auto-restart to block access to encrypted data after long idle times
Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. |
November 11, 2024
|
|
VMware makes Workstation and Fusion free for everyone
VMware has announced that its VMware Fusion and VMware Workstation desktop hypervisors are now free to everyone for commercial, educational, and personal use. |
November 11, 2024
|
|
New Ymir ransomware partners with RustyStealer in attacks
A new ransomware family called 'Ymir' has been spotted in the wild, being introduced onto systems that were previously compromised by the RustyStealer info-stealer malware. |
November 11, 2024
|
|
HIBP notifies 57 million people of Hot Topic data breach
Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. |
November 11, 2024
|
|
Amazon confirms employee data breach after vendor hack
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. |
November 11, 2024
|
|
Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools
Microsoft has finally confirmed that some Windows Server 2019 and 2022 systems were "unexpectedly" upgraded to Windows Server 2025 on devices if updates were managed using third-party patch management tools. |
November 11, 2024
|
|
Halliburton reports $35 million loss after ransomware attack
Halliburton has revealed that an August ransomware attack has led to $35 million in losses after the breach caused the company to shut down IT systems and disconnect customers. |
November 10, 2024
|
|
Windows 11 is adding a 'Share' button to the Start menu and Taskbar
Microsoft wants you to share content/items more frequently, so it's now adding the "Share" button everywhere, including the Start menu and even the taskbar. |
November 10, 2024
|
|
Microsoft investigates OneDrive issue causing macOS app freezes
Microsoft is investigating a newly acknowledged issue causing macOS applications to hang when opening or saving files in OneDrive. |
November 10, 2024
|
|
Hackers now use ZIP file concatenation to evade detection
Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them. |
November 9, 2024
|
|
Google says “Enhanced protection” feature in Chrome now uses AI
Google has quietly updated the description of one of the Chrome's security features "Enchaned protection" to confirm that it will be powered by AI in a future release. |
November 9, 2024
|
|
Scammers target UK senior citizens with Winter Fuel Payment texts
As the winter season kicks in, scammers are not missing the chance to target senior British residents with bogus "winter heating allowance" and "cost of living support" scam texts. |
November 9, 2024
|
|
Hands on with AI features in Windows 11 Paint and Notepad
As part of its efforts to add AI everywhere, Microsoft is now bringing AI features to the popular Paint and Notepad apps on Windows 11. |
November 9, 2024
|
|
Microsoft says recent Windows 11 updates break SSH connections
Microsoft has confirmed that last month's Windows security updates are breaking SSH connections on some Windows 11 22H2 and 23H2 systems. |
November 9, 2024
|
|
Malicious PyPI package with 37,000 downloads steals AWS keys
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. |
November 8, 2024
|
|
Critical Veeam RCE bug now used in Frag ransomware attacks
After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. |
November 8, 2024
|
|
D-Link won’t fix critical flaw affecting 60,000 older NAS devices
More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. |
November 8, 2024
|
|
Unpatched Mazda Connect bugs let hackers install persistent malware
Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. |
November 8, 2024
|
|
Palo Alto Networks warns of potential PAN-OS RCE vulnerability
Palo Alto Networks warned customers to restrict access to their next-generation firewalls because of a potential remote code execution vulnerability in the PAN-OS management interface. |
November 8, 2024
|
|
Google's mysterious 'search.app' links leave Android users concerned
The most recent update to the Google Android app has startled users as they notice the mysterious "search.app" links being generated when sharing content and links from the Google app externally. |
November 7, 2024
|
|
North Korean hackers use new macOS malware against crypto firms
North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. |
November 7, 2024
|
|
CISA warns of critical Palo Alto Networks bug exploited in attacks
Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. |
November 7, 2024
|
|
Nokia says hackers leaked third-party app source code
Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. |
November 7, 2024
|
|
Canada orders TikTok to shut down over national risk concerns
The Canadian government has ordered the dissolution of TikTok Technology Canada following a multi-step review that provided information and evidence of the social media company posing a national risk. |
November 7, 2024
|
|
HPE warns of critical RCE flaws in Aruba Networking access points
Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. |
November 6, 2024
|
|
Hackers increasingly use Winos4.0 post-exploitation kit in attacks
Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. |
November 6, 2024
|
|
Microsoft Notepad to get AI-powered rewriting tool on Windows 11
Microsoft has started testing AI-powered Notepad text rewriting and Paint image generation tools four decades after the two programs were released in the 1980s. |
November 6, 2024
|
|
Cisco bug lets hackers run commands as root on UWRB access points
Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. |
November 6, 2024
|
|
New SteelFox malware hijacks Windows PCs using vulnerable driver
A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the "bring your own vulnerable driver" technique to get SYSTEM privileges on Windows machines. |
November 6, 2024
|
|
Washington courts' systems offline following weekend cyberattack
Court systems across Washington state have been down since Sunday when officials said "unauthorized activity" was detected on their networks. |
November 6, 2024
|
|
Germany drafts law to protect researchers who find security flaws
The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. |
November 5, 2024
|
|
Google Cloud to make MFA mandatory by the end of 2025
Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. |
November 5, 2024
|
|
Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41
Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II. |
November 5, 2024
|
|
US warns of last-minute Iranian and Russian election influence ops
The U.S. Cybersecurity & Infrastructure Security Agency is warning about last-minute influence operations conducted by Iranian and Russian actors to undermine the public trust in the integrity and fairness of the upcoming presidential election. |
November 5, 2024
|
|
Suspect behind Snowflake data-theft attacks arrested in Canada
Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake. |
November 5, 2024
|
|
Google fixes two Android zero-days used in targeted attacks
Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. |
November 4, 2024
|
|
Nokia investigates breach after hacker claims to steal source code
Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code. |
November 4, 2024
|
|
DocuSign's Envelopes API abused to send realistic fake invoices
Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. |
November 4, 2024
|
|
Schneider Electric confirms dev platform breach after hacker steals data
Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server. |
November 4, 2024
|
|
Windows Server 2025 released—here are the new features
Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. |
November 4, 2024
|
|
Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network
UK's National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named "Pigmy Goat" created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. |
November 4, 2024
|
|
Windows infected with backdoored Linux VMs in new phishing attacks
A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. |
November 4, 2024
|
|
Solving the painful password problem with better policies
Weak and reused credentials continue to plague users and organizations. Learn from Specops software about why passwords are so easy to hack and how organizations can fortify their security efforts. |
November 4, 2024
|
|
City of Columbus: Data of 500,000 stolen in July ransomware attack
The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. |
November 4, 2024
|
|
Microsoft confirms Windows Server 2025 blue screen, install issues
Microsoft has confirmed several bugs causing install and Blue Screen of Death (BSOD) issues impacting Windows Server 2025 systems with more than 256 logical processors. |
November 4, 2024
|
|
Cisco says DevHub site leak won’t enable future breaches
Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal don't contain information that could be exploited in future breaches of the company's systems. |
November 3, 2024
|
|
Meet Interlock — The new ransomware targeting FreeBSD servers
A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. |
November 3, 2024
|
|
ChatGPT-4o can be used for autonomous voice-based scams
Researchers have shown that it's possible to abuse OpenAI's real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams with low to moderate success rates. |
November 2, 2024
|
|
Microsoft SharePoint RCE bug exploited to breach corporate network
A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. |
November 2, 2024
|
|
Microsoft Outlook workaround fixes freezes when copying text
Microsoft is investigating a known issue that affects Microsoft 365 customers and causes classic Outlook to hang or freeze when copying text. |
November 1, 2024
|
|
Microsoft warns Azure Virtual Desktop users of black screen issues
Microsoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update. |
November 1, 2024
|
|
LA housing authority confirms breach claimed by Cactus ransomware
The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. |
November 1, 2024
|
|
OpenAI's new ChatGPT Search Chrome extension feels like a search hijacker
OpenAI's new "ChatGPT search" Chrome extension feels like nothing more than a typical search hijacker, changing Chrome's settings so your address bar searches go through ChatGPT Search instead. |
November 1, 2024
|
|
LastPass warns of fake support centers trying to steal customer data
LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer. |
November 1, 2024
|
|
Synology hurries out patches for zero-days exploited at Pwn2Own
Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. |
November 1, 2024
|
|
DDoS site Dstat.cc seized and two suspects arrested in Germany
The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. |
October 31, 2024
|
|
Sophos reveals 5-year battle with Chinese hackers attacking network devices
Sophos disclosed today a series of reports dubbed "Pacific Rim" that detail how the cybersecurity company has been sparring with Chinese threat actors for over 5 years as they increasingly targeted networking devices worldwide, including those from Sophos. |
October 31, 2024
|
|
Microsoft: Chinese hackers use Quad7 botnet to steal credentials
Microsoft warns that Chinese threat actors use the Quad7 botnet, compromised of hacked SOHO routers, to steal credentials in password-spray attacks. |
October 31, 2024
|
|
Microsoft delays Windows Recall again, now by December
Microsoft is again delaying the rollout of its AI-powered Windows Recall feature after announcing in August that it will be available for Insiders with Copilot+ PCs in October. |
October 31, 2024
|
|
Hackers target critical zero-day vulnerability in PTZ cameras
Hackers are attempting to exploit two zero-day vulnerabilities in PTZOptics pan-tilt-zoom (PTZ) live streaming cameras used in industrial, healthcare, business conferences, government, and courtroom settings. |
October 31, 2024
|
|
Microsoft wants $30 if you want to delay Windows 11 switch
Microsoft announced today that Windows 10 home users can delay the switch to Windows 11 for one more year if they're willing to pay $30 for Extended Security Updates (ESU). |
October 31, 2024
|
|
Windows 11 Task Manager says no apps are active after preview update
Microsoft is investigating a new Windows 11 issue that causes the Task Manager to say there are zero running apps and background processes. |
October 31, 2024
|
|
LiteSpeed Cache WordPress plugin bug lets hackers get admin access
The free version of the popular WordPress plugin LiteSpeed Cache has fixed a dangerous privilege elevation flaw on its latest release that could allow unauthenticated site visitors to gain admin rights. |
October 31, 2024
|
|
qBittorrent fixes flaw exposing users to MitM attacks for 14 years
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app. |
October 31, 2024
|
|
Microsoft fixes Windows 10 bug causing apps to stop working
Microsoft has fixed a known issue that prevents some apps launched from non-admin accounts from starting on Windows 10 22H2 systems after installing the September preview cumulative update. |
October 31, 2024
|
|
Over a thousand online shops hacked to show fake product listings
A phishing campaign dubbed 'Phish n' Ships' has been underway since at least 2019, infecting over a thousand legitimate online stores to promote fake product listings for hard-to-find items. |
October 31, 2024
|
|
Cynet delivers 426% ROI in Forrester Total Economic Impact Study
A commissioned study conducted by Forrester Consulting on behalf of Cynet in October 2024 found that Cynet's All-in-One Cybersecurity Platform generated $2.73 million in savings, paying for itself in under six months, for a return on investment of 426%. |
October 31, 2024
|
|
LottieFiles hit in npm supply chain attack targeting users' crypto
LottieFiles announced that specific versions of its npm package carry malicious code that prompts users to connect their cryptocurrency wallets so they can be emptied. |
October 30, 2024
|
|
Interbank confirms data breach following failed extortion, data leak
Interbank, one of Peru's leading financial institutions, has confirmed a data breach after a threat actor who hacked into its systems leaked stolen data online. |
October 30, 2024
|
|
Microsoft Entra "security defaults" to make MFA setup mandatory
Microsoft says it will improve security across Entra tenants where security defaults are enabled by making multifactor authentication (MFA) registration mandatory. |
October 30, 2024
|
|
QNAP patches second zero-day exploited at Pwn2Own to get root
QNAP has fixed a second zero-day vulnerability exploited at the Pwn2Own Ireland 2024 hacking contest to gain a root shell and take over a TS-464 NAS device. |
October 30, 2024
|
|
North Korean govt hackers linked to Play ransomware attack
The North Korean state-sponsored hacking group tracked as 'Andariel' has been linked to the Play ransomware operation, using the RaaS to work behind the scenes and evade sanctions. |
October 30, 2024
|
|
Android malware "FakeCall" now reroutes bank calls to attackers
A new version of the FakeCall malware for Android hijacks outgoing calls from a user to their bank, redirecting them to the attacker's phone number instead. |
October 30, 2024
|
|
Hackers steal 15,000 cloud credentials from exposed Git config files
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. |
October 30, 2024
|
|
FBI: Upcoming U.S. general election fuel multiple fraud schemes
The Federal Bureau of Investigation (FBI) is warning of multiple schemes taking advantage of the upcoming U.S. general election to scam people out of their money or personal data. |
October 29, 2024
|
|
New Windows Themes zero-day gets free, unofficial patches
Free unofficial patches are now available for a new Windows Themes zero-day vulnerability that allows attackers to steal a target's NTLM credentials remotely. |
October 29, 2024
|
|
Massive PSAUX ransomware attack targets 22,000 CyberPanel instances
Over 22,000 CyberPanel instances exposed online to a critical remote code execution (RCE) vulnerability were mass-targeted in a PSAUX ransomware attack that took almost all instances offline. |
October 29, 2024
|
|
QNAP fixes NAS backup software zero-day exploited at Pwn2Own
QNAP has fixed a critical zero-day vulnerability exploited by security researchers on Thursday to hack a TS-464 NAS device during the Pwn2Own Ireland 2024 competition. |
October 29, 2024
|
|
Russian charged by U.S. for creating RedLine infostealer malware
The United States announced charges today against Maxim Rudometov, a Russian national, for being the suspected developer and administrator of the RedLine malware operation, one of the most prolific infostealers over the past few years. |
October 28, 2024
|
|
New tool bypasses Google Chrome’s new cookie encryption system
A researcher has released a tool to bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser. |
October 28, 2024
|
|
Exchange Online adds Inbound DANE with DNSSEC for everyone
Microsoft announced today that inbound SMTP DANE with DNSSEC for Exchange Online, a new capability to boost email security and integrity, is now generally available. |
October 28, 2024
|
|
Russia targets Ukrainian conscripts with Windows, Android malware
A hybrid espionage/influence campaign conducted by the Russian threat group 'UNC5812' has been uncovered, targeting Ukrainian military recruits with Windows and Android malware. |
October 28, 2024
|
|
Free, France’s second largest ISP, confirms data breach after leak
Free, a major internet service provider (ISP) in France, confirmed over the weekend that hackers breached its systems and stole customer personal information. |
October 28, 2024
|
|
US says Chinese hackers breached multiple telecom providers
The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. |
October 28, 2024
|
|
Redline, Meta infostealer malware operations seized by police
The Dutch National Police seized the network infrastructure for the Redline and Meta infostealer malware operations in "Operation Magnus," warning cybercriminals that their data is now in the hands of the law enforcement. |
October 27, 2024
|
|
Windows 11 24H2: The hardware and software blocking the new update
Windows 11 24H2 is unavailable for thousands of users due to safeguard or compatibility holds Microsoft has placed on specific device and software configurations. |
October 27, 2024
|
|
Fog ransomware targets SonicWall VPNs to breach corporate networks
Fog and Akira ransomware operators have increased their exploitation efforts of CVE-2024-40766, a critical access control flaw that allows unauthorized access to resources on the SSL VPN feature of SonicWall SonicOS firewalls. |
October 26, 2024
|
|
New Cisco ASA and FTD features block VPN brute-force password attacks
Cisco has added new security features that significantly mitigate brute-force and password spray attacks on Cisco ASA and Firepower Threat Defense (FTD), helping protect the network from breaches and reducing resource utilization on devices. |
October 26, 2024
|
|
New Windows Driver Signature bypass allows kernel rootkit installs
Attackers can downgrade Windows kernel components to bypass security features such as Driver Signature Enforcement and deploy rootkits on fully patched systems. |
October 26, 2024
|
|
Over 70 zero-day flaws get hackers $1 million at Pwn2Own Ireland
The fourth day of Pwn2Own Ireland 2024 marked the end of the hacking competition with more than $1 million in prizes for over 70 unique zero-day vulnerabilities in fully patched devices. |
October 25, 2024
|
|
Black Basta ransomware poses as IT support on Microsoft Teams to breach networks
The BlackBasta ransomware operation has moved its social engineering attacks to Microsoft Teams, posing as corporate help desks contacting employees to assist them with an ongoing spam attack. |
October 25, 2024
|
|
Russia sentences REvil ransomware members to over 4 years in prison
Russia has sentenced four members of the REvil ransomware operation to over 4 years in prison for distributing malware and illegal circulation of means of payment. |
October 25, 2024
|
|
Amazon seizes domains used in rogue Remote Desktop campaign to steal data
Amazon has seized domains used by the Russian APT29 hacking group in targeted attacks against government and military organizations to steal Windows credentials and data using malicious Remote Desktop Protocol connection files. |
October 25, 2024
|
|
QNAP, Synology, Lexmark devices hacked on Pwn2Own Day 3
The third day of Pwn2Own Ireland 2024 continued to showcase the expertise of white hat hackers as they exposed 11 zero-day vulnerabilities, adding $124,750 to the total prize pool, which now stands at $874,875. |
October 24, 2024
|
|
UnitedHealth says data of 100 million stolen in Change Healthcare breach
UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen in the Change Healthcare ransomware attack, marking this as the largest healthcare data breach in recent years. |
October 24, 2024
|
|
Apple creates Private Cloud Compute VM to let researchers find bugs
Apple created a Virtual Research Environment to allow public access to testing the security of its Private Cloud Compute system, and released the source code for some "key components" to help researchers analyze the privacy and safety features on the architecture. |
October 24, 2024
|
|
Henry Schein discloses data breach a year after ransomware attack
Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen. |
October 24, 2024
|
|
Windows 11 24H2 KB5044384 update fixes sfc /scannow corrupt file errors
Microsoft has released the optional KB5044384 preview cumulative update for Windows 11 24H2, which includes twenty-four changes, including a bug that caused the sfc /scannow command to always display corrupt file errors. |
October 24, 2024
|
|
Insurance admin Landmark says data breach impacts 800,000 people
Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack. |
October 24, 2024
|
|
Ireland fines LinkedIn €310 million over targeted advertising
LinkedIn received a €310 million fine from the Irish Data Protection Commission for violating European Union's law related to the processing of personal data for behavioral analysis and targeted advertising. |
October 24, 2024
|
|
Cisco fixes VPN DoS flaw discovered in password spray attacks
Cisco fixed a denial of service flaw in its Cisco ASA and Firepower Threat Defense (FTD) software, which was discovered during large-scale brute force attacks against Cisco VPN devices in April. |
October 24, 2024
|
|
New Qilin ransomware encryptor features stronger encryption, evasion
A new Rust-based variant of the Qilin (Agenda) ransomware strain, dubbed 'Qilin.B,' has been spotted in the wild, featuring stronger encryption, better evasion from security tools, and the ability to disrupt data recovery mechanisms. |
October 24, 2024
|
|
Samsung Galaxy S24 and Sonos Era hacked on Pwn2Own Ireland Day 2
On the second day of Pwn2Own Ireland 2024, competing white hat hackers showcased an impressive 51 zero-day vulnerabilities, earning a total of $358,625 in cash prizes. |
October 24, 2024
|
|
Mandiant says new Fortinet flaw has been exploited since June
A new Fortinet FortiManager flaw dubbed "FortiJump" and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant. |
October 23, 2024
|
|
Windows 11 KB5044380 preview update lets you remap the Copilot key
Microsoft has released the optional KB5044380 Preview cumulative update for Windows 11 23H2 and 22H2, which brings seventeen changes, including a new Gamepad keyboard and the ability to remap the Copilot keyboard key. |
October 23, 2024
|
|
WhatsApp now encrypts contact databases for privacy-preserving synching
The WhatsApp messenger platform has introduced Identity Proof Linked Storage (IPLS), a new privacy-preserving encrypted storage system designed for contact management. |
October 23, 2024
|
|
Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. |
October 23, 2024
|
|
Google to let businesses create curated Chrome Web Stores for extensions
Google has announced it will soon allow organizations to create their own curated "Enterprise Web Store" of company-sanctioned browser extensions for Chrome and ChromeOS, aimed at improving productivity, security, and management for businesses. |
October 23, 2024
|
|
Fortinet warns of new critical FortiManager flaw used in zero-day attacks
Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices. |
October 23, 2024
|
|
Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland
On the first day of Pwn2Own Ireland, participants demonstrated 52 zero-day vulnerabilities across a range of devices, earning a total of $486,250 in cash prizes. |
October 22, 2024
|
|
CISA proposes new security requirements to protect govt, personal data
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) is proposing security requirements to prevent adversary states from accessing American's personal data as well as government-related information. |
October 22, 2024
|
|
Windows 10 KB5045594 update fixes multi-function printer bugs
Microsoft has released the optional KB5045594 preview cumulative update for Windows 10 22H2 with fixes for problems printing to multi-function printers and other issues. |
October 22, 2024
|
|
AWS, Azure auth keys found in Android and iOS apps used by millions
Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. |
October 22, 2024
|
|
SEC charges tech companies for downplaying SolarWinds breaches
The SEC has charged four companies—Unisys Corp, Avaya Holdings, Check Point Software, and Mimecast—for allegedly misleading investors about the impact of their breaches during the massive 2020 SolarWinds Orion hack. |
October 22, 2024
|
|
Exploit released for new Windows Server "WinReg" NTLM Relay attack
Proof-of-concept exploit code is now public for a vulnerability in Microsoft's Remote Registry client that could be used to take control of a Windows domain by downgrading the security of the authentication process. |
October 22, 2024
|
|
VMware fixes bad patch for critical vCenter Server RCE flaw
VMware has released another security update for CVE-2024-38812, a critical VMware vCenter Server remote code execution vulnerability that was not correctly fixed in the first patch from September 2024. |
October 21, 2024
|
|
Hackers exploit Roundcube webmail flaw to steal email, credentials
Threat actors have been exploiting a vulnerability in the Roundcube Webmail client to target government organizations in the Commonwealth of Independent States (CIS) region, the successor of the former Soviet Union. |
October 21, 2024
|
|
Over 6,000 WordPress hacked to install plugins pushing infostealers
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. |
October 21, 2024
|
|
Microsoft blocks Windows 11 24H2 on two ASUS models due to crashes
Microsoft is warning of Windows crashing with the blue screen of death on some ASUS laptop models when trying to upgrade to the latest version of the operating system, Windows 11 version 24H2. |
October 21, 2024
|
|
Bumblebee malware returns after recent law enforcement disruption
The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May. |
October 20, 2024
|
|
Severe flaws in E2EE cloud storage platforms used by millions
Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors. |
October 20, 2024
|
|
Internet Archive breached again through stolen access tokens
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. |
October 19, 2024
|
|
Microsoft creates fake Azure tenants to pull phishers into honeypots
Microsoft is using deceptive tactics against phishing actors by spawning realistic-looking honeypot tenants with access to Azure and lure cybercriminals in to collect intelligence about them. |
October 19, 2024
|
|
Google Scholar has a 'verified email' for Sir Isaac Newton
It's true: Google Scholar profile of the renowned former physicist and polymath, Sir Isaac Newton bears a "verified email" note. According to Google Scholar, Isaac Newton is a "Professor of Physics, MIT" with a "Verified email at mit.edu." |
October 18, 2024
|
|
Cisco takes DevHub portal offline after hacker publishes stolen data
Cisco confirmed today that it took its public DevHub portal offline after a threat actor leaked "non-public" data, but it continues to state that there is no evidence that its systems were breached. |
October 18, 2024
|
|
ESET partner breached to send data wipers to Israeli orgs
Hackers breached ESET's exclusive partner in Israel to send phishing emails to Israeli businesses that pushed data wipers disguised as antivirus software for destructive attacks. |
October 18, 2024
|
|
Tech giant Nidec confirms data breach following ransomware attack
Nidec Corporation is informing that hackers behind a ransomware attack is suffered earlier this year stole data and leaked it on the dark web. |
October 18, 2024
|
|
Intel, AMD CPUs on Linux impacted by newly disclosed Spectre bypass
The latest generations of Intel processors, including Xeon chips, and AMD's older Zen 1, Zen 1+, and Zen 2 microarchitectures on Linux are vulnerable to new speculative execution attacks that bypass existing 'Spectre' mitigations. |
October 18, 2024
|
|
How to leverage $200 million FCC program boosting K-12 cybersecurity
In 2024, the Federal Communications Commission (FCC) launched the K-12 Cybersecurity Pilot Program, a groundbreaking initiative backed by $200 million in funding. Learn more from Cynet about how schools and libraries can apply to this program. |
October 17, 2024
|
|
Microsoft warns it lost some customer's security logs for a month
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. |
October 17, 2024
|
|
Fake Google Meet conference errors push infostealing malware
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. |
October 17, 2024
|
|
FBI arrest Alabama man suspected of hacking SEC's X account
An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. |
October 17, 2024
|
|
Undercover North Korean IT workers now steal data, extort employers
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it. |
October 17, 2024
|
|
BianLian ransomware claims attack on Boston Children's Health Physicians
The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid. |
October 17, 2024
|
|
Hackers blackmail Globe Life after stealing customer data
Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. |
October 17, 2024
|
|
Top 5 Cloud Security Automations for SecOps Teams
Learn about 5 powerful cloud security automations with Blink Ops to simplify security operations like S3 bucket monitoring, subdomain takeover detection and failed EC2 login detection. |
October 16, 2024
|
|
Iranian hackers act as brokers selling critical infrastructure access
Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. |
October 16, 2024
|
|
Google: 70% of exploited flaws disclosed in 2023 were zero-days
Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. |
October 16, 2024
|
|
USDoD hacker behind National Public Data breach arrested in Brazil
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in "Operation Data Breach". |
October 16, 2024
|
|
SolarWinds Web Help Desk flaw is now exploited in attacks
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. |
October 16, 2024
|
|
US disrupts Anonymous Sudan DDoS operation, indicts 2 Sudanese brothers
The United States Department of Justice unsealed an indictment today against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year. |
October 16, 2024
|
|
Critical Kubernetes Image Builder flaw gives SSH root access to VMs
A critical vulnerability in Kubernetes could allow unauthorized SSH access to a virtual machine running an image created with the Kubernetes Image Builder project. |
October 16, 2024
|
|
Understand these seven password attacks and how to stop them
Hackers are always looking for new ways to crack passwords and gain access to your organization's data and systems. In this post, Specops Software discusses the seven most common password attacks and provide tips on how to defend against them. |
October 16, 2024
|
|
Malicious ads exploited Internet Explorer zero day to drop malware
The North Korean hacking group ScarCruft launched a large-scale attack in May that leveraged an Internet Explorer zero-day flaw to infect targets with the RokRAT malware and exfiltrate data. |
October 15, 2024
|
|
Amazon says 175 million customer now use passkeys to log in
Amazon has seen massive adoption of passkeys since the company quietly rolled them out a year ago, announcing today that over 175 million customers use the security feature. |
October 15, 2024
|
|
Finland seizes servers of 'Sipultie' dark web drugs market
The Finnish Customs office took down the website and seized the servers for the darknet marketplace 'Sipulitie' where criminals sold illegal narcotics anonymously. |
October 15, 2024
|
|
EDRSilencer red team tool used in attacks to bypass security
A tool for red-team operations called EDRSilencer has been observed in malicious incidents attempting to identify security tools and mute their alerts to management consoles. |
October 15, 2024
|
|
New FIDO proposal lets you securely move passkeys across platforms
The Fast IDentity Online (FIDO) Alliance has published a working draft of a new specification that aims to enable the secure transfer of passkeys between different providers. |
October 15, 2024
|
|
Over 200 malicious apps on Google Play downloaded millions of times
Google Play, the official store for Android, distributed over a period of one year more than 200 malicious applications, which cumulatively counted nearly eight million downloads. |
October 14, 2024
|
|
Cisco investigates breach after stolen data for sale on hacking forum
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. |
October 14, 2024
|
|
New FASTCash malware Linux variant helps steal money from ATMs
North Korean hackers are using a new Linux variant of the FASTCash malware to infect the payment switch systems of financial institutions and perform unauthorized cash withdrawals. |
October 14, 2024
|
|
Jetpack fixes critical information disclosure flaw existing since 2016
WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged-in user to access forms submitted by other visitors to the site. |
October 14, 2024
|
|
TrickMo malware steals Android PINs using fake lock screen
Forty new variants of the TrickMo Android banking trojan have been identified in the wild, linked to 16 droppers and 22 distinct command and control (C2) infrastructures, with new features designed to steal Android PINs. |
October 14, 2024
|
|
Pokemon dev Game Freak confirms breach after stolen data leaks online
Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. |
October 13, 2024
|
|
Google warns uBlock Origin and other extensions may be disabled soon
Google's Chrome Web Store is now warning that the uBlock Origin ad blocker and other extensions may soon be blocked as part of the company's deprecation of the Manifest V2 extension specification. |
October 13, 2024
|
|
Iranian hackers now exploit Windows flaw to elevate privileges
The Iranian state-sponsored hacking group APT34, aka OilRig, has recently escalated its activities with new campaigns targeting government and critical infrastructure entities in the United Arab Emirates and the Gulf region. |
October 12, 2024
|
|
Microsoft deprecates PPTP and L2TP VPN protocols in Windows Server
Microsoft has officially deprecated the Point-to-Point Tunneling Protocol (PPTP) and Layer 2 Tunneling Protocol (L2TP) in future versions of Windows Server, recommending admins switch to different protocols that offer increased security. |
October 12, 2024
|
|
OpenAI confirms threat actors use ChatGPT to write malware
OpenAI has disrupted over 20 malicious cyber operations abusing its AI-powered chatbot, ChatGPT, for debugging and developing malware, spreading misinformation, evading detection, and conducting spear-phishing attacks. |
October 11, 2024
|
|
CISA: Hackers abuse F5 BIG-IP cookies to map internal servers
CISA is warning that threat actors have been observed abusing unencrypted persistent F5 BIG-IP cookies to identify and target other internal devices on the targeted network. |
October 11, 2024
|
|
Casio confirms customer data stolen in a ransomware attack
Casio now confirms it suffered a ransomware attack earlier this month, warning that the personal and confidential data of employees, job candidates, and some customers was also stolen. |
October 10, 2024
|
|
Ukraine arrests rogue VPN operator providing access to Runet
Ukraine's cyber police have arrested a 28-year-old man who operated a massive virtual private network (VPN) service, allowing people from within the country to access the Russian internet (Runet). |
October 10, 2024
|
|
Akira and Fog ransomware now exploit critical Veeam RCE flaw
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. |
October 10, 2024
|
|
Marriott settles with FTC, to pay $52 million over data breaches
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. |
October 10, 2024
|
|
US, UK warn of Russian APT29 hackers targeting Zimbra, TeamCity servers
U.S. and U.K. cyber agencies warned today that APT29 hackers linked to Russia's Foreign Intelligence Service (SVR) target vulnerable Zimbra and JetBrains TeamCity servers "at a mass scale." |
October 10, 2024
|
|
Fidelity Investments says data breach affects over 77,000 people
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. |
October 10, 2024
|
|
Underground ransomware claims attack on Casio, leaks stolen data
The Underground ransomware gang has claimed responsibility for an October 5 attack on Japanese tech giant Casio, which caused system disruptions and impacted some of the firm's services. |
October 10, 2024
|
|
Microsoft Outlook bug blocks email logins, causes app crashes
Microsoft is investigating an Outlook bug causing desktop app crashes, high system resource usage, and preventing users from logging into their accounts. |
October 10, 2024
|
|
GitLab warns of critical arbitrary branch pipeline execution flaw
GitLab has released security updates to address multiple flaws in Community Edition (CE) and Enterprise Edition (EE), including a critical arbitrary branch pipeline execution flaw. |
October 9, 2024
|
|
Internet Archive hacked, data breach impacts 31 million users
Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. |
October 9, 2024
|
|
CISA says critical Fortinet RCE flaw now exploited in attacks
Today, CISA revealed that attackers actively exploit a critical FortiOS remote code execution (RCE) vulnerability in the wild. |
October 9, 2024
|
|
Crypto-stealing malware campaign infects 28,000 people
Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. |
October 9, 2024
|
|
Palo Alto Networks warns of firewall hijack bugs with public exploit
Palo Alto Networks warned customers today to patch security vulnerabilities (with public exploit code) that can be chained to let attackers hijack PAN-OS firewalls. |
October 9, 2024
|
|
Mozilla fixes Firefox zero-day actively exploited in attacks
Mozilla has issued an emergency security update for the Firefox browser to address a critical use-after-free vulnerability that is currently exploited in attacks. |
October 9, 2024
|
|
Microsoft fixes Word bug that deleted documents when saving
Microsoft has fixed a known issue that was causing Word to delete some Windows users' documents instead of saving them. |
October 9, 2024
|
|
How open source SIEM and XDR tackle evolving threats
Evolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats. |
October 9, 2024
|
|
Recent Dr.Web cyberattack claimed by pro-Ukrainian hacktivists
A group of pro-Ukrainian hacktivists has claimed responsibility for the September breach of Russian security company Doctor Web (Dr.Web). |
October 9, 2024
|
|
Dutch police arrest admin of 'Bohemia/Cannabia' dark web market
An international law enforcement operation led to the arrest of one of the three administrators of the dual dark web market 'Bohemia/Cannabia,' known for hosting ads for drug sales and distributed denial of service (DDoS) attacks. |
October 9, 2024
|
|
Discord blocked in Russia and Turkey for spreading illegal content
Discord has been suddenly blocked in Russia and Turkey since yesterday due to illegal activity residing on the platform, leaving legitimate users in those countries unable to visit the website or connect to the service. |
October 8, 2024
|
|
New scanner finds Linux, UNIX servers exposed to CUPS RCE attacks
An automated scanner has been released to help security professionals scan environments for devices vulnerable to the Common Unix Printing System (CUPS) RCE flaw tracked as CVE-2024-47176. |
October 8, 2024
|
|
Microsoft: Windows 11 22H2 Home and Pro reached end of servicing
Microsoft reminded customers today that multiple editions of Windows 11 22H2 and 21H2 have reached their end of servicing. |
October 8, 2024
|
|
New Mamba 2FA bypass service targets Microsoft 365 accounts
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. |
October 8, 2024
|
|
Microsoft fixes Remote Desktop issues caused by Windows Server update
Microsoft says this month's Patch Tuesday cumulative updates fix a known issue that causes Windows servers to disrupt Remote Desktop connections in enterprise networks after installing the July Windows Server security updates. |
October 8, 2024
|
|
Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws
Today is Microsoft's October 2024 Patch Tuesday, which includes security updates for 118 flaws, including five publicly disclosed zero-days, two of which are actively exploited. |
October 8, 2024
|
|
Windows 11 KB5044284 and KB5044285 cumulative updates released
Microsoft has released the KB5044284 and KB5044285 Windows 11 cumulative updates for versions 24H2 and 22H2/23H2 to fix security vulnerabilities and resolve 27 bugs and performance issues. |
October 8, 2024
|
|
Windows 10 KB5044273 update released with 9 fixes, security updates
Microsoft has released the KB5044273 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes nine changes and fixes, including a new Windows Update opt-in notification shown when you log in to the operating system. |
October 8, 2024
|
|
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks. |
October 8, 2024
|
|
European govt air-gapped systems breached using custom malware
An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. |
October 8, 2024
|
|
Casio reports IT systems failure after weekend network breach
Japanese tech giant Casio has suffered a cyberattack after an unauthorized actor accessed its networks on October 5, causing system disruption that impacted some of its services. |
October 8, 2024
|
|
Microsoft Edge begins testing Copilot Vision
Microsoft Edge Canary has been updated with an interesting feature called Copilot Vision, but it's still in testing. |
October 7, 2024
|
|
MoneyGram confirms hackers stole customer data in cyberattack
MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. |
October 7, 2024
|
|
ADT discloses second breach in 2 months, hacked via stolen credentials
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. |
October 7, 2024
|
|
LEGO's website hacked to push cryptocurrency scam
On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. |
October 7, 2024
|
|
Ukrainian pleads guilty to operating Raccoon Stealer malware
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. |
October 7, 2024
|
|
Microsoft: Word deletes some documents instead of saving them
Microsoft warns that a new bug may cause Word for Windows to delete some documents instead of saving them. |
October 7, 2024
|
|
Qualcomm patches high-severity zero-day exploited in attacks
Qualcomm has released security patches for a zero-day vulnerability in the Digital Signal Processor (DSP) service that impacts dozens of chipsets. |
October 7, 2024
|
|
American Water shuts down online services after cyberattack
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. |
October 7, 2024
|
|
AT&T, Verizon reportedly hacked to target US govt wiretapping platform
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. |
October 7, 2024
|
|
Hybrid Analysis Bolstered by Criminal IP’s Comprehensive Domain Intelligence
AI SPERA announced that its domain and IP address threat intel platform, Criminal IP, is now integrated with Hybrid Analysis. Learn more from Criminal IP about how this brings additional insights to Hybrid Analysis. |
October 6, 2024
|
|
Comcast and Truist Bank customers caught up in FBCS data breach
Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. |
October 6, 2024
|
|
Man pleads guilty to stealing $37 million in crypto from 571 victims
A 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. |
October 6, 2024
|
|
Google Pay alarms users with accidental ‘new card’ added emails
Google Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. |
October 5, 2024
|
|
MoneyGram: No evidence ransomware is behind recent cyberattack
MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. |
October 4, 2024
|
|
Highline Public Schools confirms ransomware behind shutdown
On Thursday, K-12 school district Highline Public Schools confirmed that a ransomware attack forced it to shut down all schools in early September. |
October 4, 2024
|
|
Russia arrests US-sanctioned Cryptex founder, 95 other linked suspects
Russian law enforcement detained almost 100 suspects linked to the Cryptex cryptocurrency exchange, the UAPS anonymous payment service, and 33 other online services and platforms used to make illegal payments and sell stolen credentials. |
October 4, 2024
|
|
Google removes Kaspersky's antivirus software from Play Store
Over the weekend, Google removed Kaspersky's Android security apps from the Google Play store and disabled the Russian company's developer accounts. |
October 4, 2024
|
|
Outlast game development delayed after Red Barrels cyberattack
Canadian video game developer Red Barrels is warning that the development of its Outlast games will likely be delayed after the company suffered a cyberattack impacting its internal IT systems and data. |
October 4, 2024
|
|
UK nuclear site Sellafield fined $440,000 for cybersecurity shortfalls
Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. |
October 3, 2024
|
|
Recently patched CUPS flaw can be used to amplify DDoS attacks
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. |
October 3, 2024
|
|
‘Pig butchering’ trading apps found on Google Play, App Store
Fake trading apps on Google Play and Apple's App Store lure victims into "pig butchering" scams that have a global reach. |
October 3, 2024
|
|
Dutch Police: ‘State actor’ likely behind recent data breach
The national Dutch police (Politie) says that a state actor was likely behind the data breach it detected last week. |
October 3, 2024
|
|
Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. |
October 3, 2024
|
|
Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks
Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. |
October 3, 2024
|
|
Fraudsters imprisoned for scamming Apple out of 6,000 iPhones
Two Chinese nationals were sentenced to prison for scamming Apple out of more than $2.5 million after exchanging over 6,000 counterfeit iPhones for authentic ones. |
October 3, 2024
|
|
Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps
During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a "month-long" barrage of more than 100 hyper-volumetric DDoS attacks flood. |
October 3, 2024
|
|
Linux malware “perfctl” behind years-long cryptomining campaign
A Linux malware named "perfctl" has been targeting Linux servers and workstations for at least three years, remaining largely undetected through high levels of evasion and the use of rootkits. |
October 3, 2024
|
|
Why your password policy should include a custom dictionary
Utilizing a custom dictionaries helps strengthen your password policies. Learn more from Specops Software about how to build custom dictionaries in your Windows Active Directory password policy. |
October 2, 2024
|
|
FIN7 hackers launch deepfake nude “generator” sites to spread malware
The notorious APT hacking group known as FIN7 launched a network of fake AI-powered deepnude generator sites to infect visitors with information-stealing malware. |
October 2, 2024
|
|
Critical Ivanti RCE flaw with public exploit now used in attacks
CISA warned today that a critical Ivanti vulnerability that can let threat actors gain remote code execution on vulnerable Endpoint Manager (EPM) appliances is now actively exploited in attacks. |
October 2, 2024
|
|
Fake browser updates spread updated WarmCookie malware
A new 'FakeUpdate' campaign targeting users in France leverages compromised websites to show fake browser and application updates that spread a new version of the WarmCookie malware. |
October 2, 2024
|
|
Microsoft Office 2024 now available for Windows and macOS users
Microsoft has released Office 2024 for small businesses and consumers who want a standalone version without a Microsoft 365 subscription. |
October 2, 2024
|
|
CISA: Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. |
October 2, 2024
|
|
Critical Zimbra RCE flaw exploited to backdoor servers using emails
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. |
October 2, 2024
|
|
DrayTek fixed critical flaws in over 700,000 exposed routers
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. |
October 2, 2024
|
|
Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues
Microsoft is blocking Windows 24H2 upgrades on systems with incompatible Intel Smart Sound Technology (SST) audio drivers due to blue screen of death (BSOD) issues. |
October 2, 2024
|
|
Microsoft warns of Windows 11 24H2 gaming performance issues
Microsoft is working to fix several known issues behind Asphalt 8 game crashes and Easy Anti-Cheat blue screens on some Windows 24H2 systems. |
October 1, 2024
|
|
Arc browser launches bug bounty program after fixing RCE bug
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. |
October 1, 2024
|
|
Microsoft fixes Outlook email sending issue for users with many folders
Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. |
October 1, 2024
|
|
Rackspace monitoring data stolen in ScienceLogic zero-day attack
Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. |
October 1, 2024
|
|
Ransomware attack forces UMC Health System to divert some patients
Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. |
October 1, 2024
|
|
Evil Corp hit with new sanctions, BitPaymer ransomware charges
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. |
October 1, 2024
|
|
Police arrest four suspects linked to LockBit ransomware gang
Law enforcement authorities from 12 countries arrested four suspects linked to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two people connected to LockBit activity. |
October 1, 2024
|
|
Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues
Microsoft fixes a known issue in the Windows KB5043145 preview update that causes reboot loops, freezes systems, and breaks USB and Bluetooth devices. |
October 1, 2024
|
|
Windows 11 24H2 now rolling out, here are the new features
Today, Microsoft announced the release of Windows 11, version 24H2, the next feature update for its operating system (also known as the Windows 11 2024 Update). |
September 30, 2024
|
|
The Playstation Network is down in a global outage
The PlayStation Network is suffering a global outage, with subscribers confirming that they can no longer play online games or access the company's website. |
September 30, 2024
|
|
Hacker charged for breaching 5 companies for insider trading
The U.S. Securities and Exchange Commission (SEC) charged Robert B. Westbrook, a U.K. citizen, with hacking into the computer systems of five U.S. public companies to access confidential earnings information and conduct insider trading. |
September 30, 2024
|
|
Microsoft overhauls security for publishing Edge extensions
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. |
September 30, 2024
|
|
Microsoft Defender adds detection of unsecure Wi-Fi networks
Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they're connected to unsecured Wi-Fi networks. |
September 30, 2024
|
|
JPCERT shares Windows Event Log tips to detect ransomware attacks
Japan's Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting different ransomware gang's attacks based on entries in Windows Event Logs, providing timely detection of ongoing attacks before they spread too far into a network. |
September 30, 2024
|
|
T-Mobile pays $31.5 million FCC settlement over 4 data breaches
The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers. |
September 30, 2024
|
|
Man charged for selling forged license keys for network switches
The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. |
September 30, 2024
|
|
Verizon outage: iPhones, Android devices stuck in SOS mode
A widespread Verizon outage is causing iPhones and Android devices to enter SOS mode, preventing them from making mobile calls unless they use WiFi calling. |
September 30, 2024
|
|
Media giant AFP hit by cyberattack impacting news delivery services
Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. |
September 30, 2024
|
|
Windows 11 KB5043145 update causes reboot loops, blue screens
Microsoft warns that some Windows 11 systems enter reboot loops or might freeze with blue screens after installing the September 2024 KB5043145 preview update. |
September 29, 2024
|
|
Critical flaw in NVIDIA Container Toolkit allows full host takeover
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. |
September 28, 2024
|
|
Ireland fines Meta €91 million for storing passwords in plaintext
The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. |
September 27, 2024
|
|
Iranian hackers charged for ‘hack-and-leak’ plot to influence election
The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. |
September 27, 2024
|
|
U.S. charges Joker's Stash and Rescator money launderers
The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups. |
September 27, 2024
|
|
Microsoft: Windows Recall now can be removed, is more secure
Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. |
September 27, 2024
|
|
Embargo ransomware escalates attacks to cloud environments
Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. |
September 27, 2024
|
|
Progress urges admins to patch critical WhatsUp Gold bugs ASAP
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. |
September 27, 2024
|
|
Windows 11 KB5043145 update released with 13 changes and fixes
Microsoft released the September 2024 preview update (KB5043145) for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes. |
September 26, 2024
|
|
CUPS flaws enable Linux remote code execution, but there’s a catch
Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. |
September 26, 2024
|
|
New RomCom malware variant 'SnipBot' spotted in data theft attacks
A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. |
September 26, 2024
|
|
Kia dealer portal flaw could let attackers hack millions of cars
A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate. |
September 26, 2024
|
|
Tails OS merges with Tor Project for better privacy, security
The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship. |
September 26, 2024
|
|
US sanctions crypto exchanges used by Russian ransomware gangs
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned PM2BTC and Cryptex, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. |
September 26, 2024
|
|
Automattic blocks WP Engine’s access to WordPress resources
WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. |
September 26, 2024
|
|
Fake WalletConnect app on Google Play steals Android users’ crypto
A crypto draining app mimicking the legitimate 'WalletConnect' project has been distributed over Google Play for five months getting more than 10,000 downloads. |
September 26, 2024
|
|
HPE Aruba Networking fixes critical flaws impacting Access Points
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. |
September 25, 2024
|
|
Mozilla accused of tracking users in Firefox without consent
European digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users' online behavior. |
September 25, 2024
|
|
Meta halts routing via Deutsche Telekom over €20M peering fee
Meta announced that it's ending its direct peering relationship with Deutsche Telekom following a court's ruling earlier this year that would oblige the tech firm to pay the telecom €20,000,000 to continue using its network. |
September 25, 2024
|
|
Google sees 68% drop in Android memory safety flaws over 5 years
The percentage of Android vulnerabilities caused by memory safety issues has dropped from 76% in 2019 to only 24% in 2024, representing a massive decrease of over 68% in five years. |
September 25, 2024
|
|
CISA: Hackers target industrial systems using “unsophisticated methods”
CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. |
September 25, 2024
|
|
The "Llama" is freed: Winamp goes open source after 27 years
The iconic Winamp media player has fulfilled a promise made in May to go open-source and has now published its complete source code on GitHub. |
September 24, 2024
|
|
Windows 10 KB5043131 update released with 9 changes and fixes
Microsoft has released the September 2024 non-security preview update for Windows 10, version 22H2, with fixes for bugs causing Edge web browser freezes and media playback issues. |
September 24, 2024
|
|
AutoCanada says ransomware attack "may" impact employee data
AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. |
September 24, 2024
|
|
Kansas water plant cyberattack forces switch to manual operations
Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. |
September 24, 2024
|
|
U.S. govt agency CMS says data breach impacted 3.1 million people
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. |
September 24, 2024
|
|
Infostealer malware bypasses Chrome’s new cookie-theft defenses
Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. |
September 24, 2024
|
|
Critical Ivanti vTM auth bypass bug now exploited in attacks
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. |
September 24, 2024
|
|
Hackers deploy AI-written malware in targeted attacks
While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented. |
September 24, 2024
|
|
Generative AI Security: Getting ready for Salesforce Einstein Copilot
Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from Varonis on how to prepare for Salesforce Einstein Copilot, |
September 24, 2024
|
|
MoneyGram confirms a cyberattack is behind dayslong outage
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. |
September 24, 2024
|
|
New Octo Android malware version impersonates NordVPN, Google Chrome
A new version of the Octo Android malware, named "Octo2," has been seen spreading across Europe under the guise of NordVPN, Google Chrome, and an app called Europe Enterprise. |
September 23, 2024
|
|
US proposes ban on connected vehicle tech from China, Russia
Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia. |
September 23, 2024
|
|
Telegram now shares users’ IP and phone number on legal requests
Telegram will now share users' phone numbers and IP addresses with law enforcement if they are found to be violating the platform's rules following a valid legal request. |
September 23, 2024
|
|
New Mallox ransomware Linux variant based on leaked Kryptina code
An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. |
September 23, 2024
|
|
Kaspersky deletes itself, installs UltraAV antivirus without warning
Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning. |
September 23, 2024
|
|
Android malware 'Necro' infects 11 million devices via Google Play
A new version of the Necro malware loader for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. |
September 23, 2024
|
|
How to manage shadow IT and reduce your attack surface
In today's fast-paced business environment, employees increasingly turn to unauthorized IT solutions, called Shadow IT, to streamline their work and boost productivity. This article explores the prevalence of shadow IT, the risks it poses and discusses strategies for managing it. |
September 22, 2024
|
|
New Google Chrome feature will translate complex pages in real time
Google is testing a new API that uses machine learning models to offer real-time language translation for inputted text and to make it easier to translate web pages. |
September 21, 2024
|
|
Global infostealer malware operation targets crypto users, gamers
A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." |
September 20, 2024
|
|
Microsoft ends development of Windows Server Update Services (WSUS)
Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. |
September 20, 2024
|
|
Windows Server 2025 previews security updates without restarts
Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting. |
September 20, 2024
|
|
Disney ditching Slack after massive July data breach
The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company's internal communication channels. |
September 20, 2024
|
|
Ukraine bans Telegram on military, govt devices over security risks
Ukraine's National Coordination Centre for Cybersecurity (NCCC) has restricted the use of the Telegram messaging app within government agencies, military units, and critical infrastructure, citing national security concerns. |
September 20, 2024
|
|
Dell investigates data breach claims after hacker leaks employee info
Dell has confirmed to BleepingComputer that they are investigating recent claims that it suffered a data breach after a threat actor leaked the data for over 10,000 employees. |
September 20, 2024
|
|
macOS Sequoia change breaks networking for VPN, antivirus software
Users of macOS 15 'Sequoia' are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers. |
September 20, 2024
|
|
Clickbaity or genius? 'BF cheated on you' QR codes pop up across UK
A new wave of QR codes has popped up across UK claiming to share a video of a boyfriend who "cheated" on a girl named Emily last night. Clickbaity or genius? |
September 19, 2024
|
|
Suspects behind $230 million cryptocurrency theft arrested in Miami
Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. |
September 19, 2024
|
|
CISA warns of actively exploited Apache HugeGraph-Server bug
The U.S. Cybersecurity and Infrastructure Agency (CISA) has added five flaws to its Known Exploited Vulnerabilities (KEV) catalog, among which is a remote code execution (RCE) flaw impacting Apache HugeGraph-Server. |
September 19, 2024
|
|
Microsoft Edge will flag extensions causing performance issues
Microsoft is testing a new feature in the Edge browser called the "extension performance detector," which warns you when browser extensions cause performance issues on web pages you visit. |
September 19, 2024
|
|
Tor says it’s "still safe" amid reports of police deanonymizing users
The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. |
September 19, 2024
|
|
Ivanti warns of another critical CSA flaw exploited in attacks
Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. |
September 19, 2024
|
|
FTC exposes massive surveillance of kids, teens by social media giants
A Federal Trade Commission (FTC) staff report has found that social media and video streaming companies have been engaging in widespread user surveillance, particularly of children and teens, with insufficient privacy protections and earning billions of dollars annually by monetizing their data. |
September 19, 2024
|
|
Google Password Manager now automatically syncs your passkeys
Google announced that starting today, passkeys added to Google Password Manager will automatically sync between Windows, macOS, Linux, Android, and ChromeOS devices for logged-in users. |
September 19, 2024
|
|
Police dismantles phone unlocking ring linked to 483,000 victims
A joint law enforcement operation has dismantled an international criminal network that used the iServer automated phishing-as-a-service platform to unlock the stolen or lost mobile phones of 483,000 victims worldwide. |
September 19, 2024
|
|
Germany seizes 47 crypto exchanges used by ransomware gangs
German law enforcement seized 47 cryptocurrency exchange services hosted in the country that facilitated illegal money laundering activities for cybercriminals, including ransomware gangs. |
September 19, 2024
|
|
How to reduce cyber risk during employee onboarding
Onboarding new employees is an important time for any organization but comes with a unique set of security risks. Learn more from Specops Software about these risks and how to mitigate them. |
September 19, 2024
|
|
Mysterious "LOVE" packet storms flood the internet since 2020
Internet intelligence firm GreyNoise reports that it has been tracking large waves of "Noise Storms" containing spoofed internet traffic since January 2020. However, despite extensive analysis, it has not concluded its origin and purpose. |
September 19, 2024
|
|
Clever 'GitHub Scanner' campaign abusing repos to push malware
A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming that the project contains a "security vulnerability." |
September 18, 2024
|
|
Discord rolls out end-to-end encryption for audio, video calls
Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. |
September 18, 2024
|
|
Europol takes down "Ghost" encrypted messaging platform used for crime
Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. |
September 18, 2024
|
|
X hacking spree fuels "$HACKED" crypto token pump-and-dump
An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. |
September 18, 2024
|
|
Microsoft: Vanilla Tempest hackers hit healthcare with INC ransomware
Microsoft says a ransomware affiliate it tracks as Vanilla Tempest now targets U.S. healthcare organizations in INC ransomware attacks. |
September 18, 2024
|
|
GitLab releases fix for critical SAML authentication bypass flaw
GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). |
September 18, 2024
|
|
Microsoft may have revealed Windows 11 24H2 is coming this month
Microsoft may have accidentally confirmed that Windows 11 24H2 (Windows 11 2024 Update) is arriving on September 24 as part of the optional preview update, with it rolling out to more people as part of the mandatory October Patch Tuesday updates. |
September 18, 2024
|
|
Apple pulls iPadOS 18 update bricking M4 iPad Pro devices
Apple has paused the rollout of iPadOS 18 on iPad Pro tablets with the M4 chip after numerous owners reported the update is "bricking" their devices, with no way to turn them on after performing the update. |
September 18, 2024
|
|
Chinese botnet infects 260,000 SOHO routers, IP cameras with malware
The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. |
September 18, 2024
|
|
Russian security firm Dr.Web disconnects all servers after breach
On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. |
September 18, 2024
|
|
4 Top Security Automation Use Cases: A Detailed Guide
Learn about the top 4 security automation use cases that can streamline your cybersecurity efforts. This guide covers reducing enriching indicators of compromise (IoCs), monitoring external attack surface(s), scanning for web application vulnerabilities and monitoring for leaked user credentials - specifically email addresses. |
September 17, 2024
|
|
Temu denies breach after hacker claims theft of 87 million data records
Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. |
September 17, 2024
|
|
Broadcom fixes critical RCE bug in VMware vCenter Server
Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. |
September 17, 2024
|
|
Construction firms breached in brute force attacks on accounting software
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. |
September 17, 2024
|
|
Cloudflare outage cuts off access to websites in some regions
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. |
September 17, 2024
|
|
AT&T pays $13 million FCC settlement over 2023 data breach
The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the telecom giant failed to protect customer data after a vendor's cloud environment was breached three years ago. |
September 17, 2024
|
|
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged tech companies to review their software and eliminate cross-site scripting (XSS) vulnerabilities before shipping. |
September 17, 2024
|
|
Ransomware gangs now abuse Microsoft Azure tool for data theft
Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. |
September 17, 2024
|
|
PKfail Secure Boot bypass remains a significant risk two months later
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches, leaving many Secure Boot devices vulnerable to UEFI bootkit malware attacks. |
September 17, 2024
|
|
Over 1,000 ServiceNow instances found leaking corporate KB data
Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. |
September 16, 2024
|
|
Microsoft fixes bug crashing Microsoft 365 apps when typing
Microsoft has fixed a known issue that causes Microsoft 365 apps like Outlook, Word, Excel, and OneNote to crash while typing or spell-checking a text. |
September 16, 2024
|
|
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. |
September 16, 2024
|
|
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. |
September 16, 2024
|
|
Microsoft rolls out Office LTSC 2024 for Windows and Mac
Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. |
September 16, 2024
|
|
US cracks down on spyware vendor Intellexa with more sanctions
Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. |
September 16, 2024
|
|
Chrome switching to NIST-approved ML-KEM quantum encryption
Google announced updates in the post-quantum cryptographic key encapsulation mechanism used in the Chrome browser, specifically, the swap of Kyber used in hybrid key exchanges with Module Lattice Key Encapsulation Mechanism (ML-KEM). |
September 16, 2024
|
|
D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers
D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. |
September 15, 2024
|
|
Windows vulnerability abused braille “spaces” in zero-day attacks
A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. |
September 14, 2024
|
|
FBI tells public to ignore false claims of hacked voter data
The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) are alerting the public of false claims that the U.S. voter registration data has been compromised in cyberattacks. |
September 14, 2024
|
|
Malware locks browser in kiosk mode to steal Google credentials
A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. |
September 13, 2024
|
|
Port of Seattle hit by Rhysida ransomware in August attack
Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. |
September 13, 2024
|
|
TfL requires in-person password resets for 30,000 employees after hack
Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. |
September 13, 2024
|
|
23andMe to pay $30 million in genetics data breach settlement
DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. |
September 13, 2024
|
|
Ivanti warns high severity CSA flaw is now exploited in attacks
Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. |
September 13, 2024
|
|
New Linux malware Hadooken targets Oracle WebLogic servers
Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken, which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. |
September 13, 2024
|
|
RansomHub claims Kawasaki cyberattack, threatens to leak stolen data
Kawasaki Motors Europe has announced that it's recovering from a cyberattack that caused service disruptions as the RansomHub ransomware gang threatens to leak stolen data. |
September 12, 2024
|
|
New Vo1d malware infects 1.3 million Android TV streaming boxes
|
September 12, 2024
|
|
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023
The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). |
September 12, 2024
|
|
Fortinet confirms data breach after hacker claims to steal 440GB of files
Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. |
September 12, 2024
|
|
UK arrests teen linked to Transport for London cyber attack
U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. |
September 12, 2024
|
|
Hackers targeting WhatsUp Gold with public exploit since August
Hackers have been leveraging publicly available exploit code for two critical vulnerabilities in the WhatsUp Gold network availability and performance monitoring solution from Progress Software. |
September 12, 2024
|
|
Transport for London confirms customer data stolen in cyberattack
Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. |
September 12, 2024
|
|
GitLab warns of critical pipeline execution vulnerability
GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. |
September 11, 2024
|
|
Fake password manager coding test used to hack Python developers
Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. |
September 11, 2024
|
|
Adobe fixes Acrobat Reader zero-day with public PoC exploit
A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. |
September 11, 2024
|
|
WordPress.org to require 2FA for plugin developers by October
Starting October 1st, WordPress.org accounts that can push updates and changes to plugins and themes will be required to activate two-factor authentication (2FA) on their accounts. |
September 11, 2024
|
|
Criminal IP and IPLocation.io Join Forces for Enhanced IP Analysis
AI SPERA announced today that its IP address intelligence engine, Criminal IP, has integrated with IPLocation.io. Learn more from Criminal IP about how this brings additional insights to Criminal IP's threat intelligence database. |
September 11, 2024
|
|
Chinese hackers linked to cybercrime syndicate arrested in Singapore
Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." |
September 10, 2024
|
|
Microsoft fixes Windows Server performance issues from August updates
Microsoft says this month's Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates. |
September 10, 2024
|
|
Ivanti fixes maximum severity RCE bug in Endpoint Management software
Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. |
September 10, 2024
|
|
New PIXHELL acoustic attack leaks secrets from LCD screen noise
A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. |
September 10, 2024
|
|
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
The RansomHub ransomware gang has been using TDSSKiller, a legitimate tool from Kaspersky, to disable endpoint detection and response (EDR) services on target systems. |
September 10, 2024
|
|
Windows 10 KB5043064 update released with 6 fixes, security updates
Microsoft has released the KB5043064 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 6 changes and fixes, including a fix for Bluetooth devices that stop working due to a memory leak. |
September 10, 2024
|
|
Microsoft fixes Windows Smart App Control zero-day exploited since 2018
Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. |
September 10, 2024
|
|
Windows 11 KB5043076 cumulative update released with 19 changes
Microsoft has released the mandatory Windows 11 23H2 KB5043076 cumulative update to fix security vulnerabilities and make 19 improvements. |
September 10, 2024
|
|
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including four actively exploited and one publicly disclosed zero-days. |
September 10, 2024
|
|
Wix to block Russian users starting September 12
Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down. |
September 10, 2024
|
|
Microsoft to start force-upgrading Windows 22H2 systems next month
Microsoft announced that Windows 11 installs reaching the end of support next month, on October 8, will be force-upgraded to Windows 11 23H2. |
September 10, 2024
|
|
Navigating Endpoint Privilege Management: Insights for CISOs and Admins
Understanding endpoint privilege management is key to defending organizations from advanced attacks. Learn more from ThreatLocker on using endpoint privilege management to better secure your org's systems. |
September 10, 2024
|
|
Flipper Zero releases Firmware 1.0 after three years of development
After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. |
September 10, 2024
|
|
NoName ransomware gang deploying RansomHub malware in recent attacks
The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. |
September 9, 2024
|
|
Critical SonicWall SSLVPN bug exploited in ransomware attacks
Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. |
September 9, 2024
|
|
Quad7 botnet targets more SOHO and VPN routers, media servers
The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. |
September 9, 2024
|
|
Chinese hackers use new data theft malware in govt attacks
New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. |
September 9, 2024
|
|
Highline Public Schools closes schools following cyberattack
Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. |
September 9, 2024
|
|
Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature
A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. |
September 9, 2024
|
|
Payment gateway data breach affects 1.7 million credit card owners
Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. |
September 9, 2024
|
|
How to defend against brute force and password spray attacks
While not very sophisticated, brute force password attacks pose a significant threat to an organization's security. Learn more from Specops Software about these types of attacks and how to defend against them. |
September 8, 2024
|
|
Progress LoadMaster vulnerable to 10/10 severity RCE flaw
Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. |
September 7, 2024
|
|
Sextortion scam now use your "cheating" spouse’s name as a lure
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. |
September 7, 2024
|
|
New RAMBO attack steals data using RAM in air-gapped computers
A novel side-channel attack dubbed "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. |
September 6, 2024
|
|
Transport for London staff faces systems disruptions after cyberattack
Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. |
September 6, 2024
|
|
Car rental giant Avis discloses data breach impacting customers
American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. |
September 6, 2024
|
|
Microsoft Office 2024 to disable ActiveX controls by default
After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. |
September 6, 2024
|
|
SpyAgent Android malware steals your crypto recovery phrases from images
A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. |
September 6, 2024
|
|
SonicWall SSLVPN access control flaw is now exploited in attacks
SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. |
September 5, 2024
|
|
Apache fixes critical OFBiz remote code execution vulnerability
Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. |
September 5, 2024
|
|
Microsoft removes revenge porn from Bing search using new tool
Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. |
September 5, 2024
|
|
Russian military hackers linked to critical infrastructure attacks
The United States and its allies have linked a group of Russian hackers (tracked as Cadet Blizzard and Ember Bear) behind global critical infrastructure attacks to Unit 29155 of Russia's Main Directorate of the General Staff of the Armed Forces (also known as GRU). |
September 5, 2024
|
|
LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. |
September 5, 2024
|
|
Musician charged with $10M streaming royalties fraud using AI and bots
North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. |
September 5, 2024
|
|
Veeam warns of critical RCE flaw in Backup & Replication software
Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. |
September 5, 2024
|
|
Fake OnlyFans cybercrime tool infects hackers with malware
Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware. |
September 5, 2024
|
|
Planned Parenthood confirms cyberattack as RansomHub claims breach
Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. |
September 4, 2024
|
|
Microchip Technology confirms data was stolen in cyberattack
American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. |
September 4, 2024
|
|
Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel
The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. |
September 4, 2024
|
|
US cracks down on Russian disinformation before 2024 election
The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. |
September 4, 2024
|
|
Cisco fixes root escalation vulnerability with public exploit code
Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. |
September 4, 2024
|
|
New Eucleak attack lets threat actors clone YubiKey FIDO keys
A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. |
September 4, 2024
|
|
Cisco warns of backdoor admin account in Smart Licensing Utility
Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. |
September 4, 2024
|
|
Hackers inject malicious JS in Cisco store to steal credit cards, credentials
Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. |
September 4, 2024
|
|
Google backports fix for Pixel EoP flaw to other Android devices
Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. |
September 4, 2024
|
|
Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security
AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. |
September 4, 2024
|
|
Revival Hijack supply-chain attack threatens 22,000 PyPI packages
Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. |
September 3, 2024
|
|
FTC: Over $110 million lost to Bitcoin ATM scams in 2023
The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. |
September 3, 2024
|
|
Zyxel warns of critical OS command injection flaw in routers
Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. |
September 3, 2024
|
|
New Windows PowerToy launches, repositions apps to saved layouts
Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. |
September 3, 2024
|
|
FBI warns crypto firms of aggressive social engineering attacks
The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. |
September 3, 2024
|
|
Clearview AI fined €30.5 million for unlawful data collection
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. |
September 3, 2024
|
|
D-Link says it is not fixing four RCE flaws in DIR-846W routers
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. |
September 3, 2024
|
|
Halliburton confirms data stolen in recent cyberattack
Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. |
September 2, 2024
|
|
Transport for London discloses ongoing “cyber security incident”
Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. |
September 2, 2024
|
|
Admins of MFA bypass service plead guilty to fraud
Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. |
September 2, 2024
|
|
Verkada to pay $2.95M for security failures leading to breaches
The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras. |
September 2, 2024
|
|
Business services giant CBIZ discloses customer data breach
CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. |
September 1, 2024
|
|
Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems
A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. |
August 31, 2024
|
|
GitHub comments abused to push password stealing malware masked as fixes
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. |
August 31, 2024
|
|
Docker-OSX image used for security research hit by Apple DMCA takedown
The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. |
August 30, 2024
|
|
Microsoft is trying to reduce Windows 11's desktop spotlight clutter
Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. |
August 30, 2024
|
|
Researchers find SQL injection to bypass airport TSA security checks
Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. |
August 30, 2024
|
|
New Voldemort malware abuses Google Sheets to store stolen data
A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. |
August 30, 2024
|
|
North Korean hackers exploit Chrome zero-day to deploy rootkit
North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. |
August 30, 2024
|
|
Researcher sued for sharing data stolen by ransomware with media
The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the City's IT network and leaked by the Rhysida ransomware gang. |
August 29, 2024
|
|
Halliburton cyberattack linked to RansomHub ransomware gang
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. |
August 29, 2024
|
|
FBI: RansomHub ransomware breached 210 victims since February
Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. |
August 29, 2024
|
|
Fake Palo Alto GlobalProtect used as lure to backdoor enterprises
Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. |
August 29, 2024
|
|
Windows 10 KB5041582 update released with 5 changes and fixes
Microsoft has released the August 2024 preview update for Windows 10, version 22H2, with fixes for issues causing system freezes and memory leaks. |
August 29, 2024
|
|
Malware exploits 5-year-old zero-day to infect end-of-life IP cameras
The Corona Mirai-based malware botnet is spreading through a 5-year-old remote code execution (RCE) zero-day in AVTECH IP cameras, which have been discontinued for years and will not receive a patch. |
August 29, 2024
|
|
Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors
The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. |
August 28, 2024
|
|
South Korean hackers exploited WPS Office zero-day to deploy malware
The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. |
August 28, 2024
|
|
Employee arrested for locking Windows admins out of 254 servers in extortion plot
A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. |
August 28, 2024
|
|
US offers $2.5 million reward for hacker linked to Angler Exploit Kit
The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. |
August 28, 2024
|
|
PoorTry Windows driver evolves into a full-featured EDR wiper
The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. |
August 28, 2024
|
|
New Tickler malware used to backdoor US govt, defense orgs
The APT33 Iranian hacking group has used new Tickler malware to backdoor the networks of organizations in the government, defense, satellite, oil and gas sectors in the United States and the United Arab Emirates. |
August 28, 2024
|
|
Iranian hackers work with ransomware gangs to extort breached orgs
An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. |
August 28, 2024
|
|
Google increases Chrome bug bounty rewards up to $250,000
Google has more than doubled payouts for Google Chrome security flaws reported through its Vulnerability Reward Program, with the maximum possible reward for a single bug now exceeding $250,000. |
August 28, 2024
|
|
Fortra fixes critical FileCatalyst Workflow hardcoded password issue
Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. |
August 28, 2024
|
|
DICK’s Sporting Goods says confidential data exposed in cyberattack
DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. |
August 28, 2024
|
|
It's down to the wire—but you don’t have to miss mWISE
For just a few days, the mWise cybersecurity conference is rolling back registration pricing to the Early Bird rate. Hurry, sale ends Wednesday, September 4. Learn more from mWISE Conference on how to get this discount. |
August 27, 2024
|
|
BlackSuit ransomware stole data of 950,000 from software vendor
Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. |
August 27, 2024
|
|
US Marshals Service disputes ransomware gang's breach claims
The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday. |
August 27, 2024
|
|
Windows 11 KB5041587 update adds sharing to Android devices
Microsoft has released the optional KB5041587 preview cumulative update for Windows 11 23H2 and 22H2, which adds sharing to Android devices and fixes multiple File Explorer issues. |
August 27, 2024
|
|
Notion exits Russia and will terminate accounts in September
Notion has announced it will exit the Russian market and is terminating all workspaces and accounts identified linked to users in the country. |
August 27, 2024
|
|
Malware infiltrates Pidgin messenger’s official plugin repository
The Pidgin messaging app removed the ScreenShareOTR plugin from its official third-party plugin list after it was discovered that it was used to install keyloggers, information stealers, and malware commonly used to gain initial access to corporate networks. |
August 27, 2024
|
|
Windows Downdate tool lets you 'unpatch' Windows systems
SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems. |
August 27, 2024
|
|
Park’N Fly notifies 1 million customers of data breach
Park'N Fly is warning that a data breach exposed the personal and account information of 1 million customers in Canada after hackers breached its network. |
August 27, 2024
|
|
How to identify unknown assets while pen testing
External Attack Surface Management (EASM) coupled with Penetration Testing as a Service (PTaaS) can help find those blind spots and hidden assets exposed on your network. Learn more from Outpost24 about how combining EASM and PTaaS can help reveal these hidden pitfalls. |
August 27, 2024
|
|
Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs
The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. |
August 27, 2024
|
|
Microsoft Sway abused in massive QR code phishing campaign
A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. |
August 26, 2024
|
|
Google tags a tenth Chrome zero-day as exploited this year
Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. |
August 26, 2024
|
|
Patelco notifies 726,000 customers of ransomware data breach
Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year. |
August 26, 2024
|
|
Microsoft: Exchange Online mistakenly tags emails as malware
Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. |
August 26, 2024
|
|
Uber fined $325 million for moving driver data from Europe to US
The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. |
August 26, 2024
|
|
Versa fixes Director zero-day vulnerability exploited in attacks
Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. |
August 26, 2024
|
|
SonicWall warns of critical access control flaw in SonicOS
SonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash. |
August 26, 2024
|
|
Remote Work: A Ticking Time Bomb Waiting to be Exploited
ThreatLocker has created a list of the top 15 actions to secure an organization if employing a remote or hybrid workforce. Learn more in this free e-book from ThreatLocker. |
August 26, 2024
|
|
Seattle-Tacoma Airport IT systems down due to a cyberattack
The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. |
August 25, 2024
|
|
Audit finds notable security gaps in FBI's storage media management
An audit from the Department of Justice's Office of the Inspector General (OIG) identified "significant weaknesses" in FBI's inventory management and disposal of electronic storage media containing sensitive and classified information. |
August 24, 2024
|
|
Stealthy 'sedexp' Linux malware evaded detection for two years
A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. |
August 23, 2024
|
|
American Radio Relay League confirms $1 million ransom payment
The American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack |
August 23, 2024
|
|
Microsoft shares temp fix for Linux boot issues on dual-boot systems
Microsoft shared a workaround for Linux boot issues triggered by August security updates on dual-boot systems with Secure Boot enabled |
August 23, 2024
|
|
New Windows 10 22H2 beta fixes memory leaks and crashes
Microsoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. |
August 23, 2024
|
|
Hackers now use AppDomain Injection to drop CobaltStrike beacons
A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. |
August 23, 2024
|
|
US oil giant Halliburton confirms cyberattack behind systems shutdown
Halliburton, one of the world's largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. |
August 23, 2024
|
|
Russian laundering millions for Lazarus hackers arrested in Argentina
The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' |
August 23, 2024
|
|
Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years
A developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account security solutions and allows bot-led CAPTCHA solving at scale. |
August 22, 2024
|
|
Hackers are exploiting critical bug in LiteSpeed Cache plugin
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. |
August 22, 2024
|
|
Qilin ransomware now steals credentials from Chrome browsers
The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. |
August 22, 2024
|
|
Microsoft: August updates cause Windows Server boot issues, freezes
Microsoft has confirmed and fixed a known issue causing performance issues, boot problems, and freezes on Windows Server 2019 systems after installing the August 2024 security updates. |
August 22, 2024
|
|
New NGate Android malware uses NFC chip to steal credit card data
A new Android malware named NGate can steal money from payment cards by relaying to an attacker's device the data read by the near-field communication (NFC) chip. |
August 22, 2024
|
|
Microsoft confirms August updates break Linux boot in dual-boot systems
Microsoft has confirmed the August 2024 Windows security updates are causing Linux booting issues on dual-boot systems with Secure Boot enabled. |
August 22, 2024
|
|
SolarWinds fixes hardcoded credentials flaw in Web Help Desk
SolarWinds has released a hotfix for a critical Web Help Desk vulnerability that allows attackers to log into unpatched systems using hardcoded credentials. |
August 22, 2024
|
|
U.S. charges Karakurt extortion gang’s “cold case” negotiator
A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. |
August 21, 2024
|
|
Man sentenced for hacking state registry to fake his own death
A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. |
August 21, 2024
|
|
Google fixes ninth Chrome zero-day exploited in attacks this year
Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one exploited in attacks this year. |
August 21, 2024
|
|
Hackers steal banking creds from iOS, Android users via PWA apps
Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. |
August 21, 2024
|
|
Microsoft to roll out Windows Recall to Insiders in October
Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. |
August 21, 2024
|
|
QNAP adds NAS ransomware protection to latest QTS version
Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. |
August 21, 2024
|
|
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. |
August 21, 2024
|
|
Phrack hacker zine publishes new edition after three years
Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. |
August 21, 2024
|
|
GitHub Enterprise Server vulnerable to critical auth bypass flaw
A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. |
August 20, 2024
|
|
CannonDesign confirms Avos Locker ransomware data breach
The Cannon Corporation dba CannonDesign is sending notices of a data breach to more than 13,000 of its clients, informing that hackers breached and stole data from its network in an attack in early 2023. |
August 20, 2024
|
|
Microchip Technology discloses cyberattack impacting operations
American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. |
August 20, 2024
|
|
Microsoft launches unified Teams app for personal, work accounts
Microsoft has launched a new unified Teams application that allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps. |
August 20, 2024
|
|
Hackers use PHP exploit to backdoor Windows systems with new malware
Unknown attackers have deployed a newly discovered backdoor dubbed Msupedge on a university's Windows systems in Taiwan, likely by exploiting a recently patched PHP remote code execution vulnerability (CVE-2024-4577). |
August 20, 2024
|
|
Oregon Zoo warns visitors their credit card details were stolen
Oregon Zoo is informing that visitors who purchased tickets online between December and June had their payment card information compromised. |
August 20, 2024
|
|
August Windows updates break dual boot on some Linux systems
According to user reports following this month's Patch Tuesday, the August 2024 Windows updates are breaking dual boot on some Linux systems with Secure Boot enabled. |
August 20, 2024
|
|
Hacker locks Unicoin staff out of Google accounts for 4 days
A hacker compromised Unicoin's Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, locking them out of their corporate accounts for days. |
August 20, 2024
|
|
US warns of Iranian hackers escalating influence operations
The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. |
August 19, 2024
|
|
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. |
August 19, 2024
|
|
Toyota confirms breach after stolen data leaks on hacking forum
Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum. |
August 19, 2024
|
|
Ransomware rakes in record-breaking $450 million in first half of 2024
Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. |
August 19, 2024
|
|
CISA warns of Jenkins RCE bug exploited in ransomware attacks
CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. |
August 19, 2024
|
|
Hackers linked to $14M Holograph crypto heist arrested in Italy
Suspected hackers behind the heist of $14,000,000 worth of cryptocurrency from blockchain tech firm Holograph was arrested in Italy after living a lavish lifestyle for weeks in the country. |
August 19, 2024
|
|
FlightAware configuration error leaked user data for years
Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. |
August 18, 2024
|
|
Windows 11 preview update adds new Power mode options
Windows 11 Build 27686 has a few noteworthy improvements, such as 2TB support for FAT32 storage. It also improves Windows Sandbox and offers greater control over HDR settings, but there's an undocumented change - the ability to set power mode for two power states. |
August 18, 2024
|
|
Chrome will redact credit cards, passwords when you share Android screen
Google will redact your credit card details, passwords and other sensitive information in Chrome when you're sharing or recording your screen on Android. |
August 17, 2024
|
|
New Mad Liberator gang uses fake Windows update screen to hide data theft
A new data extortion group tracked as Mad Liberator is targeting AnyDesk users and runs a fake Microsoft Windows update screen to distract while exfiltrating data from the target device. |
August 17, 2024
|
|
Azure domains and Google abused to spread disinformation and malware
A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. |
August 16, 2024
|
|
Microsoft shares workaround for Outlook crashing after opening
Microsoft has shared a workaround for a known issue affecting Microsoft 365 customers and causing classic Outlook to crash after opening or when starting up in Safe mode. |
August 16, 2024
|
|
Microsoft: Enable MFA or lose access to admin portals in October
Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure users don't lose access to admin portals. |
August 16, 2024
|
|
National Public Data confirms breach exposing Social Security numbers
Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. |
August 16, 2024
|
|
CISA warns critical SolarWinds RCE bug is exploited in attacks
CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. |
August 16, 2024
|
|
Are you blocking "keyboard walk" passwords in your Active Directory?
A common yet overlooked type of weak password are keyboard walk patterns. Learn more from Specops Software on finding and blocking keyboard walk passwords in your organization. |
August 16, 2024
|
|
Microsoft Edge PDF reader is getting more Copilot AI features
Microsoft is improving Copilot integration in the Edge browser with AI-powered smart keywords. This will allow the AI to generate important keywords from the PDF and then help you analyze each topic. |
August 16, 2024
|
|
Windows 11 will finally give you greater control over HDR features
Microsoft has released Windows 11 Build 27686 with some hidden HDR-related changes. |
August 15, 2024
|
|
Microsoft removes FAT32 partition size limit in Windows 11
Microsoft removed today an arbitrary 32GB size limit for FAT32 partitions in the latest Windows 11 Canary build, now allowing for a maximum size of 2TB. |
August 15, 2024
|
|
Ransomware gang deploys new malware to kill security software
RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks |
August 15, 2024
|
|
Microsoft disables BitLocker security fix, advises manual mitigation
Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. |
August 15, 2024
|
|
Microsoft shares temp fix for Outlook, Word crashes when typing
Microsoft has shared a temporary fix for a known issue that causes Microsoft 365 apps like Outlook, Word, and OneNote to unexpectedly crash while typing or spell-checking a text. |
August 14, 2024
|
|
Russian who sold 300,000 stolen credentials gets 40 months in prison
Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. |
August 14, 2024
|
|
Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now
Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. |
August 14, 2024
|
|
GitHub Actions artifacts found leaking auth tokens in popular projects
Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. |
August 14, 2024
|
|
NIST releases first encryption tools to resist quantum computing
The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. |
August 14, 2024
|
|
Microsoft retires Windows updates causing 0x80070643 errors
Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. |
August 14, 2024
|
|
AutoCanada discloses cyberattack impacting internal IT systems
Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. |
August 14, 2024
|
|
SolarWinds fixes critical RCE bug affecting all Web Help Desk versions
A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. |
August 13, 2024
|
|
New Windows SmartScreen bypass exploited as zero-day since March
Today, Microsoft revealed that a Mark of the Web security bypass vulnerability exploited by attackers as a zero-day to bypass SmartScreen protection was patched during the June 2024 Patch Tuesday. |
August 13, 2024
|
|
Critical SAP flaw allows remote attackers to bypass authentication
SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. |
August 13, 2024
|
|
Windows Server August updates fix Microsoft 365 Defender issue
The August 2024 Windows Server updates fix a known issue that breaks multiple Microsoft 365 Defender features after installing last month's security updates. |
August 13, 2024
|
|
Google: Gemini AI for Android processes sensitive data locally
Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit while keeping the most sensitive data locally on the device. |
August 13, 2024
|
|
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. |
August 13, 2024
|
|
Microsoft fixes issue that sent PCs into BitLocker recovery
Microsoft has fixed a known issue causing some Windows devices to boot into BitLocker recovery after installing last month's Windows security updates. |
August 13, 2024
|
|
Windows 11 KB5041585 cumulative update released with fixes, new features
Microsoft has released the KB5041585 cumulative update for Windows 11 23H2, which includes many improvements and changes, including the ability to directly drag apps from the Pinned section of the Start menu and pin them to the taskbar. |
August 13, 2024
|
|
Windows 10 KB5041580 update released with 14 fixes, security updates
Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. |
August 13, 2024
|
|
Ivanti warns of critical vTM auth bypass with public exploit
Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. |
August 13, 2024
|
|
3AM ransomware stole data of 464,000 Kootenai Health patients
Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. |
August 13, 2024
|
|
How to Prevent Your First AI Data Breach
Don't let AI CoPilots be the source of your first data breach. Learn more from Varonis about the challengers of securing your data in the era of gen AI. |
August 13, 2024
|
|
Ransom Cartel, Reveton ransomware owner arrested, charged in US
Belarusian-Ukrainian national Maksim Silnikau was arrested in Spain and is now extradited to the USA to face charges for creating the Ransom Cartel ransomware operation in 2021 and running a malvertising operation from 2013 to 2022. |
August 12, 2024
|
|
X faces GDPR complaints for unauthorized use of data for AI training
European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train "Grok," the social media company's large language model. |
August 12, 2024
|
|
FBI disrupts the Dispossessor ransomware operation, seizes servers
The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation. |
August 12, 2024
|
|
South Korea says DPRK hackers stole spy plane technical data
South Korea's ruling party, People Power Party (PPP), has issued an announcement stating that North Korean hackers have stolen crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes. |
August 12, 2024
|
|
Microsoft is killing the Windows Paint 3D app after 8 years
Microsoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. |
August 12, 2024
|
|
Hackers posing as Ukraine’s Security Service infect 100 govt PCs
Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. |
August 12, 2024
|
|
Australian gold producer Evolution Mining hit by ransomware
Evolution Mining has informed that it has been targeted by a ransomware attack on August 8, 2024, which impacted its IT systems. |
August 12, 2024
|
|
Microsoft shares Outlook workaround for Gmail sign-in issues
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. |
August 12, 2024
|
|
Google deactivates Russian AdSense accounts, sends final payments
Google is notifying Russian YouTubers, bloggers, and publishers that their Adsense accounts are being deactivated and can no longer be used for advertising. |
August 12, 2024
|
|
Criminal IP and Maltego Join Forces for Enhanced Cyber Threat Search
AI SPERA announced today that its IP address intelligence engine, Criminal IP, can now be integrated with Maltego's unified user interface and is available on the Maltego's marketplace, |
August 11, 2024
|
|
Chinese hacking groups target Russian government, IT firms
A series of targeted cyberattacks that started at the end of July 2024, targeting dozens of systems used in Russian government organizations and IT companies, are linked to Chinese hackers of the APT31 and APT 27 groups. |
August 11, 2024
|
|
Fake X content warnings on Ukraine war, earthquakes used as clickbait
X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. |
August 11, 2024
|
|
Hackers leak 2.7 billion data records with Social Security numbers
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases. |
August 10, 2024
|
|
Microsoft: Windows 11 22H2 reaches end of support in 60 days
Microsoft has reminded customers that multiple editions of Windows 11 21H2 and 22H2 will reach the end of servicing in 60 days, on October 8, 2024. |
August 10, 2024
|
|
WWH-Club credit card market admins arrested after cash spending spree
U.S. law enforcement has arrested two suspected admins of the WWH-Club stolen credit card marketplace after they went on a cash spending spree in Florida. |
August 9, 2024
|
|
Russia blocks Signal for 'violating' anti-terrorism laws
Russia's telecommunications watchdog Roskomnadzor has restricted access to the Signal encrypted messaging service for what it describes as violations of Russian anti-terrorism and anti-extremism legislation. |
August 9, 2024
|
|
CSC ServiceWorks discloses data breach after 2023 cyberattack
CSC ServiceWorks, a leading provider of commercial laundry services, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. |
August 9, 2024
|
|
New AMD SinkClose flaw helps install nearly undetectable malware
AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. |
August 9, 2024
|
|
Microsoft discloses Office zero-day, still working on a patch
Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. |
August 9, 2024
|
|
Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs
An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history. |
August 8, 2024
|
|
US dismantles laptop farm used by undercover North Korean IT workers
The U.S. Justice Department arrested a Nashville man charged with helping North Korean IT workers obtain remote work at companies across the United States and operating a laptop farm they used to pose as U.S.-based individuals. |
August 8, 2024
|
|
Cisco warns of critical RCE zero-days in end of life IP phones
Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. |
August 8, 2024
|
|
Microsoft: Exchange 2016 reaches extended end of support in October
Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. |
August 8, 2024
|
|
CISA warns about actively exploited Apache OFBiz RCE flaw
The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. |
August 8, 2024
|
|
Exploit released for Cisco SSM bug allowing admin password changes
Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. |
August 8, 2024
|
|
CISA warns of hackers abusing Cisco Smart Install feature
CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. |
August 8, 2024
|
|
18-year-old security flaw in Firefox and Chrome exploited in attacks
A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network. |
August 8, 2024
|
|
ADT confirms data breach after customer info leaked on hacking forum
ADT Inc. disclosed via a Form 8-K filing at the U.S. Securities and Exchange Commission (SEC) that hackers have gained access to its systems, which hold customer order details. |
August 7, 2024
|
|
Ronin Network hacked, $12 million returned by "white hat" hackers
Gambling blockchain Ronin Network suffered a security incident yesterday when white hat hackers exploited an undocumented vulnerability on the Ronin bridge to withdraw 4,000 ETH and 2 million USDC, totaling $12 million. |
August 7, 2024
|
|
SEC ends probe into MOVEit attacks impacting 95 million people
The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. |
August 7, 2024
|
|
FBI: BlackSuit ransomware made over $500 million in ransom demands
CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. |
August 7, 2024
|
|
New CMoon USB worm targets Russians in data theft attacks
A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. |
August 7, 2024
|
|
Windows Update downgrade attack "unpatches" fully-updated systems
SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities |
August 7, 2024
|
|
McLaren hospitals disruption linked to INC ransomware attack
On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. |
August 7, 2024
|
|
UK IT provider faces $7.7 million fine for 2022 ransomware breach
The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. |
August 7, 2024
|
|
macOS Sequoia brings better Gatekeeper, stalkerware protections
Apple's macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. |
August 7, 2024
|
|
Critical Progress WhatsUp RCE flaw now under active exploitation
Threat actors are actively attempting to exploit a recently fixed Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. |
August 7, 2024
|
|
How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply
With skilled CISOs in short supply, service providers are turning to virtual CISOs. A new eBook by Cynomi explains how service providers/MSPs can quickly and easily expand vCISO service offerings to their customers. |
August 7, 2024
|
|
Microsoft 365 anti-phishing feature can be bypassed with CSS
Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` |
August 6, 2024
|
|
Google Chrome will let you send money to your favourite website
Google has confirmed plans to implement Web Monetization in Chrome, allowing website owners to receive micro-payments as tips or rewards for their content as an additional way to generate revenue. |
August 6, 2024
|
|
INTERPOL recovers over $40 million stolen in a BEC attack
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. |
August 6, 2024
|
|
Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault
Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. |
August 6, 2024
|
|
France's Grand Palais discloses cyberattack during Olympic games
The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. |
August 6, 2024
|
|
Hacker wipes 13,000 devices after breaching classroom management platform
A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. |
August 6, 2024
|
|
Point of entry: Why hackers target stolen credentials for initial access
Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. |
August 6, 2024
|
|
Proton VPN adds ‘Discreet Icons’ to hide app on Android devices
Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. |
August 5, 2024
|
|
Google fixes Android kernel zero-day exploited in targeted attacks
Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. |
August 5, 2024
|
|
Ransomware gang targets IT workers with new SharpRhino malware
The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. |
August 5, 2024
|
|
Microsoft Azure outage takes down services across North America
Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. |
August 5, 2024
|
|
Crowdstrike: Delta Air Lines refused free help to resolve IT outage
The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. |
August 5, 2024
|
|
Windows Smart App Control, SmartScreen bypass exploited since 2018
A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. |
August 5, 2024
|
|
North Korean hackers exploit VPN update flaw to install malware
South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. |
August 5, 2024
|
|
Keytronic reports losses of over $17 million after ransomware attack
Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. |
August 5, 2024
|
|
New LianSpy malware hides by blocking Android security feature
A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. |
August 5, 2024
|
|
Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024
There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. |
August 4, 2024
|
|
Surge in Magniber ransomware attacks impact home users worldwide
|
August 3, 2024
|
|
Linux kernel impacted by new SLUBStick cross-cache attack
A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. |
August 3, 2024
|
|
Hackers breach ISP to poison software updates with malware
A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. |
August 2, 2024
|
|
US sues TikTok for violating children privacy protection laws
The U.S. Department of Justice has filed a lawsuit against social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children's privacy laws. |
August 2, 2024
|
|
Google Chrome bug breaks drag and drop from Downloads bubble
A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. |
August 2, 2024
|
|
Google Chrome warns uBlock Origin may soon be disabled
Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled |
August 2, 2024
|
|
Fake AI editor ads on Facebook push password-stealing malware
A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. |
August 2, 2024
|
|
Cryptonator seized for laundering ransom payments, stolen crypto
U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. |
August 2, 2024
|
|
DuckDuckGo blocked in Indonesia over porn, gambling search results
Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results. |
August 2, 2024
|
|
CrowdStrike sued by investors over massive global IT outage
Cybersecurity company CrowdStrike has been sued by investors who say it provided false claims about its Falcon platform after a bad security update led to a massive global IT outage causing the stock price to tumble almost 38%. |
August 1, 2024
|
|
Twilio kills off Authy for desktop, forcibly logs out all users
Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. |
August 1, 2024
|
|
Tech support scam ring leader gets 7 years in prison, $6M fine
The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. |
August 1, 2024
|
|
StackExchange abused to spread malicious PyPi packages as answers
Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. |
August 1, 2024
|
|
Hackers abuse free TryCloudflare to deliver remote access malware
Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). |
August 1, 2024
|
|
UK takes down major 'Russian Coms' caller ID spoofing platform
The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. |
August 1, 2024
|
|
Sitting Ducks DNS attacks let hackers hijack over 35,000 domains
Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. |
August 1, 2024
|
|
Cencora confirms patient health info stolen in February attack
Pharmaceutical giant Cencora has confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyberattack. |
August 1, 2024
|
|
FBI warns of scammers posing as crypto exchange employees
The Federal Bureau of Investigation (FBI) warns of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims. |
July 31, 2024
|
|
Credit card users get mysterious shopify-charge.com charges
People worldwide report seeing mysterious $1 or $0 charges from Shopify-charge.com appearing on their credit card bills, even when they did not attempt to purchase anything. |
July 31, 2024
|
|
DigiCert to delay cert revocations for critical infrastructure
DigiCert urges critical infrastructure operators to request a delay if they cannot reissue their certificates, as required by an ongoing certificate mass-revocation process announced on Tuesday. |
July 31, 2024
|
|
OneBlood's virtual machines encrypted in ransomware attack
OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack. |
July 31, 2024
|
|
CISA and FBI: DDoS attacks won’t impact US election integrity
CISA and the FBI said today that Distributed Denial of Service (DDoS) attacks targeting election infrastructure will, at most, hinder public access to information but will have no impact on the integrity or security of the 2024 U.S. general election processes. |
July 31, 2024
|
|
Google ads push fake Google Authenticator site installing malware
Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. |
July 31, 2024
|
|
World leading silver producer Fresnillo discloses cyberattack
Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack. |
July 31, 2024
|
|
New Android malware wipes your device after draining bank accounts
A new Android malware that researchers call 'BingoMod' can wipe devices after successfully stealing money from the victims' bank accounts using the on-device fraud technique. |
July 31, 2024
|
|
Fraud ring pushes 600+ fake web shops via Facebook ads
A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors' personal and financial information. |
July 31, 2024
|
|
Microsoft says massive Azure outage was caused by DDoS attack
Microsoft confirmed today that a nine-hour outage on Tuesday, which took down and disrupted multiple Microsoft 365 and Azure services worldwide, was triggered by a distributed denial-of-service (DDoS) attack. |
July 30, 2024
|
|
Massive SMS stealer campaign infects Android devices in 113 countries
A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. |
July 30, 2024
|
|
Dark Angels ransomware receives record-breaking $75 million ransom
A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. |
July 30, 2024
|
|
CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. |
July 30, 2024
|
|
Black Basta ransomware switches to more evasive custom malware
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to evade detection and spread throughout a network. |
July 30, 2024
|
|
Google Chrome adds app-bound encryption to block infostealer malware
Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. |
July 30, 2024
|
|
Columbus investigates whether data was stolen in ransomware attack
The City of Columbus, Ohio, says it's investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City's services. |
July 30, 2024
|
|
DigiCert mass-revoking TLS certificates due to domain validation bug
DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. |
July 30, 2024
|
|
Is your password policy working? Key cybersecurity KPIs to measure
Are your password policies having a positive impact on the cybersecurity posture of your org? Learn more from Specops Software about how to align password policies with wider cybersecurity KPIs. |
July 30, 2024
|
|
Microsoft 365 and Azure outage takes down multiple services
Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. |
July 30, 2024
|
|
UK govt links 2021 Electoral Commission breach to Exchange server
The United Kingdom's Information Commissioner's Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. |
July 29, 2024
|
|
Android spyware 'Mandrake' hidden in apps on Google Play since 2022
A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. |
July 29, 2024
|
|
New Specula tool uses Outlook for remote code execution in Windows
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. |
July 29, 2024
|
|
Apple iOS 18.1 Beta previews Apple Intelligence for the first time
Apple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released for testing in the public previews. |
July 29, 2024
|
|
Former Avaya employee gets 4 years for $88M license piracy scheme
Three individuals who orchestrated a massive-scale pirate operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have received imprisonment sentences. |
July 29, 2024
|
|
Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. |
July 29, 2024
|
|
HealthEquity says data breach impacts 4.3 million people
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. |
July 29, 2024
|
|
Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. |
July 28, 2024
|
|
Misconfigured Selenium Grid servers abused for Monero mining
Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency. |
July 27, 2024
|
|
Windows 11 taskbar has a hidden "End Task" feature, how to turn it on
Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar. |
July 27, 2024
|
|
X begins training Grok AI with your posts, here's how to disable
X has quietly begun training its Grok AI chat platform using members' public posts without first alerting anyone that it is doing it by default. Here's how to block Grok from using your data. |
July 27, 2024
|
|
WhatsApp for Windows lets Python, PHP scripts execute with no warning
A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. |
July 26, 2024
|
|
Crypto exchange Gemini discloses third-party data breach
Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. |
July 26, 2024
|
|
Google fixes Chrome Password Manager bug that hides credentials
Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. |
July 26, 2024
|
|
FBCS data breach impact now reaches 4.2 million people
Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. |
July 26, 2024
|
|
July Windows Server updates break Remote Desktop connections
Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. |
July 26, 2024
|
|
Acronis warns of Cyber Infrastructure default password abused in attacks
Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. |
July 26, 2024
|
|
Russian ransomware gangs account for 69% of all ransom proceeds
Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. |
July 25, 2024
|
|
PKfail Secure Boot bypass lets attackers install UEFI malware
Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. |
July 25, 2024
|
|
Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. |
July 25, 2024
|
|
Windows 11 KB5040527 update fixes Windows Backup failures
Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. |
July 25, 2024
|
|
US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks
The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker. |
July 25, 2024
|
|
Meta nukes massive Instagram sextortion network of 63,000 accounts
Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. |
July 25, 2024
|
|
Progress warns of critical RCE bug in Telerik Report Server
Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. |
July 25, 2024
|
|
French police push PlugX malware self-destruct payload to clean PCs
The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. |
July 25, 2024
|
|
Why Multivendor Cybersecurity Stacks Are Increasingly Obsolete
Multivendor tech stacks are costly and complex to integrate and manage. Learn more from Cynet about how an All-in-One approach reduces costs for MSPs and SMEs, while offering increased security. |
July 24, 2024
|
|
Over 3,000 GitHub accounts used by malware distribution service
Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. |
July 24, 2024
|
|
Docker fixes critical 5-year old authentication bypass flaw
Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. |
July 24, 2024
|
|
Microsoft fixes bug behind Windows 10 Connected Cache delivery issues
Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. |
July 24, 2024
|
|
KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack
American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. |
July 24, 2024
|
|
Google Chrome now warns about risky password-protected archives
Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. |
July 24, 2024
|
|
CrowdStrike: 'Content Validator' bug let faulty update pass checks
CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. |
July 24, 2024
|
|
Hot topics: Can’t-miss sessions at Mandiant’s 2024 mWISE event
Now that the mWISE 2024 session catalog is out, it's time to take a closer look at the topics. Learn more from @mWISEConference about the three hottest tracks in this year's conference. |
July 24, 2024
|
|
Windows July security updates send PCs into BitLocker recovery
Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. |
July 24, 2024
|
|
BreachForums v1 database leak is an OPSEC test for hackers
The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. |
July 23, 2024
|
|
Chinese hackers deploy new Macma macOS backdoor version
The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. |
July 23, 2024
|
|
Hamster Kombat’s 250 million players targeted in malware attacks
Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. |
July 23, 2024
|
|
Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak
Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. |
July 23, 2024
|
|
DeFi exchange dYdX v3 website hacked in DNS hijack attack
Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. |
July 23, 2024
|
|
BreachForums v1 hacking forum data leak exposes members’ info
The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. |
July 23, 2024
|
|
FrostyGoop malware attack cut off heat in Ukraine during winter
Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. |
July 23, 2024
|
|
Verizon to pay $16 million in TracFone data breach settlement
Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. |
July 23, 2024
|
|
Fake CrowdStrike repair manual pushes new infostealer malware
CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. |
July 22, 2024
|
|
Greece’s Land Registry agency breached in wave of 400 cyberattacks
The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week. |
July 22, 2024
|
|
Google rolls back decision to kill third-party cookies in Chrome
Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a new browser experience to allows users to limit how these cookies are used. |
July 22, 2024
|
|
US sanctions Russian hacktivists who breached water facilities
The US government has imposed sanctions on two Russian cybercriminals for cyberattacks targeting critical infrastructure. |
July 22, 2024
|
|
New Play ransomware Linux version targets VMware ESXi VMs
Play ransomware is the latest ransomware gang to start deploying a dedicated Linux locker for encrypting VMware ESXi virtual machines. |
July 22, 2024
|
|
Police infiltrates, takes down DigitalStress DDoS-for-hire service
DDoS-for-hire service DigitalStress was taken down on July 2 in a joint law enforcement operation led by the United Kingdom's National Crime Agency (NCA). |
July 22, 2024
|
|
Telegram zero-day allowed sending malicious Android APKs as videos
A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. |
July 22, 2024
|
|
Los Angeles Superior Court shuts down after ransomware attack
The largest trial court in the United States, the Superior Court of Los Angeles County, closed all 36 courthouse locations on Monday to restore systems affected by a Friday ransomware attack. |
July 22, 2024
|
|
End-user cybersecurity errors that can cost you millions
An innocent mistake can lead to a corporate nightmare. Learn from Specops Software about five of the most frequent cybersecurity blunders that can let attackers breach a network. |
July 22, 2024
|
|
Spain arrests three for using DDoSia hacktivist platform
The Spanish authorities have arrested three individuals for using DDoSia, a distributed denial of service platform operated by pro-Russian hacktivists, to conduct DDoS attacks against governments and organizations in NATO countries. |
July 21, 2024
|
|
Microsoft releases Windows repair tool to remove CrowdStrike driver
Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. |
July 21, 2024
|
|
Fake CrowdStrike updates target companies with malware, data wipers
Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. |
July 20, 2024
|
|
UK arrests suspected Scattered Spider hacker linked to MGM attack
UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. |
July 20, 2024
|
|
Microsoft confirms CrowdStrike update also hit Windows 365 PCs
Microsoft says the faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable. |
July 19, 2024
|
|
MediSecure: Ransomware gang stole data of 12.9 million people
MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. |
July 19, 2024
|
|
CrowdStrike update crashes Windows systems, causes outages worldwide
A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. |
July 19, 2024
|
|
Russians plead guilty to involvement in LockBit ransomware attacks
Two Russian nations have pleaded guilty to involvement in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. |
July 19, 2024
|
|
Major Microsoft 365 outage caused by Azure configuration change
Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. |
July 18, 2024
|
|
Revolver Rabbit gang registers 500,000 domains for malware campaigns
A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. |
July 18, 2024
|
|
SolarWinds fixes 8 critical bugs in access rights audit software
SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. |
July 18, 2024
|
|
Microsoft fixes bug blocking Windows 11 Photos from starting
Microsoft has fixed a known issue preventing the Microsoft Photos app from starting on some Windows 11 22H2 and 23H2 systems. |
July 18, 2024
|
|
Critical Cisco bug lets hackers add root users on SEG devices
Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. |
July 18, 2024
|
|
Microsoft: Windows 11 23H2 now available for all eligible devices
Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. |
July 17, 2024
|
|
Notorious FIN7 hackers sell EDR killer to other threat actors
The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. |
July 17, 2024
|
|
Exchange Online adds Inbound DANE with DNSSEC for security boost
Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. |
July 17, 2024
|
|
Cisco SSM On-Prem bug lets hackers change any user's password
Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. |
July 17, 2024
|
|
Over 400,000 Life360 user phone numbers leaked via unsecured API
A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. |
July 17, 2024
|
|
Yacht giant MarineMax data breach impacts over 123,000 people
MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. |
July 17, 2024
|
|
5 steps to automate user access reviews and simplify IT compliance
While SaaS tools are a boon for worker productivity, they introduce complexity when it comes to IT audits and compliance. Learn more from Nudge Security about automating user access reviews to simplify this process. |
July 16, 2024
|
|
Kaspersky offers free security software for six months in U.S. goodbye
Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. |
July 16, 2024
|
|
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. |
July 16, 2024
|
|
Email addresses of 15 million Trello users leaked on hacking forum
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. |
July 16, 2024
|
|
Microsoft announces new Windows 'checkpoint' cumulative updates
Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. |
July 16, 2024
|
|
Rite Aid says June data breach impacts 2.2 million people
Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." |
July 16, 2024
|
|
Microsoft links Scattered Spider hackers to Qilin ransomware attacks
Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. |
July 16, 2024
|
|
Microsoft finally fixes Outlook alerts bug caused by December updates
Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. |
July 15, 2024
|
|
Kaspersky is shutting down its business in the United States
Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. |
July 15, 2024
|
|
New BugSleep malware implant deployed in MuddyWater attacks
The Iranian-backed MuddyWatter hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. |
July 15, 2024
|
|
Microsoft shares temp fix for Windows 11 Photos not launching
Microsoft has provided a temporary workaround for a known issue preventing the Microsoft Photos app from launching on some Windows 11 systems. |
July 15, 2024
|
|
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. |
July 15, 2024
|
|
June Windows Server updates break Microsoft 365 Defender features
Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. |
July 15, 2024
|
|
Facebook ads for Windows desktop themes push info-stealing malware
Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. |
July 14, 2024
|
|
Banks in Singapore to phase out one-time passwords in 3 months
The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. |
July 13, 2024
|
|
Hackers use PoC exploits in attacks 22 minutes after release
Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. |
July 13, 2024
|
|
Microsoft fixes bug causing Windows Update automation issues
Microsoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems. |
July 12, 2024
|
|
Critical Exim bug bypasses security filters on 1.5 million mail servers
Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. |
July 12, 2024
|
|
Rite Aid confirms data breach after June ransomware attack
Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. |
July 12, 2024
|
|
DNS hijacks target crypto platforms registered with Squarespace
A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. |
July 12, 2024
|
|
Netgear warns users to patch auth bypass, XSS router flaws
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. |
July 12, 2024
|
|
Massive AT&T data breach exposes call logs of 109 million customers
AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. |
July 11, 2024
|
|
ARRL finally confirms ransomware gang stole data in cyberattack
The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." |
July 11, 2024
|
|
Signal downplays encryption key flaw, fixes it after X drama
Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. |
July 11, 2024
|
|
Google increases bug bounty rewards five times, up to $151K
Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. |
July 11, 2024
|
|
Dallas County: Data of 200,000 exposed in 2023 ransomware attack
Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. |
July 11, 2024
|
|
CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool
A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. |
July 11, 2024
|
|
Advance Auto Parts data breach impacts 2.3 million people
Advance Auto Parts is sending data breach notifications to over 2.3 million people whose personal data was stolen in recent Snowflake data theft attacks. |
July 10, 2024
|
|
Microsoft 365, Office users hit by wave of ‘30088-27’ update errors
Over the last month, Microsoft 365 and Microsoft Office users have been experiencing "30088-27" errors when attempting to update the application. |
July 10, 2024
|
|
Huione Guarantee exposed as a $11 billion marketplace for cybercrime
The seemingly legitimate online marketplace Huione Guarantee is being used as a platform for laundering money from online scams, especially "pig butchering" investment fraud, researchers say. |
July 10, 2024
|
|
GitLab: Critical bug lets attackers run pipelines as other users
GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. |
July 10, 2024
|
|
ViperSoftX malware covertly runs PowerShell using AutoIT scripting
The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. |
July 10, 2024
|
|
CISA urges devs to weed out OS command injection vulnerabilities
CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. |
July 10, 2024
|
|
Japan warns of attacks linked to North Korean Kimsuky hackers
Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors. |
July 10, 2024
|
|
Windows MSHTML zero-day used in malware attacks for over a year
Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. |
July 10, 2024
|
|
Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes
Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. |
July 10, 2024
|
|
Ticket Heist network of 700 domains sells fake Olympic Games tickets
A large-scale fraud campaign with over 700 domain names is likely targeting Russian-speaking users looking to purchase tickets for the Summer Olympics in Paris. |
July 10, 2024
|
|
Google Advanced Protection Program gets passkeys for high-risk users
Google announced today that passkeys are now available for high-risk users when enrolling in the Advanced Protection Program, which provides the strongest level of account security. |
July 9, 2024
|
|
US disrupts AI-powered bot farm pushing Russian propaganda on X
Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. |
July 9, 2024
|
|
New Blast-RADIUS attack bypasses widely-used RADIUS authentication
Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. |
July 9, 2024
|
|
Fujitsu confirms customer data exposed in March cyberattack
Fujitsu confirms that information related to some individuals and customers' business has been compromised during the data breach detected earlier this year. |
July 9, 2024
|
|
Windows 10 KB5040427 update released with Copilot changes, 12 other fixes
Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed. |
July 9, 2024
|
|
Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days
Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. |
July 9, 2024
|
|
Windows 11 KB5040435 update released with 31 fixes, changes
Microsoft is rolling out the KB5040442 cumulative update for Windows 11 23H3, which includes up to thirty-two improvements and changes. The changes include a new feature that adds back the "Show Desktop" button, which Copilot replaced. |
July 9, 2024
|
|
Hackers target WordPress calendar plugin used by 150,000 sites
Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. |
July 9, 2024
|
|
City of Philadelphia says over 35,000 hit in May 2023 breach
The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. |
July 9, 2024
|
|
Chinese APT40 hackers hijack SOHO routers to launch attacks
An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. |
July 9, 2024
|
|
Evolve Bank says data breach impacts 7.6 million Americans
Evolve Bank & Trust (Evolve) is sending notices of a data breach to 7.6 million Americans whose data was stolen during a recent LockBit ransomware attack. |
July 8, 2024
|
|
Computer maker Zotac exposed customers' RMA info on Google Search
Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. |
July 8, 2024
|
|
Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events
In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. |
July 8, 2024
|
|
Neiman Marcus data breach: 31 million email addresses found exposed
A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. |
July 8, 2024
|
|
Microsoft: Windows 11 22H2 reaches end of service in October
Microsoft reminded customers today that multiple editions of Windows 11, version 22H2, will reach the end of servicing (EOS) in three months, on October 8, 2024. |
July 8, 2024
|
|
Avast releases free decryptor for DoNex ransomware and past variants
Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. |
July 8, 2024
|
|
Russia forces Apple to remove dozens of VPN apps from App Store
Apple has removed 25 virtual private network (VPN) apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog. |
July 8, 2024
|
|
Notepad finally gets spellcheck, autocorrect for all Windows 11 users
Microsoft has finally released a spell check and autocorrect feature in Notepad for all Windows 11 users, forty-one years after the program was introduced in 1983. |
July 8, 2024
|
|
RCE bug in widely used Ghostscript library now exploited in attacks
A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. |
July 8, 2024
|
|
CloudSorcerer hackers abuse cloud services to steal Russian govt data
A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. |
July 8, 2024
|
|
Roblox vendor data breach exposes dev conference attendee info
Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. |
July 7, 2024
|
|
Europol says Home Routing mobile encryption feature aids criminals
Europol is proposing solutions to avoid challenges posed by privacy-enhancing technologies in Home Routing that hinder law enforcement's ability to intercept communications during criminal investigations. |
July 7, 2024
|
|
Shopify denies it was hacked, links stolen data to third-party app
E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. |
July 5, 2024
|
|
Cloudflare blames recent outage on BGP hijacking incident
Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. |
July 5, 2024
|
|
Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion
Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. |
July 5, 2024
|
|
New Eldorado ransomware targets Windows, VMware ESXi VMs
A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. |
July 4, 2024
|
|
Ethereum mailing list breach exposes 35,000 to crypto draining attack
A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. |
July 4, 2024
|
|
Hackers attack HFS servers to drop malware and Monero miners
Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. |
July 3, 2024
|
|
HealthEquity data breach exposes protected health information
Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. |
July 3, 2024
|
|
OVHcloud blames record-breaking DDoS attack on MikroTik botnet
OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). |
July 3, 2024
|
|
Hackers abused API to verify millions of Authy MFA phone numbers
Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. |
July 3, 2024
|
|
Formula 1 governing body discloses data breach after email hacks
FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. |
July 3, 2024
|
|
Infostealer malware logs used to identify child abuse website members
Thousands of pedophiles who download and share child sexual abuse material (CSAM) were identified through information-stealing malware logs leaked on the dark web, highlighting a new dimension of using stolen credentials in law enforcement investigations. |
July 3, 2024
|
|
Europol takes down 593 Cobalt Strike servers used by cybercriminals
Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. |
July 3, 2024
|
|
Proton launches free, privacy-focused Google Docs alternative
Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. |
July 2, 2024
|
|
Xbox is down worldwide with users unable to login, play games
The Xbox gaming service is currently down due to a major outage, impacting customers worldwide and preventing them from signing into their accounts and playing games. |
July 2, 2024
|
|
Google now pays $250,000 for KVM zero-day vulnerabilities
Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. |
July 2, 2024
|
|
Patelco shuts down banking systems following ransomware attack
Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. |
July 2, 2024
|
|
Affirm says cardholders impacted by Evolve Bank data breach
Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). |
July 2, 2024
|
|
Google Pixel 6 series phones bricked after factory reset
Multiple owners of Google Pixel 6 series phones (6, 6a, 6 Pro) have been reporting in the past week that their devices were "bricked" after they performed a factory reset. |
July 1, 2024
|
|
Prudential Financial now says 2.5 million impacted by data breach
Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. |
July 1, 2024
|
|
CDK Global says all dealers will be back online by Thursday
CDK Global says that its dealer management system (DMS), impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships. |
July 1, 2024
|
|
Australian charged for ‘Evil Twin’ WiFi attack on plane
An Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials. |
July 1, 2024
|
|
Cisco warns of NX-OS zero-day exploited to deploy custom malware
Cisco has patched an NX-OS zero-day exploited in April attacks to install previously unknown malware as root on vulnerable switches. |
July 1, 2024
|
|
Latest Intel CPUs impacted by new Indirector side-channel attack
Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. |
July 1, 2024
|
|
New regreSSHion OpenSSH RCE bug gives root on Linux servers
A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. |
July 1, 2024
|
|
Router maker's support portal responds with MetaMask phishing
BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. |
June 30, 2024
|
|
Google Chrome to let Isolated Web App access sensitive USB devices
Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. |
June 30, 2024
|
|
Juniper releases out-of-cycle fix for max severity auth bypass flaw
Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. |
June 30, 2024
|
|
Dev rejects CVE severity, makes his GitHub repo read-only
The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects. |
June 30, 2024
|
|
Fake IT support sites push malicious PowerShell scripts as Windows fixes
Fake IT support sites promote malicious PowerShell "fixes" for common Windows errors, like the 0x80070643 error, to infect devices with information-stealing malware. |
June 29, 2024
|
|
Microsoft resumes rollout of Windows 11 KB5039302 update for most users
Microsoft has resumed the rollout of the June Windows 11 KB5039302 update, now blocking the update only for those using virtualization software. |
June 29, 2024
|
|
Hackers exploit critical D-Link DIR-859 router flaw to steal passwords
Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. |
June 29, 2024
|
|
Meet Brain Cipher — The new ransomware behind Indonesia's data center attack
The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center. |
June 28, 2024
|
|
Infosys McCamish says LockBit stole data of 6 million people
Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. |
June 28, 2024
|
|
Dairy giant Agropur says data breach exposed customer info
Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. |
June 28, 2024
|
|
Ticketmaster sends notifications about recent massive data breach
Ticketmaster has started to notify customers who were impacted by a data breach after hackers stole the company's Snowflake database, containing the data of millions of people. |
June 28, 2024
|
|
TeamViewer links corporate cyberattack to Russian state hackers
RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. |
June 28, 2024
|
|
Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator
The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion. |
June 27, 2024
|
|
Former IT employee accessed data of over 1 million US patients
Geisinger, a prominent healthcare system in Pennsylvania, has announced a data breach involving a former employee of Nuance, an IT services provider contracted by the organization. |
June 27, 2024
|
|
BlackSuit ransomware gang claims attack on KADOKAWA corporation
The BlackSuit ransomware gang claimed a recent cyberattack on KADOKAWA corporation and is now threatening to publish stolen data if a ransom is not paid. |
June 27, 2024
|
|
New Unfurling Hemlock threat actor floods systems with malware
A threat actor tracked as Unfurling Hemlock has been infecting target systems with up to ten pieces of malware at the same time in campaigns that distribute hundreds of thousands of malicious files. |
June 27, 2024
|
|
U.S. indicts Russian GRU hacker, offers $10 million reward
The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. |
June 27, 2024
|
|
TeamViewer's corporate network was breached in alleged APT hack
The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. |
June 27, 2024
|
|
Microsoft pulls Windows 11 KB5039302 update causing reboot loops
Microsoft pulled the June Windows 11 KB5039302 update after finding that it causes some devices to restart repeatedly. |
June 27, 2024
|
|
Critical GitLab bug lets attackers run pipelines as any user
A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. |
June 27, 2024
|
|
Polyfill claims it has been 'defamed', returns after domain shut down
The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill." |
June 27, 2024
|
|
Cloudflare: We never authorized polyfill.io to use our name
Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. |
June 27, 2024
|
|
Chinese Cyberspies Employ Ransomware in Attacks for Diversion
Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. |
June 26, 2024
|
|
LockBit lied: Stolen data is from a bank, not US Federal Reserve
Recently-disrupted LockBit ransomware group, in a desperate attempt to make a comeback, claimed this week that it had hit the Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. |
June 26, 2024
|
|
CISA: Most critical open source projects not using memory safe code
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. |
June 26, 2024
|
|
Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released
The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. |
June 26, 2024
|
|
Hackers target new MOVEit Transfer critical auth bypass bug
Threat actors are attempting to exploit a critical authentication bypass flaw impacting Progress MOVEit Transfer, which the vendor disclosed yesterday. |
June 26, 2024
|
|
Windows 11 KB5039302 update released with 9 changes or fixes
Microsoft has released the Windows 11 KB5039302 preview update for Windows 11 version 22H2, bringing several new features and fixes. |
June 26, 2024
|
|
Windows 10 KB5039299 update released with 10 changes or fixes
Microsoft has released the KB5039299 update for Windows 10 version 22H2 with up to ten bug fixes or changes, including a fix for "Open With" dialog boxes being shown when using apps. |
June 26, 2024
|
|
Snowblind malware abuses Android security feature to bypass security
A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. |
June 25, 2024
|
|
Plugins on WordPress.org backdoored in supply chain attack
A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. |
June 25, 2024
|
|
Polyfill.io JavaScript supply chain attack impacts over 100K sites
Over 100,000 sites have been impacted in a supply chain attack by the Polyfill.io service after a Chinese company acquired the domain and the script was modified to redirect users to malicious and scam sites. |
June 25, 2024
|
|
New Medusa malware variants target Android users in seven countries
The Medusa banking trojan for Android has re-emerged after almost a year of keeping a lower profile in campaigns targeting France, Italy, the United States, Canada, Spain, the United Kingdom, and Turkey. |
June 25, 2024
|
|
Neiman Marcus confirms data breach after Snowflake account hack
Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks. |
June 25, 2024
|
|
FBI warns of fake law firms targeting crypto scam victims
The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds and personal information. |
June 25, 2024
|
|
P2PInfect botnet targets REdis servers with new ransomware module
P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. |
June 24, 2024
|
|
Chemical facilities warned of possible data theft in CISA CSAT breach
CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. |
June 24, 2024
|
|
Chrome for Android tests feature that securely verifies your ID with sites
Google is testing a new feature called "Digital Credential API" for Chrome on Android that will allow websites to request identity information from mobile wallets using Android's IdentityCredential system. |
June 24, 2024
|
|
New attack uses MSC files and Windows XSS flaw to breach networks
A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console. |
June 24, 2024
|
|
Four FIN9 hackers indicted for cyberattacks causing $71M in losses
Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. |
June 24, 2024
|
|
CoinStats says North Korean hackers breached 1,590 crypto wallets
CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors. |
June 23, 2024
|
|
Microsoft Photos update brings requested features to Windows 11
Microsoft's updated Photos app is now available for Windows 11 in the Windows Insider Program, bringing requested interface changes and better image quality. |
June 23, 2024
|
|
Facebook PrestaShop module exploited to steal credit cards
Hackers are exploiting a flaw in a premium Facebook module for PrestaShop named pkfacebook to deploy a card skimmer on vulnerable e-commerce sites and steal people's payment credit card details. |
June 22, 2024
|
|
CDK Global outage caused by BlackSuit ransomware attack
The BlackSuit ransomware gang is behind CDK Global's massive IT outage and disruption to car dealerships across North America, according to multiple sources familiar with the matter. |
June 22, 2024
|
|
Ratel RAT targets outdated Android phones in ransomware attacks
An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. |
June 21, 2024
|
|
Los Angeles Unified confirms student data stolen in Snowflake account hack
The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. |
June 21, 2024
|
|
US sanctions 12 Kaspersky Lab execs for working in Russian tech sector
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned twelve Kaspersky Lab executives for operating in the technology sector of Russia. |
June 21, 2024
|
|
Change Healthcare lists the medical data stolen in ransomware attack
UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. |
June 21, 2024
|
|
Five men convicted for operating illegal streaming site Jetflicks
A federal jury in Las Vegas convicted five men for their involvement in the operation of Jetflicks, one of the largest and most popular illegal streaming services in the United States. |
June 21, 2024
|
|
Tor Browser 13.5 brings Android enhancements, better bridge management
The Tor Project has released Tor Browser 13.5, bringing several improvements and enhancements for Android and desktop versions. |
June 21, 2024
|
|
CDK warns: threat actors are calling customers, posing as support
CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access. The warning follows ongoing cyberattacks that have hit CDK, a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon. |
June 20, 2024
|
|
Biden bans Kaspersky antivirus software in US over security concerns
Today, the Biden administration has announced an upcoming ban of Kaspersky antivirus software and the pushing of software updates to US companies and consumers, giving customers until September 29, 2024, to find alternative security software. |
June 20, 2024
|
|
Phoenix UEFI vulnerability impacts hundreds of Intel PC models
A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. |
June 20, 2024
|
|
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. |
June 20, 2024
|
|
Linux version of RansomHub ransomware targets VMware ESXi VMs
The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. |
June 20, 2024
|
|
UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs
A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. |
June 20, 2024
|
|
SolarWinds Serv-U path traversal flaw actively exploited in attacks
Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. |
June 20, 2024
|
|
CDK Global hacked again while recovering from first cyberattack
Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack. |
June 19, 2024
|
|
T-Mobile denies it was hacked, links leaked data to vendor breach
T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. |
June 15, 2024
|
|
New Linux malware is controlled through emojis sent from Discord
A newly discovered Linux malware dubbed 'DISGOMOJI' uses the novel approach of utilizing emojis to execute commands on infected devices in attacks on government agencies in India. |
June 15, 2024
|
|
ASUS warns of critical remote authentication bypass on 7 routers
ASUS has released a new firmware update that addresses a vulnerability impacting seven router models that allow remote attackers to log in to devices. |
June 15, 2024
|
|
Microsoft: New Outlook security changes coming to personal accounts
Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024. |
June 14, 2024
|
|
Keytronic confirms data breach after ransomware gang leaks stolen files
PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. |
June 14, 2024
|
|
Mozilla Firefox can now secure access to passwords with device credentials
Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics |
June 14, 2024
|
|
London hospitals cancel over 800 operations after ransomware attack
NHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. |
June 14, 2024
|
|
CISA warns of Windows bug exploited in ransomware attacks
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. |
June 14, 2024
|
|
Former IT employee gets 2.5 years for wiping 180 virtual servers
A former quality assurance employee of National Computer Systems (NCS) was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. |
June 14, 2024
|
|
Microsoft removes Copilot app ‘incorrectly’ added on Windows PCs
Microsoft says it removed a Copilot app that was "incorrectly" added to Windows 10 and Windows 11 systems in April due to buggy Microsoft Edge updates. |
June 14, 2024
|
|
Scattered Spider hackers switch focus to cloud apps for data theft
The Scattered Spider gang has started to steal data from software-as-a-service (SaaS) applications and establish persistence through creating new virtual machines. |
June 14, 2024
|
|
Insurance giant Globe Life investigating web portal breach
American financial services holding company Globe Life says attackers may have accessed consumer and policyholder data after breaching one of its web portals. |
June 13, 2024
|
|
Microsoft delays Windows Recall amid privacy and security concerns
Microsoft is delaying the release of its AI-powered Windows Recall feature to test and secure it further before releasing it in a public preview on Copilot+ PCs. |
June 13, 2024
|
|
Truist Bank confirms breach after stolen data shows up on hacking forum
Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. |
June 13, 2024
|
|
Ascension hacked after employee downloaded malicious file
Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. |
June 13, 2024
|
|
New York Times warns freelancers of GitHub repo data breach
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. |
June 13, 2024
|
|
Toronto District School Board hit by a ransomware attack
The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. |
June 13, 2024
|
|
Panera warns of employee data breach after March ransomware attack
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. |
June 13, 2024
|
|
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. |
June 13, 2024
|
|
YouTube tests harder-to-block server-side ad injection in videos
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. |
June 12, 2024
|
|
Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. |
June 12, 2024
|
|
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. |
June 12, 2024
|
|
Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. |
June 12, 2024
|
|
CISA warns of criminals impersonating its employees in phone calls
Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. |
June 12, 2024
|
|
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. |
June 12, 2024
|
|
Life360 says hacker tried to extort them after Tile data breach
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. |
June 12, 2024
|
|
Microsoft deprecates Windows DirectAccess, recommends Always On VPN
Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support. |
June 12, 2024
|
|
Police arrest Conti and LockBit ransomware crypter specialist
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. |
June 12, 2024
|
|
Black Basta ransomware gang linked to Windows zero-day attacks
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. |
June 11, 2024
|
|
New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes
Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. |
June 11, 2024
|
|
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. |
June 11, 2024
|
|
Windows 11 KB5039212 update released with 37 changes, fixes
Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. |
June 11, 2024
|
|
Windows 10 KB5039211 update released with new feature, 12 fixes
Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. |
June 11, 2024
|
|
Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs
Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. |
June 11, 2024
|
|
City of Cleveland shuts down IT systems after cyberattack
The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. |
June 11, 2024
|
|
Chinese hackers breached 20,000 FortiGate systems worldwide
The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." |
June 11, 2024
|
|
New Warmcookie Windows backdoor pushed via fake job offers
A never-before-seen Windows malware named 'Warmcookie' is distributed through fake job offer phishing campaigns to breach corporate networks. |
June 11, 2024
|
|
TellYouThePass ransomware exploits recent PHP RCE flaw to breach servers
The TellYouThePass ransomware gang has been exploiting the recently patched CVE-2024-4577 remote code execution vulnerability in PHP to deliver webshells and execute the encryptor payload on target systems. |
June 11, 2024
|
|
Pure Storage confirms data breach after Snowflake account hack
Pure Storage, a leading provider of cloud storage systems and services, confirmed on Monday that attackers breached its Snowflake workspace and gained access to what the company describes as telemetry information |
June 10, 2024
|
|
Arm warns of actively exploited flaw in Mali GPU kernel drivers
Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. |
June 10, 2024
|
|
Gitloker attacks abuse GitHub notifications to push malicious oAuth apps
Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. |
June 10, 2024
|
|
Apple enters AI arms race with new Apple Intelligence feature
Apple unveiled its new 'Apple Intelligence' feature today at its 2024 Worldwide Developer Conference, finally unveiling its generative AI strategy that will power new personalized experiences on Apple devices. |
June 10, 2024
|
|
Netgear WNR614 flaws allow device takeover, no fix available
Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. |
June 10, 2024
|
|
Cylance confirms data breach linked to 'third-party' platform
Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a "third-party platform." |
June 10, 2024
|
|
London hospitals face blood shortage after Synnovis ransomware attack
England's NHS Blood and Transplant (NHSBT) has issued an urgent call to O Positive and O Negative blood donors to book appointments and donate after last week's cyberattack on pathology provider Synnovis impacted multiple hospitals in London. |
June 10, 2024
|
|
Exploit for critical Veeam auth bypass available, patch now
A proof-of-concept (PoC) exploit for a Veeam Backup Enterprise Manager authentication bypass flaw tracked as CVE-2024-29849 is now publicly available, making it urgent that admins apply the latest security updates. |
June 10, 2024
|
|
23andMe data breach under investigation in UK and Canada
Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. |
June 9, 2024
|
|
Brave says May 2024 was its biggest growth month ever
Brave browser experienced its most significant growth month ever in May 2024, now used by more than 78.95 million monthly users, up 7.3%. |
June 9, 2024
|
|
Malicious VSCode extensions with 229M installs found on Microsoft marketplace
A group of Israeli researchers exploring the limits of VSCode security have managed to "infect" over 100 organizations with a typosquatting Dracula extension that was weaponized with risky code. |
June 8, 2024
|
|
New York Times source code stolen using exposed GitHub token
Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. |
June 8, 2024
|
|
DDoS attacks target EU political parties as elections begin
Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. |
June 7, 2024
|
|
LastPass says 12-hour outage caused by bad Chrome extension update
LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. |
June 7, 2024
|
|
Apple to unveil new 'Passwords' password manager app for iPhones, Macs
Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. |
June 7, 2024
|
|
Christie's starts notifying clients of RansomHub data breach
British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach. |
June 7, 2024
|
|
Frontier warns 750,000 of a data breach after extortion threats
Frontier Communications is warning 750,000 customers that their information was exposed in a data breach after an April cyberattack claimed by the RansomHub ransomware operation. |
June 7, 2024
|
|
Microsoft makes Windows Recall opt-in, secures data with Windows Hello
Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. |
June 7, 2024
|
|
PHP fixes critical RCE flaw impacting all versions for Windows
A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. |
June 6, 2024
|
|
Los Angeles Unified School District investigates data theft claims
Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. |
June 6, 2024
|
|
Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells
Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. |
June 6, 2024
|
|
Ukraine says hackers abuse SyncThing data sync tool to steal data
The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces. |
June 6, 2024
|
|
New Fog ransomware targets US education sector via breached VPNs
A new ransomware operation named 'Fog' launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S. |
June 6, 2024
|
|
New Gitloker attacks wipe GitHub repos in extortion scheme
Attackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information. |
June 6, 2024
|
|
PandaBuy pays ransom to hacker only to get extorted again
Chinese shopping platform Pandabuy told BleepingComputer it previously paid a a ransom demand to prevent stolen data from being leaked, only for the same threat actor to extort the company again this week. |
June 5, 2024
|
|
Linux version of TargetCompany ransomware focuses on VMware ESXi
Researchers observed a new Linux variant of the TargetCompany ransomware family that targets VMware ESXi environments using a custom shell script to deliver and execute payloads. |
June 5, 2024
|
|
FBI recovers 7,000 LockBit keys, urges ransomware victims to reach out
The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys that they can use to recover encrypted data for free. |
June 5, 2024
|
|
Google Chrome reduced cookie requests to improve performance
Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. |
June 5, 2024
|
|
Advance Auto Parts stolen data for sale after Snowflake attack
Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. |
June 5, 2024
|
|
Check-in terminals used by thousands of hotels leak guest info
Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. |
June 5, 2024
|
|
Club Penguin fans breached Disney Confluence server, stole 2.5GB of data
Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. |
June 5, 2024
|
|
Chinese hacking groups team up in cyber espionage campaign
Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace |
June 5, 2024
|
|
Qilin ransomware gang linked to attack on London hospitals
A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. |
June 5, 2024
|
|
Kali Linux 2024.2 released with 18 new tools, Y2038 changes
Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. |
June 5, 2024
|
|
RansomHub extortion gang linked to now-defunct Knight ransomware
Security researchers analyzing the relatively new RansomHub ransomware-as-a-service believe that it has evoloved from the currently defunct Knight ransomware project. |
June 4, 2024
|
|
Australian mining company discloses breach after BianLian leaks data
Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. |
June 4, 2024
|
|
TikTok fixes zero-day bug used to hijack high-profile accounts
Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. |
June 4, 2024
|
|
FBI warns of fake remote work ads used for cryptocurrency fraud
Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. |
June 4, 2024
|
|
ARRL says it was hacked by an "international cyber group"
American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. |
June 4, 2024
|
|
Microsoft announces first Windows 10 Beta build since 2021
Microsoft has reopened the Windows 10 beta channel and is asking Insiders to join or switch to receive a new beta build in the coming weeks. |
June 4, 2024
|
|
New V3B phishing kit targets customers of 54 European banks
Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. |
June 4, 2024
|
|
Zyxel issues emergency RCE patch for end-of-life NAS devices
Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. |
June 4, 2024
|
|
Major London hospitals disrupted by Synnovis ransomware attack
A ransomware attack affecting pathology and diagnostic services provider Synnovis has impacted healthcare services at multiple major NHS hospitals in London. |
June 4, 2024
|
|
Microsoft deprecates Windows NTLM authentication protocol
Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. |
June 3, 2024
|
|
Collection agency FBCS ups data breach tally to 3.2 million people
Debt collection agency Financial Business and Consumer Solutions (FBCS) now says over 3.2 million people have been impacted by a data breach that occurred in February. |
June 3, 2024
|
|
Data firm execs convicted for helping fraudsters target the elderly
A former senior executive and former sales manager of Epsilon Data Management LLC (Epsilon) were convicted of selling data of millions of Americans to perpetrators of mail fraud schemes. |
June 3, 2024
|
|
Microsoft India’s X account hijacked in Roaring Kitty crypto scam
The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. |
June 3, 2024
|
|
Cox fixed an API auth bypass exposing millions of modems to attacks
Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. |
June 3, 2024
|
|
361 million stolen accounts leaked on Telegram added to HIBP
A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. |
June 3, 2024
|
|
Azure Service Tags tagged as security risk, Microsoft disagrees
Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. |
June 3, 2024
|
|
Exploit for critical Progress Telerik auth bypass released, patch now
Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. |
June 3, 2024
|
|
Verizon users report blurry photos in Android messaging apps
Verizon customers using Android phones report that they receive blurry images through text messages on different services and apps, with no response from Verizon as to why. |
June 2, 2024
|
|
AI platform Hugging Face says hackers stole auth tokens from Spaces
AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. |
June 2, 2024
|
|
Police dismantle pirated TV streaming network that made $5.7 million
Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. |
June 1, 2024
|
|
Kaspersky releases free tool that scans Linux for known threats
Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. |
June 1, 2024
|
|
Google Chrome change that weakens ad blockers begins June 3rd
Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. |
May 31, 2024
|
|
Live Nation finally confirms massive Ticketmaster data breach
Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. |
May 31, 2024
|
|
DMM Bitcoin warns that hackers stole $300 million in Bitcoin
Japanese bitcoin exchange DMM Bitcoin is warning that 4,502.9 Bitcoin (BTC), or approximately $308 million (48.2 billion yen), has been stolen from one of its wallets today, making it the most significant cryptocurrency heist of 2024. |
May 31, 2024
|
|
CISA warns of actively exploited Linux privilege elevation flaw
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. |
May 31, 2024
|
|
Snowflake account hacks linked to Santander, Ticketmaster breaches
A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. However, Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts. |
May 31, 2024
|
|
Europol identifies 8 cybercriminals tied to malware loader botnets
Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. |
May 31, 2024
|
|
ShinyHunters claims Santander breach, selling data for 30M customers
A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach. |
May 30, 2024
|
|
Microsoft: Windows 11 preview update causes taskbar crashes
Microsoft warned customers on Thursday that the May 2024 non-security preview update for Windows 11 is causing taskbar crashes and glitches. |
May 30, 2024
|
|
Pirated Microsoft Office delivers malware cocktail on systems
Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. |
May 30, 2024
|
|
Data of 560 million Ticketmaster customers for sale after alleged breach
A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. |
May 30, 2024
|
|
Malware botnet bricked 600,000 routers in mysterious 2023 event
A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that took 600,000 office/home office (SOHO) internet routers offline, according to a new report by researchers at Lumen's Black Lotus Labs. |
May 30, 2024
|
|
Everbridge warns of corporate systems breach exposing business data
Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach. |
May 30, 2024
|
|
Cooler Master confirms customer info stolen in data breach
Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data. |
May 30, 2024
|
|
BBC suffers data breach impacting current, former employees
The BBC has disclosed a data security incident that occurred on May 21, involving unauthorized access to files hosted on a cloud-based service, compromising the personal information of BBC Pension Scheme members. |
May 30, 2024
|
|
macOS version of elusive 'LightSpy' spyware tool discovered
A macOS version of the LightSpy surveillance framework has been discovered, confirming the extensive reach of a tool only previously known for targeting Android and iOS devices. |
May 30, 2024
|
|
Police seize over 100 malware loader servers, arrest four cybercriminals
An international law enforcement operation codenamed 'Operation Endgame' has seized over 100 servers worldwide used by multiple major malware loader operations, including IcedID, Pikabot, Trickbot, Bumblebee, Smokeloader, and SystemBC. |
May 29, 2024
|
|
Cybercriminals pose as "helpful" Stack Overflow users to push malware
Cybercriminals are abusing Stack Overflow in an interesting approach to spreading malware—answering users' questions by promoting a malicious PyPi package that installs Windows information-stealing malware. |
May 29, 2024
|
|
Windows 11 KB5037853 update fixes File Explorer issues, 20 bugs
Microsoft has released the May 2024 non-security preview update for Windows 11 versions 22H2 and 23H2, which includes 32 fixes and changes. |
May 29, 2024
|
|
Windows 10 KB5037849 update released with 9 changes or fixes
Microsoft has released the optional KB5037849 Preview cumulative update for Windows 10 22H2 with nine fixes or changes. |
May 29, 2024
|
|
Cooler Master hit by data breach exposing customer information
Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers. |
May 29, 2024
|
|
Check Point VPN zero-day exploited in attacks since April 30
Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. |
May 29, 2024
|
|
Free Piano phish targets American university students, staff
A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. |
May 29, 2024
|
|
US dismantles 911 S5 botnet used for cyberattacks, arrests admin
The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. |
May 29, 2024
|
|
Okta warns of credential stuffing attacks targeting its CORS feature
Okta warns that a Customer Identity Cloud (CIC) feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. |
May 29, 2024
|
|
Check Point releases emergency fix for VPN zero-day exploited in attacks
Check Point has released hotfixes for a VPN zero-day vulnerability exploited in attacks to gain remote access to firewalls and attempt to breach corporate networks. |
May 28, 2024
|
|
First American December data breach impacts 44,000 people
First American Financial Corporation, the second-largest title insurance company in the United States, revealed on Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. |
May 28, 2024
|
|
Over 90 malicious Android apps with 5.5M installs found on Google Play
Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. |
May 28, 2024
|
|
US govt sanctions cybercrime gang behind massive 911 S5 botnet
The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5." |
May 28, 2024
|
|
Russian indicted for selling access to US corporate networks
A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. |
May 28, 2024
|
|
Microsoft links North Korean hackers to new FakePenny ransomware
Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. |
May 28, 2024
|
|
Exploit released for maximum severity Fortinet RCE bug, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. |
May 28, 2024
|
|
Christie’s confirms breach after RansomHub threatens to leak data
Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. |
May 28, 2024
|
|
Ad blocker users say YouTube videos are now skipping to the end
Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. |
May 27, 2024
|
|
TP-Link fixes critical RCE bug in popular C5400X gaming router
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. |
May 27, 2024
|
|
Hackers target Check Point VPNs to breach enterprise networks
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. |
May 27, 2024
|
|
Sav-Rx discloses data breach impacting 2.8 million Americans
Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. |
May 26, 2024
|
|
Hackers phish finance orgs using trojanized Minesweeper clone
Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. |
May 25, 2024
|
|
Arc browser’s Windows launch targeted by Google ads malvertising
A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. |
May 25, 2024
|
|
Indian man stole $37 million in crypto using fake Coinbase Pro site
An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. |
May 24, 2024
|
|
ICQ messenger shuts down after almost 28 years
The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. |
May 24, 2024
|
|
Hacker defaces spyware app’s site, dumps database and source code
A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. |
May 24, 2024
|
|
Microsoft: Windows 24H2 will remove Cortana and WordPad apps
Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. |
May 24, 2024
|
|
Microsoft Copilot fixed worldwide after 24 hour outage
After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. |
May 24, 2024
|
|
Cencora data breach exposes US patient info from 8 drug companies
Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. |
May 24, 2024
|
|
New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. |
May 24, 2024
|
|
Google fixes eighth actively exploited Chrome zero-day this year
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. |
May 23, 2024
|
|
Microsoft pushes emergency fix for Windows Server 2019 update errors
Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 that fixes a bug causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. |
May 23, 2024
|
|
JAVS courtroom recording software backdoored in supply chain attack
Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. |
May 23, 2024
|
|
Microsoft spots gift card thieves using cyber-espionage tactics
Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. |
May 23, 2024
|
|
High-severity GitLab flaw lets attackers take over accounts
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. |
May 23, 2024
|
|
Apple wasn’t storing deleted iOS photos in iCloud after all
Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. |
May 23, 2024
|
|
Northern Ireland police faces £750k fine after exposing staff info
UK's Information Commissioner Office (ICO) has announced the intention to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce's personal details by inadvertently publishing a spreadsheet file online. |
May 23, 2024
|
|
Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search
A massive Microsoft outage in some regions affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. |
May 22, 2024
|
|
Windows 11 24H2 now rolling out to Release Preview Insiders
Microsoft is rolling out Windows 11 24H2 to testers in the Release Preview Channel, confirming that it is in the final stages of testing. |
May 22, 2024
|
|
Microsoft to start killing off VBScript in second half of 2024
Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. |
May 22, 2024
|
|
State hackers turn to massive ORB proxy networks to evade detection
Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. |
May 22, 2024
|
|
Intercontinental Exchange to pay $10M SEC penalty over VPN breach
The Intercontinental Exchange (ICE) will pay a $10 million penalty to settle charges brought by the U.S. Securities and Exchange Commission (SEC) after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. |
May 22, 2024
|
|
LastPass is now encrypting URLs in password vaults for better security
LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access. |
May 22, 2024
|
|
Microsoft's new Windows 11 Recall is a privacy nightmare
Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking that it has created massive privacy risks and a new attack vector that threat actors can exploit to steal data. |
May 22, 2024
|
|
Chinese hackers hide on military and govt networks for 6 years
A previously unknown threat actor dubbed "Unfading Sea Haze" has been targeting military and government entities in the South China Sea region since 2018, remaining undetected all this time. |
May 21, 2024
|
|
GhostEngine mining attacks kill EDR security using vulnerable drivers
A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. |
May 21, 2024
|
|
Veeam warns of critical Backup Enterprise Manager auth bypass bug
Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). |
May 21, 2024
|
|
LockBit says they stole data in London Drugs ransomware attack
Today, the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations. |
May 21, 2024
|
|
Western Sydney University data breach exposed student data
Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. |
May 21, 2024
|
|
Bitbucket artifact files can leak plaintext authentication secrets
Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. |
May 21, 2024
|
|
Rockwell Automation warns admins to take ICS devices offline
Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. |
May 21, 2024
|
|
GitHub warns of SAML auth bypass flaw in Enterprise Server
GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single sign-on (SSO) authentication. |
May 21, 2024
|
|
Google rolls out Chrome fix for empty pages when switching tabs
Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs. |
May 21, 2024
|
|
Zoom adds post-quantum end-to-end encryption to video meetings
Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon. |
May 20, 2024
|
|
Critical Fluent Bit flaw impacts all major cloud providers
A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. |
May 20, 2024
|
|
OmniVision discloses data breach after 2023 ransomware attack
The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. |
May 20, 2024
|
|
Owner of Incognito dark web drugs market arrested in New York
The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. |
May 20, 2024
|
|
Windows 11 Recall AI feature will record everything you do on your PC
Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. |
May 20, 2024
|
|
New BiBi Wiper version also destroys the disk partition table
A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. |
May 20, 2024
|
|
QNAP QTS zero-day in Share feature gets public RCE exploit
An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. |
May 19, 2024
|
|
American Radio Relay League cyberattack takes Logbook of the World offline
The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. |
May 19, 2024
|
|
Frustration grows over Google's AI Overviews feature, how to disable
Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. However, there are ways to turn it off using a new "Web" search mode, which we explain in this article.. |
May 19, 2024
|
|
CISA warns of hackers exploiting Chrome, EoL D-Link bugs
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. |
May 18, 2024
|
|
Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising
A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. |
May 18, 2024
|
|
Android malware Grandoreiro returns after police disruption
The Android banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. |
May 17, 2024
|
|
The Week in Ransomware - May 17th 2024 - Mailbombing is back
This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. |
May 17, 2024
|
|
Microsoft to start enforcing Azure multi-factor authentication in July
Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. |
May 17, 2024
|
|
SEC: Financial orgs have 30 days to send data breach notifications
The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. |
May 17, 2024
|
|
US arrests suspects behind $73M ‘pig butchering’ laundering scheme
The U.S. Department of Justice charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as "pig butchering." |
May 17, 2024
|
|
WebTPA data breach impacts 2.4 million insurance policyholders
The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. |
May 16, 2024
|
|
Five charged for cyber schemes to benefit North Korea's weapons program
The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. |
May 16, 2024
|
|
Norway recommends replacing SSL VPN to prevent breaches
The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. |
May 16, 2024
|
|
Microsoft shares temp fix for Outlook encrypted email reply issues
Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. |
May 16, 2024
|
|
MediSecure e-script firm hit by ‘large-scale’ ransomware data breach
Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. |
May 16, 2024
|
|
Russian hackers use new Lunar malware to breach a European govt's agencies
Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. |
May 16, 2024
|
|
Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors
Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors. |
May 16, 2024
|
|
Kimsuky hackers deploy new Linux backdoor in attacks on South Korea
The North Korean hacker group Kimsuki has been using a new Linux malware called Gomir that is a version of the GoBear backdoor delivered via trojanized software installers. |
May 15, 2024
|
|
Google patches third exploited Chrome zero-day in a week
Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. |
May 15, 2024
|
|
Android to add new anti-theft and data protection features
Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. |
May 15, 2024
|
|
Android 15, Google Play get new anti-malware and anti-fraud features
Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. |
May 15, 2024
|
|
Nissan North America data breach impacts over 53,000 employees
Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. |
May 15, 2024
|
|
Brothers arrested for $25 million theft in Ethereum blockchain attack
The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme. |
May 15, 2024
|
|
Apple blocked $7 billion in fraudulent App Store purchases in 4 years
Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. |
May 15, 2024
|
|
Windows Quick Assist abused in Black Basta ransomware attacks
Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. |
May 15, 2024
|
|
FBI seize BreachForums hacking forum used to leak stolen data
The FBI has seized the notorious BreachForums hacking forum that leaked and sold stolen corporate data to other cybercriminals. |
May 15, 2024
|
|
Banco Santander warns of a data breach exposing customer info
Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. |
May 15, 2024
|
|
Tornado Cash cryptomixer dev gets 64 months for laundering $2 billion
Alexey Pertsev, one of the main developers of the Tornado Cash cryptocurrency tumbler has been sentenced to 64 months in prison for his part in helping launder more than $2 billion worth of cryptocurrency. |
May 14, 2024
|
|
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. |
May 14, 2024
|
|
Microsoft fixes VPN failures caused by April Windows updates
Today, Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates. |
May 14, 2024
|
|
Singing River Health System: Data of 895,000 stolen in ransomware attack
The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. |
May 14, 2024
|
|
VMware makes Workstation Pro and Fusion Pro free for personal use
VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. |
May 14, 2024
|
|
Microsoft fixes Windows Server bug causing crashes, NTLM auth failures
Microsoft has fixed a known issue causing NTLM authentication failures and domain controller reboots after installing last month's Windows Server security updates. |
May 14, 2024
|
|
Microsoft fixes Windows zero-day exploited in QakBot malware attacks
Microsoft has fixed a zero-day vulnerability exploited in attacks to deliver QakBot and other malware payloads on vulnerable Windows systems. |
May 14, 2024
|
|
Windows 10 KB5037768 update released with new features and 20 fixes
Microsoft has released the KB5037768 cumulative update for Windows 10 21H2 and Windows 10 22H2 with twenty changes, including account notifications in the Start Menu and Widgets on the lock screen. |
May 14, 2024
|
|
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. |
May 14, 2024
|
|
Windows 11 KB5037771 update released with 30 fixes, changes
Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. |
May 14, 2024
|
|
Ebury botnet malware infected 400,000 Linux servers since 2009
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. |
May 14, 2024
|
|
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. |
May 14, 2024
|
|
Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them. |
May 14, 2024
|
|
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. |
May 14, 2024
|
|
Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. |
May 13, 2024
|
|
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. |
May 13, 2024
|
|
Apple backports fix for RTKit iOS zero-day to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. |
May 13, 2024
|
|
FCC reveals Royal Tiger, its first tagged robocall threat actor
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. |
May 13, 2024
|
|
INC ransomware source code selling on hacking forums for $300,000
A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. |
May 13, 2024
|
|
Botnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. |
May 13, 2024
|
|
Hackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. |
May 13, 2024
|
|
Helsinki suffers data breach after hackers exploit unpatched flaw
The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. |
May 12, 2024
|
|
Largest non-bank lender in Australia warns of a data breach
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. |
May 11, 2024
|
|
The Post Millennial hack leaked data impacting 26 million people
Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. |
May 11, 2024
|
|
CISA: Black Basta ransomware breached over 500 orgs worldwide
CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. |
May 11, 2024
|
|
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. |
May 10, 2024
|
|
The Week in Ransomware - May 10th 2024 - Chipping away at LockBit
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. |
May 10, 2024
|
|
Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. |
May 10, 2024
|
|
Ascension redirects ambulances after suspected ransomware attack
Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. |
May 10, 2024
|
|
Ohio Lottery ransomware attack impacts over 538,000 individuals
The Ohio Lottery is sending data breach notification letters to over 538,000 individuals affected by a cyberattack that hit the organization's systems on Christmas Eve. |
May 10, 2024
|
|
Google fixes fifth Chrome zero-day exploited in attacks this year
Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year. |
May 10, 2024
|
|
Widely used Telit Cinterion modems open to SMS takeover attacks
Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. |
May 9, 2024
|
|
Poland says Russian military hackers target its govt networks
Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week. |
May 9, 2024
|
|
Monday.com removes "Share Update" feature abused for phishing attacks
Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. |
May 9, 2024
|
|
Citrix warns admins to manually mitigate PuTTY SSH client bug
Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. |
May 9, 2024
|
|
AT&T delays Microsoft 365 email delivery due to spam wave
AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. |
May 9, 2024
|
|
British Columbia investigating cyberattacks on government networks
The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. |
May 9, 2024
|
|
Dell warns of data breach, 49 million customers allegedly affected
Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers. |
May 8, 2024
|
|
Zscaler takes "test environment" offline after rumors of a breach
Zscaler says that they discovered an exposed "test environment" that was taken offline for analysis after rumors circulated that a threat actor was selling access to the company's systems. |
May 8, 2024
|
|
University System of Georgia: 800K exposed in 2023 MOVEit attack
The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. |
May 8, 2024
|
|
Ascension healthcare takes systems offline after cyberattack
Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." |
May 8, 2024
|
|
Stack Overflow suspends user for editing posts in OpenAI protest
OpenAI and Stack Overflow recently teamed up to improve AI models. OpenAI will have access to Stack Overflow's API and feedback from developers. In return, OpenAI will link to Stack Overflow's content in ChatGPT. |
May 8, 2024
|
|
New BIG-IP Next Central Manager bugs allow device takeover
F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. |
May 8, 2024
|
|
FBI warns of gift card fraud ring targeting retail companies
The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. |
May 8, 2024
|
|
City of Wichita breach claimed by LockBit ransomware gang
The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. |
May 8, 2024
|
|
Microsoft: April Windows Server updates also cause crashes, reboots
Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. |
May 8, 2024
|
|
Massive webshop fraud ring steals credit cards from 850,000 people
A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. |
May 7, 2024
|
|
DocGo discloses cyberattack after hackers steal patient health data
Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. |
May 7, 2024
|
|
Hackers exploit LiteSpeed Cache flaw to create WordPress admins
Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites. |
May 7, 2024
|
|
UK confirms Ministry of Defence payroll data exposed in data breach
The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network. |
May 7, 2024
|
|
New attack leaks VPN traffic using rogue DHCP servers
A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. |
May 7, 2024
|
|
Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw
Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. |
May 7, 2024
|
|
BetterHelp to pay $7.8 million to 800,000 in health data sharing settlement
BetterHelp has agreed to pay $7.8 million in a settlement agreement with the U.S. Federal Trade Commission (FTC) over allegations of misusing and sharing consumer health data for advertising purposes. |
May 7, 2024
|
|
LockBit ransomware admin identified, sanctioned in US, UK, Australia
The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor being revealed for the first time. |
May 6, 2024
|
|
Google Chrome is getting native support for YouTube-like video chapters
Google is adding a new feature to Google Chrome that allows publishers to add video chapters to videos embedded on websites, similar to how chapters work on YouTube. |
May 6, 2024
|
|
Microsoft tests using MT/s for memory speed in Windows 11 Task Manager
Microsoft is testing showing memory speeds as MT/s (mega-transfers per second) rather than MHz (megahertz) in the Windows 11 Task Manager. |
May 6, 2024
|
|
City of Wichita shuts down IT network after ransomware attack
The City of Wichita, Kansas, disclosed it was forced to shut down portions of its network after suffering a weekend ransomware attack. |
May 6, 2024
|
|
Get ahead in cybersecurity with $145 off a training course bundle
Cybersecurity is everyone's concern, and for IT workers, a key skill on their resume. This five-course exam prep bundle helps you get more advanced credentials for $49.99, $145 off the $195 MSRP. |
May 6, 2024
|
|
Lockbit's seized site comes alive to tease new police announcements
The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. |
May 5, 2024
|
|
Finland warns of Android malware attacks breaching bank accounts
Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting banking accounts. |
May 4, 2024
|
|
Iranian hackers pose as journalists to push backdoor malware
The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. |
May 3, 2024
|
|
Android bug can leak DNS traffic with VPN kill switch enabled
A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. |
May 3, 2024
|
|
NSA warns of North Korean hackers exploiting weak DMARC email policies
The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. |
May 3, 2024
|
|
Google rolls back reCaptcha update to fix Firefox issues
Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. |
May 3, 2024
|
|
NATO and EU condemn Russia's cyberattacks against Germany, Czechia
NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. |
May 3, 2024
|
|
Microsoft rolls out passkey auth for personal Microsoft accounts
Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. |
May 2, 2024
|
|
CEO who sold fake Cisco devices to US military gets 6 years in prison
Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. |
May 2, 2024
|
|
Bitwarden launches new MFA Authenticator app for iOS, Android
Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. |
May 2, 2024
|
|
CISA urges software devs to weed out path traversal vulnerabilities
CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. |
May 2, 2024
|
|
Police shuts down 12 fraud call centres, arrests 21 suspects
Law enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. |
May 2, 2024
|
|
Microsoft warns of "Dirty Stream" attack impacting Android apps
Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. |
May 2, 2024
|
|
REvil hacker behind Kaseya ransomware attack gets 13 years in prison
Yaroslav Vasinskyi, a Ukrainian national, was sentenced to 13 years and seven months in prison and ordered to pay $16 million in restitution for his involvement in the REvil ransomware operation. |
May 2, 2024
|
|
Microsoft won't fix Windows 0x80070643 errors, manual fix required
Microsoft has confirmed that it won't provide an automated fix for a known issue causing 0x80070643 errors when installing recent Windows Recovery Environment (WinRE) updates. |
May 2, 2024
|
|
Cybersecurity consultant arrested after allegedly extorting IT firm
A former cybersecurity consultant was arrested for allegedly attempting to extort a publicly traded IT company by threatening to disclose confidential and proprietary data unless they paid him $1,500,000. |
May 1, 2024
|
|
HPE Aruba Networking fixes four critical RCE flaws in ArubaOS
HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. |
May 1, 2024
|
|
DropBox says hackers stole customer data, auth secrets from eSignature service
Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. |
May 1, 2024
|
|
US govt warns of pro-Russian hacktivists targeting water facilities
The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology (OT) systems used to disrupt critical infrastructure operations. |
May 1, 2024
|
|
Panda Restaurants discloses data breach after corporate systems hack
Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. |
May 1, 2024
|
|
French hospital CHC-SV refuses to pay LockBit extortion demand
The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. |
May 1, 2024
|
|
CISA says GitLab account takeover bug is actively exploited in attacks
CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. |
May 1, 2024
|
|
Microsoft: April Windows Server updates cause NTLM auth failures
Microsoft has confirmed customer reports of NTLM authentication failures and high load after installing last month's Windows Server security updates. |
May 1, 2024
|
|
Microsoft says April Windows updates break VPN connections
Microsoft says the April 2024 Windows security updates break VPN connections on Windows 11, Windows 10, and Windows Server systems. |
May 1, 2024
|
|
Qantas app exposed sensitive traveler details to random users
Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users. |
May 1, 2024
|
|
New Cuttlefish malware infects routers to monitor traffic for credentials
A new malware named 'Cuttlefish' has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal authentication information. |
April 30, 2024
|
|
New Latrodectus malware attacks use Microsoft, Cloudflare themes
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. |
April 30, 2024
|
|
Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach
Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. |
April 30, 2024
|
|
R language flaw allows code execution via RDS/RDX files
A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. |
April 30, 2024
|
|
Google now pays up to $450,000 for RCE bugs in some Android apps
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. |
April 30, 2024
|
|
Millions of Docker repos found pushing malware, phishing sites
Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. |
April 30, 2024
|
|
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. |
April 30, 2024
|
|
Change Healthcare hacked using stolen Citrix account with no MFA
UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. |
April 29, 2024
|
|
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall
A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. |
April 29, 2024
|
|
FCC fines carriers $200 million for illegally sharing user location
The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers' real-time location data without their consent. |
April 29, 2024
|
|
London Drugs pharmacy chain closes stores after cyberattack
Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident." |
April 29, 2024
|
|
FBI warns of fake verification schemes targeting dating app users
The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. |
April 29, 2024
|
|
Google rejected 2.28 million risky Android apps from Play store in 2023
Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. |
April 29, 2024
|
|
Microsoft fixes bug behind incorrect BitLocker encryption errors
Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. |
April 29, 2024
|
|
Collection agency FBCS warns data breach impacts 1.9 million people
Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. |
April 28, 2024
|
|
US Post Office phishing sites get as much traffic as the real one
Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. |
April 28, 2024
|
|
Google Chrome's new post-quantum cryptography may break TLS connections
Some Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. |
April 27, 2024
|
|
Japanese police create fake support scam payment cards to warn victims
Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. |
April 27, 2024
|
|
Okta warns of "unprecedented" credential stuffing attacks on customers
Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. |
April 26, 2024
|
|
Telegram is down with "Connecting" error
Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. |
April 26, 2024
|
|
Fake job interviews target developers with new Python backdoor
A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). |
April 26, 2024
|
|
Kaiser Permanente: Data breach may impact 13.4 million patients
Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. |
April 25, 2024
|
|
FBI warns against using unlicensed crypto transfer services
The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. |
April 25, 2024
|
|
LA County Health Services: Patients' data exposed in phishing attack
The L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. |
April 25, 2024
|
|
Researchers sinkhole PlugX malware server with 2.5 million unique IPs
Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. |
April 25, 2024
|
|
Reddit down in major outage blocking access to web, mobile apps
Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps. |
April 25, 2024
|
|
Over 1,400 CrushFTP servers vulnerable to actively exploited bug
Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. |
April 25, 2024
|
|
WP Automatic WordPress plugin hit by millions of SQL injection attacks
Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. |
April 25, 2024
|
|
New Brokewell malware takes over Android devices, steals data
Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. |
April 24, 2024
|
|
US charges Samourai cryptomixer founders for laundering $100 million
Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. |
April 24, 2024
|
|
Maximum severity Flowmon bug has a public exploit, patch now
Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. |
April 24, 2024
|
|
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. |
April 24, 2024
|
|
ArcaneDoor hackers exploit Cisco zero-days to breach govt networks
Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. |
April 24, 2024
|
|
Google Meet opens client-side encrypted calls to non Google users
Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. |
April 24, 2024
|
|
Google Meet opens client-side encrypted calls to non Google users
Google is updating the client-side encryption mechanism for Google Meet to allow external participants, including those without Google accounts, to join encrypted calls. |
April 24, 2024
|
|
Windows 11 KB5036980 update goes live with Start Menu ads
Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. |
April 24, 2024
|
|
Windows 11 KB5036980 update goes live with Start Menu ads
Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. |
April 24, 2024
|
|
Ring customers get $5.6 million in privacy breach settlement
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. |
April 24, 2024
|
|
Ring customers get $5.6 million in privacy breach settlement
The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. |
April 23, 2024
|
|
Microsoft pulls fix for Outlook bug behind ICS security alerts
Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates |
April 23, 2024
|
|
CoralRaider attacks use CDN cache to push info-stealer malware
A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. |
April 23, 2024
|
|
Microsoft releases Exchange hotfixes for security update issues
Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. |
April 23, 2024
|
|
US govt sanctions Iranians linked to government cyberattacks
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. |
April 23, 2024
|
|
DPRK hacking groups breach South Korean defense contractors
The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. |
April 23, 2024
|
|
US imposes visa bans on 13 spyware makers and their families
The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. |
April 23, 2024
|
|
Hackers hijack antivirus updates to drop GuptiMiner malware
North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. |
April 23, 2024
|
|
UnitedHealth confirms it paid ransomware gang to stop data leak
The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. |
April 22, 2024
|
|
Microsoft: APT28 hackers exploit Windows flaw reported by NSA
Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. |
April 22, 2024
|
|
Synlab Italia suspends operations following ransomware attack
Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. |
April 22, 2024
|
|
GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. |
April 22, 2024
|
|
Russian Sandworm hackers targeted 20 critical orgs in Ukraine
Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). |
April 21, 2024
|
|
Malware dev lures child exploiters into honeytrap to extort them
You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims. |
April 21, 2024
|
|
Ransomware payments drop to record low of 28% in Q1 2024
Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%. |
April 20, 2024
|
|
Critical Forminator plugin flaw impacts over 300k WordPress sites
The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. |
April 20, 2024
|
|
GitHub comments abused to push malware via Microsoft repo URLs
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. |
April 19, 2024
|
|
The Week in Ransomware - April 19th 2024 - Attacks Ramp Up
While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. |
April 19, 2024
|
|
CrushFTP warns users to patch exploited zero-day “immediately”
CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. |
April 19, 2024
|
|
HelloKitty ransomware rebrands, releases CD Projekt and Cisco data
An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.. |
April 19, 2024
|
|
MITRE says state hackers breached its network via Ivanti zero-days
The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. |
April 19, 2024
|
|
United Nations agency investigates ransomware attack, data theft
The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. |
April 19, 2024
|
|
22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks
Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024. |
April 18, 2024
|
|
Fake cheat lures gamers into spreading infostealer malware
A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. |
April 18, 2024
|
|
Frontier Communications shuts down systems after cyberattack
American telecom provider Frontier Communications is restoring systems after a cybercrime group breached some of its IT systems in a recent cyberattack. |
April 18, 2024
|
|
840-bed hospital in France postpones procedures after cyberattack
The Hospital Simone Veil in Cannes (CHC-SV) has announced that it was targeted by a cyberattack on Tuesday morning, severely impacting its operations and forcing staff to go back to pen and paper. |
April 18, 2024
|
|
FBI: Akira ransomware raked in $42 million from 250+ victims
According to a joint advisory from the FBI, CISA, Europol's European Cybercrime Centre (EC3), and the Netherlands' National Cyber Security Centre (NCSC-NL), the Akira ransomware operation has breached the networks of over 250 organizations and raked in roughly $42 million in ransom payments. |
April 18, 2024
|
|
Google ad impersonates Whales Market to push wallet drainer malware
A legitimate-looking Google Search advertisement for the crypto trading platform 'Whales Market' redirects visitors to a wallet-draining phishing site that steals all of your assets. |
April 18, 2024
|
|
Microsoft Office LTSC 2024 preview available for Windows, Mac
A preview of Microsoft Office LTSC 2024, a volume-licensed and perpetual version of Office for commercial customers, is now available for Windows and macOS users. |
April 18, 2024
|
|
Cybercriminals pose as LastPass staff to hack password vaults
LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. |
April 18, 2024
|
|
LabHost phishing service with 40,000 domains disrupted, 37 arrested
The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer. |
April 17, 2024
|
|
SoumniBot malware exploits Android bugs to evade detection
A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. |
April 17, 2024
|
|
Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks
In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities. |
April 17, 2024
|
|
FIN7 targets American automaker’s IT staff in phishing attacks
The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. |
April 17, 2024
|
|
Moldovan charged for operating botnet used to push ransomware
The U.S. Justice Department charged Moldovan national Alexander Lefterov, the owner and operator of a large-scale botnet that infected thousands of computers across the United States. |
April 17, 2024
|
|
Cisco discloses root escalation flaw with public exploit code
Cisco has released patches for a high-severity Integrated Management Controller (IMC) vulnerability with public exploit code that can let local attackers escalate privileges to root. |
April 17, 2024
|
|
Russian Sandworm hackers pose as hacktivists in water utility breaches
The Sandworm hacking group associated with Russian military intelligence has been hiding attacks and operations behind multiple online personas posing as hacktivist groups. |
April 17, 2024
|
|
Dark Web Monitoring: What's the Value?
Cybersecurity firms commonly sell "dark web monitoring" packages, with firms having slighly different features. Learn from Flare about the different dark web monitoring packages and the value they bring to your organization. |
April 17, 2024
|
|
Multiple botnets exploiting one-year-old TP-Link flaw to hack routers
At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. |
April 17, 2024
|
|
Microsoft: New Copilot app added by Edge doesn’t collect data
Microsoft says the new Copilot app, added by recent Edge updates to the list of installed Windows apps, doesn't collect or relay data to its servers. |
April 17, 2024
|
|
UK e-visa rollout begins today: no more immigration cards for millions
Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border." |
April 16, 2024
|
|
T-Mobile, Verizon workers get texts offering $300 for SIM swaps
Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. |
April 16, 2024
|
|
Cerebral to pay $7 million settlement in Facebook pixel data leak case
The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. |
April 16, 2024
|
|
Ivanti warns of critical flaws in its Avalanche MDM solution
Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. |
April 16, 2024
|
|
Exploit released for Palo Alto PAN-OS bug used in attacks, patch now
Exploit code is now available for a maximum severity and actively exploited vulnerability in Palo Alto Networks' PAN-OS firewall software. |
April 16, 2024
|
|
Google to crack down on third-party YouTube apps that block ads
YouTube announced yesterday that third-party applications that block ads while watching YouTube videos violates its Terms of Service (ToS), and it will soon start taking action against the apps. |
April 16, 2024
|
|
Cisco warns of large-scale brute-force attacks against VPN services
Cisco warns about a large-scale credential brute-forcing campaign targeting VPN and SSH services on Cisco, CheckPoint, Fortinet, SonicWall, and Ubiquiti devices worldwide. |
April 16, 2024
|
|
PuTTY SSH client flaw allows recovery of cryptographic private keys
A vulnerability tracked as CVE-2024-31497 in PuTTY 0.68 through 0.80 could potentially allow attackers with access to 60 cryptographic signatures to recover the private key used for their generation. |
April 16, 2024
|
|
UnitedHealth: Change Healthcare cyberattack caused $872 million loss
UnitedHealth Group reported an $872 million impact on its Q1 earnings due to the ransomware attack disrupting the U.S. healthcare system since February. |
April 16, 2024
|
|
How to make your web apps resistant to social engineering
There are things that you can do to make your web apps more resistant to social engineering. Learn more from Outpost24 on securing your web applications. |
April 15, 2024
|
|
Ransomware gang starts leaking alleged stolen Change Healthcare data
The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. |
April 15, 2024
|
|
New SteganoAmor attacks use steganography to target 320 orgs globally
A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems. |
April 15, 2024
|
|
Microsoft will limit Exchange Online bulk emails to fight spam
Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025. |
April 15, 2024
|
|
Crypto miner arrested for skipping on $3.5 million in cloud server bills
The U.S. Department of Justice has announced the arrest and indictment of Charles O. Parks III, known as "CP3O," for allegedly renting large numbers of cloud servers to conduct crypto mining and then skipping out on paying the bills. |
April 15, 2024
|
|
Chipmaker Nexperia confirms breach after ransomware gang leaks data
Dutch chipmaker Nexperia confirmed late last week that hackers breached its network in March 2024 after a ransomware gang leaked samples of allegedly stolen data. |
April 15, 2024
|
|
Daixin ransomware gang claims attack on Omni Hotels
The Daixin Team ransomware gang claimed a recent cyberattack on Omni Hotels & Resorts and is now threatening to publish customers' sensitive information if a ransom is not paid. |
February 28, 2024
|
|
Anycubic 3D printers hacked worldwide to expose security flaw
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. |
February 28, 2024
|
|
Malicious AI models on Hugging Face backdoor users’ machines
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. |
February 28, 2024
|
|
New executive order bans mass sale of personal data to China, Russia
U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela. |
February 28, 2024
|
|
Rhysida ransomware wants $3.6 million for children’s stolen data
The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. |
February 28, 2024
|
|
Kali Linux 2024.1 released with 4 new tools, UI refresh
Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. |
February 28, 2024
|
|
Ransomware gang claims they stole 6TB of Change Healthcare data
The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. |
February 28, 2024
|
|
LockBit ransomware returns to attacks with new encryptors, servers
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. |
February 28, 2024
|
|
Lazarus hackers exploited Windows zero-day to gain Kernel privileges
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. |
February 28, 2024
|
|
Epic Games: "Zero evidence" we were hacked by Mogilevich gang
Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. |
February 28, 2024
|
|
Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. |
February 28, 2024
|
|
Need to Know: Key Takeaways from the Latest Phishing Attacks
This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. |
February 28, 2024
|
|
Savvy Seahorse gang uses DNS CNAME records to power investor scams
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. |
February 28, 2024
|
|
Registrars can now block all domains that resemble brand names
Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. |
February 27, 2024
|
|
Pharmaceutical giant Cencora says data was stolen in a cyberattack
Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. |
February 27, 2024
|
|
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. |
February 27, 2024
|
|
LabHost cybercrime service lets anyone phish Canadian bank users
The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. |
February 27, 2024
|
|
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. |
February 27, 2024
|
|
Russian hackers hijack Ubiquiti routers to launch stealthy attacks
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners. |
February 27, 2024
|
|
Hessen Consumer Center says systems encrypted by ransomware
The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability. |
February 27, 2024
|
|
Code injected into Tornado Cash on January 1 puts user funds at risk
Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months. |
February 27, 2024
|
|
Windows February 2024 updates fail to install with 0x800F0922 errors
Microsoft says the February 2024 updates fail to install on Windows 11 22H2 and 23H2 systems, with 0x800F0922 errors and downloads stopping at 96%. |
February 26, 2024
|
|
UnitedHealth subsidiary Optum hack linked to BlackCat ransomware
A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation. |
February 26, 2024
|
|
New IDAT loader version uses steganography to push Remcos RAT
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland. |
February 26, 2024
|
|
Mowing down demons: DOOM comes to Husqvarna smart lawnmowers
If you ever wanted to play DOOM on a lawnmower, you will soon have your chance with a new software update coming to Husqvarna's robotic line of lawnmowers this spring. |
February 26, 2024
|
|
White House urges devs to switch to memory-safe programming languages
The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities. |
February 26, 2024
|
|
Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams. |
February 26, 2024
|
|
Russian hackers shift to cloud attacks, US and allies warn
Members of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services. |
February 26, 2024
|
|
Steel giant ThyssenKrupp confirms cyberattack on automotive division
Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort. |
February 26, 2024
|
|
Cybersecurity Training Not Sticking? How to Fix Risky Password Habits
While security training can help create a culture of cybersecurity awareness, it can't be relied upon to consistently change behavior. Learn more from Specops Software about the limitations of training and five ways you can increase password security. |
February 26, 2024
|
|
Hijacked subdomains of major brands used in massive spam campaign
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising. |
February 25, 2024
|
|
LockBit ransomware returns, restores servers after police disruption
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. |
February 25, 2024
|
|
PayPal files patent for new method to detect stolen cookies
PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. |
February 25, 2024
|
|
RCMP investigating cyber attack as its website remains down
The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. |
February 24, 2024
|
|
Apple adds PQ3 quantum-resistant encryption to iMessage
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. |
February 23, 2024
|
|
FTC sues H&R Block over deceptive 'free' online filing ads
The U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services. |
February 23, 2024
|
|
Insomniac Games alerts employees hit by ransomware data breach
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. |
February 23, 2024
|
|
Google Pay app shutting down in US, users have till June to move funds
Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. |
February 23, 2024
|
|
LockBit ransomware gang has over $110 million in unspent bitcoin
The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. |
February 23, 2024
|
|
U-Haul says hacker accessed customer records using stolen creds
U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. |
February 23, 2024
|
|
Windows Photos gets AI magic eraser on Windows 10 and later
Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content. |
February 23, 2024
|
|
UnitedHealth confirms Optum hack behind US healthcare billing outage
Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. |
February 22, 2024
|
|
Microsoft has started testing Wi-Fi 7 support in Windows 11
Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. |
February 22, 2024
|
|
Microsoft now force installing Windows 11 23H2 on eligible PCs
Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. |
February 22, 2024
|
|
Bitwarden’s new auto-fill option adds phishing resistance
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. |
February 22, 2024
|
|
ScreenConnect servers hacked in LockBit ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. |
February 22, 2024
|
|
FTC to ban Avast from selling browsing data for advertising purposes
The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. |
February 22, 2024
|
|
Massive AT&T outage also hits Verizon and T-Mobile customers
Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. |
February 22, 2024
|
|
LockBit ransomware secretly building next-gen encryptor before takedown
LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. |
February 21, 2024
|
|
Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. |
February 21, 2024
|
|
Microsoft finally expands free logging—but only for govt agencies
Microsoft has expanded free Purview Audit logging capabilities for all U.S. federal agencies six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023. |
February 21, 2024
|
|
Hackers abuse Google Cloud Run in massive banking trojan campaign
Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. |
February 21, 2024
|
|
Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. |
February 21, 2024
|
|
New SSH-Snake malware steals SSH keys to spread across the network
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure. |
February 21, 2024
|
|
US govt shares cyberattack defense tips for water utilities
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks |
February 21, 2024
|
|
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software. |
February 21, 2024
|
|
US offers $15 million bounty for info on LockBit ransomware gang
The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates. |
February 20, 2024
|
|
VMware urges admins to remove deprecated, vulnerable auth plug-in
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched. |
February 20, 2024
|
|
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones
A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. |
February 20, 2024
|
|
New Migo malware disables protection features on Redis servers
Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. |
February 20, 2024
|
|
Signal rolls out usernames that let you hide your phone number
End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. |
February 20, 2024
|
|
ConnectWise urges ScreenConnect admins to patch critical RCE flaw
ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks. |
February 20, 2024
|
|
Knight ransomware source code for sale after leak site shuts down
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. |
February 20, 2024
|
|
Ransomware Groups, Targeting Preferences, and the Access Economy
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime. |
February 20, 2024
|
|
Critical infrastructure software maker confirms ransomware attack
PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. |
February 20, 2024
|
|
Police arrest LockBit ransomware members, release decryptor in global crackdown
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation. |
February 19, 2024
|
|
LockBit ransomware disrupted by global police operation
Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos." |
February 19, 2024
|
|
North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government. |
February 19, 2024
|
|
Cactus ransomware claim to steal 1.5TB of Schneider Electric data
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month. |
February 19, 2024
|
|
Over 28,500 Exchange servers vulnerable to actively exploited bug
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. |
February 19, 2024
|
|
Hackers exploit critical RCE flaw in Bricks WordPress site builder
Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites. |
February 19, 2024
|
|
Wyze camera glitch gave 13,000 users a peek into other homes
Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes. |
February 19, 2024
|
|
Anatsa Android malware downloaded 150,000 times via Google Play
The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play. |
February 18, 2024
|
|
Hacker arrested for selling bank accounts of US, Canadian users
Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold it on the dark web. |
February 17, 2024
|
|
KeyTrap attack: Internet access disrupted with one DNS packet
A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period. |
February 17, 2024
|
|
New Google Chrome feature blocks attacks against home networks
Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks. |
February 16, 2024
|
|
ALPHV ransomware claims loanDepot, Prudential Financial breaches
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot. |
February 16, 2024
|
|
Wyze investigating 'security issue' amid ongoing outage
Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning. |
February 16, 2024
|
|
SolarWinds fixes critical RCE bugs in access rights audit solution
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation. |
February 16, 2024
|
|
Alpha ransomware linked to NetWalker operation dismantled in 2021
Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation. |
February 16, 2024
|
|
North Korean hackers now launder stolen crypto via YoMix tumbler
The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds. |
February 15, 2024
|
|
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups. |
February 15, 2024
|
|
Microsoft says it fixed a Windows Metadata server issue that’s still broken
Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. |
February 15, 2024
|
|
US offers up to $15 million for tips on ALPHV ransomware gang
The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders. |
February 15, 2024
|
|
RansomHouse gang automates VMware ESXi attacks with new MrAgent tool
The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors. |
February 15, 2024
|
|
FBI disrupts Moobot botnet used by Russian military hackers
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) in spearphishing and credential theft attacks targeting the United States and its allies. |
February 15, 2024
|
|
OpenAI blocks state-sponsored hackers from using ChatGPT
OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT. |
February 15, 2024
|
|
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched. |
February 15, 2024
|
|
Three critical application security flaws scanners can’t detect
In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security. |
February 15, 2024
|
|
Turla hackers backdoor NGOs with new TinyTurla-NG malware
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data. |
February 15, 2024
|
|
New Qbot malware variant uses fake Adobe installer popup for evasion
The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December. |
February 15, 2024
|
|
New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud
A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access. |
February 14, 2024
|
|
Microsoft: New critical Exchange bug exploited as zero-day
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday. |
February 14, 2024
|
|
LockBit claims ransomware attack on Fulton County, Georgia
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid. |
February 14, 2024
|
|
Zoom patches critical privilege elevation flaw in Windows apps
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network. |
February 14, 2024
|
|
|