Security Alerts Index

Security Threats and Alerts



February 28, 2024
Anycubic 3D printers hacked worldwide to expose security flaw
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.
February 28, 2024
Malicious AI models on Hugging Face backdoor users’ machines
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.
February 28, 2024
New executive order bans mass sale of personal data to China, Russia
U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela.
February 28, 2024
Rhysida ransomware wants $3.6 million for children’s stolen data
The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month.
February 28, 2024
Kali Linux 2024.1 released with 4 new tools, UI refresh
Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes.
February 28, 2024
Ransomware gang claims they stole 6TB of Change Healthcare data
The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform.
February 28, 2024
LockBit ransomware returns to attacks with new encryptors, servers
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption.
February 28, 2024
Lazarus hackers exploited Windows zero-day to gain Kernel privileges
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques.
February 28, 2024
Epic Games: "Zero evidence" we were hacked by Mogilevich gang
Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers.
February 28, 2024
Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware.
February 28, 2024
Need to Know: Key Takeaways from the Latest Phishing Attacks
This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company.
February 28, 2024
Savvy Seahorse gang uses DNS CNAME records to power investor scams
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns.
February 28, 2024
Registrars can now block all domains that resemble brand names
Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names.
February 27, 2024
Pharmaceutical giant Cencora says data was stolen in a cyberattack
Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems.
February 27, 2024
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks.
February 27, 2024
LabHost cybercrime service lets anyone phish Canadian bank users
The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity.
February 27, 2024
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability.
February 27, 2024
Russian hackers hijack Ubiquiti routers to launch stealthy attacks
Russian APT28 military hackers are using compromised Ubiquiti EdgeRouters to evade detection, the FBI says in a joint advisory issued with the NSA, the U.S. Cyber Command, and international partners.
February 27, 2024
Hessen Consumer Center says systems encrypted by ransomware
The Hessen Consumer Center in Germany has been hit with a ransomware attack, causing IT systems to shut down and temporarily disrupting its availability.
February 27, 2024
Code injected into Tornado Cash on January 1 puts user funds at risk
Malicious JavaScript code hidden in a Tornado Cash governance proposal has been leaking deposit notes and data to a private server for almost two months.
February 27, 2024
Windows February 2024 updates fail to install with 0x800F0922 errors
Microsoft says the February 2024 updates fail to install on Windows 11 22H2 and 23H2 systems, with 0x800F0922 errors and downloads stopping at 96%.
February 26, 2024
UnitedHealth subsidiary Optum hack linked to BlackCat ransomware
A cyberattack on UnitedHealth Group subsidiary Optum that led to an ongoing outage impacting the Change Healthcare payment exchange platform was linked to the BlackCat ransomware group by sources familiar with the investigation.
February 26, 2024
New IDAT loader version uses steganography to push Remcos RAT
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan (RAT) onto the systems of a Ukrainian entity operating in Finland.
February 26, 2024
Mowing down demons: DOOM comes to Husqvarna smart lawnmowers
If you ever wanted to play DOOM on a lawnmower, you will soon have your chance with a new software update coming to Husqvarna's robotic line of lawnmowers this spring.
February 26, 2024
White House urges devs to switch to memory-safe programming languages
The White House Office of the National Cyber Director (ONCD) urged tech companies today to switch to memory-safe programming languages, such as Rust, to improve software security by reducing the number of memory safety vulnerabilities.
February 26, 2024
Hackers exploit 14-year-old CMS editor on govt, edu sites for SEO poisoning
Threat actors are exploiting a CMS editor discontinued 14 years ago to compromise education and government entities worldwide to poison search results with malicious sites or scams.
February 26, 2024
Russian hackers shift to cloud attacks, US and allies warn
Members of the Five Eyes (FVEY) intelligence alliance warned today that APT29 Russian Foreign Intelligence Service (SVR) hackers are now switching to attacks targeting their victims' cloud services.
February 26, 2024
Steel giant ThyssenKrupp confirms cyberattack on automotive division
Steel giant ThyssenKrupp confirms that hackers breached systems in its Automotive division last week, forcing them to shut down IT systems as part of its response and containment effort.
February 26, 2024
Cybersecurity Training Not Sticking? How to Fix Risky Password Habits
While security training can help create a culture of cybersecurity awareness, it can't be relied upon to consistently change behavior. Learn more from Specops Software about the limitations of training and five ways you can increase password security.
February 26, 2024
Hijacked subdomains of major brands used in massive spam campaign
A massive ad fraud campaign named "SubdoMailing" is using over 8,000 legitimate internet domains and 13,000 subdomains to send up to five million emails per day to generate revenue through scams and malvertising.
February 25, 2024
LockBit ransomware returns, restores servers after police disruption
The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector.
February 25, 2024
PayPal files patent for new method to detect stolen cookies
PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks.
February 25, 2024
RCMP investigating cyber attack as its website remains down
The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach.
February 24, 2024
Apple adds PQ3 quantum-resistant encryption to iMessage
Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks.
February 23, 2024
FTC sues H&R Block over deceptive 'free' online filing ads
The U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services.
February 23, 2024
Insomniac Games alerts employees hit by ransomware data breach
Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November.
February 23, 2024
Google Pay app shutting down in US, users have till June to move funds
Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts.
February 23, 2024
LockBit ransomware gang has over $110 million in unspent bitcoin
The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation.
February 23, 2024
U-Haul says hacker accessed customer records using stolen creds
U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations.
February 23, 2024
Windows Photos gets AI magic eraser on Windows 10 and later
Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content.
February 23, 2024
UnitedHealth confirms Optum hack behind US healthcare billing outage
Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform.
February 22, 2024
Microsoft has started testing Wi-Fi 7 support in Windows 11
Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations.
February 22, 2024
Microsoft now force installing Windows 11 23H2 on eligible PCs
Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date.
February 22, 2024
Bitwarden’s new auto-fill option adds phishing resistance
The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields.
February 22, 2024
ScreenConnect servers hacked in LockBit ransomware attacks
Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks.
February 22, 2024
FTC to ban Avast from selling browsing data for advertising purposes
The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes.
February 22, 2024
Massive AT&T outage also hits Verizon and T-Mobile customers
Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning.
February 22, 2024
LockBit ransomware secretly building next-gen encryptor before takedown
LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week.
February 21, 2024
Joomla fixes XSS flaws that could expose sites to RCE attacks
Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites.
February 21, 2024
Microsoft finally expands free logging—but only for govt agencies
Microsoft has expanded free Purview Audit logging capabilities for all U.S. federal agencies six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023.
February 21, 2024
Hackers abuse Google Cloud Run in massive banking trojan campaign
Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban.
February 21, 2024
Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million
Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices.
February 21, 2024
New SSH-Snake malware steals SSH keys to spread across the network
A threat actor is using an open-source network mapping tool named SSH-Snake to look for private keys undetected and move laterally on the victim infrastructure.
February 21, 2024
US govt shares cyberattack defense tips for water utilities
CISA, the FBI, and the Environmental Protection Agency (EPA) shared a list of defense measures U.S. water utilities should implement to better defend their systems against cyberattacks
February 21, 2024
ScreenConnect critical bug now under attack as exploit code emerges
Both technical details and proof-of-concept exploits are available for the two vulnerabilities ConnectWise disclosed earlier this week for ScreenConnect, its remote desktop and access software.
February 21, 2024
US offers $15 million bounty for info on LockBit ransomware gang
The U.S. State Department is now also offering rewards of up to $15 million to anyone who can provide information about LockBit ransomware gang members and their associates.
February 20, 2024
VMware urges admins to remove deprecated, vulnerable auth plug-in
VMware urged admins today to remove a discontinued authentication plugin exposed to authentication relay and session hijack attacks in Windows domain environments via two security vulnerabilities left unpatched.
February 20, 2024
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones
A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger.
February 20, 2024
New Migo malware disables protection features on Redis servers
Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency.
February 20, 2024
Signal rolls out usernames that let you hide your phone number
End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy.
February 20, 2024
ConnectWise urges ScreenConnect admins to patch critical RCE flaw
ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution (RCE) attacks.
February 20, 2024
Knight ransomware source code for sale after leak site shuts down
The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation.
February 20, 2024
Ransomware Groups, Targeting Preferences, and the Access Economy
The cybercrime ecosystem has created a supply chain of stolen accounts and breached networks that are used to fuel ransomware attacks and data breaches. Learn more from Flare about how this supply chain has led to an explosion of cybercrime.
February 20, 2024
Critical infrastructure software maker confirms ransomware attack
PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure.
February 20, 2024
Police arrest LockBit ransomware members, release decryptor in global crackdown
Law enforcement arrested two operators of the LockBit ransomware gang in Poland and Ukraine, created a decryption tool to recover encrypted files for free, and seized over 200 crypto-wallets after hacking the cybercrime gang's servers in an international crackdown operation.
February 19, 2024
LockBit ransomware disrupted by global police operation
Law enforcement agencies from 11 countries have disrupted the notorious LockBit ransomware operation in a joint operation known as ''Operation Cronos."
February 19, 2024
North Korean hackers linked to defense sector supply-chain attack
In an advisory today Germany's federal intelligence agency (BfV) and South Korea's National Intelligence Service (NIS) warn of an ongoing cyber-espionage operation targeting the global defense sector on behalf of the North Korean government.
February 19, 2024
Cactus ransomware claim to steal 1.5TB of Schneider Electric data
The Cactus ransomware gang claims they stole 1.5TB of data from Schneider Electric after breaching the company's network last month.
February 19, 2024
Over 28,500 Exchange servers vulnerable to actively exploited bug
Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting.
February 19, 2024
Hackers exploit critical RCE flaw in Bricks WordPress site builder
Hackers are actively exploiting a critical remote code execution (RCE) flaw impacting the Brick Builder Theme to run malicious PHP code on vulnerable sites.
February 19, 2024
Wyze camera glitch gave 13,000 users a peek into other homes
​Wyze shared more details on a security incident that impacted thousands of users on Friday and said that at least 13,000 customers could get a peek into other users' homes.
February 19, 2024
Anatsa Android malware downloaded 150,000 times via Google Play
The Anatsa banking trojan has been targeting users in Europe by infecting Android devices through malware droppers hosted on Google Play.
February 18, 2024
Hacker arrested for selling bank accounts of US, Canadian users
Ukraine's cyber police arrested a 31-year-old for running a cybercrime operation that gained access to bank accounts of American and Canadian users and sold it on the dark web.
February 17, 2024
KeyTrap attack: Internet access disrupted with one DNS packet
A serious vulnerability named KeyTrap in the Domain Name System Security Extensions (DNSSEC) feature could be exploited to deny internet access to applications for an extended period.
February 17, 2024
New Google Chrome feature blocks attacks against home networks
Google is testing a new feature to prevent malicious public websites from pivoting through a user's browser to attack devices and services on internal, private networks.
February 16, 2024
ALPHV ransomware claims loanDepot, Prudential Financial breaches
The ALPHV/Blackcat ransomware gang has claimed responsibility for the recent network breaches of Fortune 500 company Prudential Financial and mortgage lender loanDepot.
February 16, 2024
Wyze investigating 'security issue' amid ongoing outage
Wyze Labs is investigating a security issue while experiencing a service outage that has been causing connectivity issues since this morning.
February 16, 2024
SolarWinds fixes critical RCE bugs in access rights audit solution
SolarWinds has patched five remote code execution (RCE) flaws in its Access Rights Manager (ARM) solution, including three critical severity vulnerabilities that allow unauthenticated exploitation.
February 16, 2024
Alpha ransomware linked to NetWalker operation dismantled in 2021
Security researchers analyzing the Alpha ransomware payload and modus operandi discovered overlaps with the now-defunct Netwalker ransomware operation.
February 16, 2024
North Korean hackers now launder stolen crypto via YoMix tumbler
The North Korean hacker collective Lazarus, infamous for having carried out numerous large-scale cryptocurrency heists over the years, has switched to using YoMix bitcoin mixer to launder stolen proceeds.
February 15, 2024
Zeus, IcedID malware gangs leader pleads guilty, faces 40 years in prison
Ukrainian national Vyacheslav Igorevich Penchukov, one of the heads of the notorious JabberZeus cybercrime gang, has pleaded guilty to charges related to his leadership roles in the Zeus and IcedID malware groups.
February 15, 2024
Microsoft says it fixed a Windows Metadata server issue that’s still broken
Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware.
February 15, 2024
US offers up to $15 million for tips on ALPHV ransomware gang
The U.S. State Department is offering rewards of up to $10 million for information that could lead to the identification or location of ALPHV/Blackcat ransomware gang leaders.
February 15, 2024
RansomHouse gang automates VMware ESXi attacks with new MrAgent tool
The RansomHouse ransomware operation has created a new tool named 'MrAgent' that automates the deployment of its data encrypter across multiple VMware ESXi hypervisors.
February 15, 2024
FBI disrupts Moobot botnet used by Russian military hackers
The FBI took down a botnet of small office/home office (SOHO) routers used by Russia's Main Intelligence Directorate of the General Staff (GRU) in spearphishing and credential theft attacks targeting the United States and its allies.
February 15, 2024
OpenAI blocks state-sponsored hackers from using ChatGPT
OpenAI has removed accounts used by state-sponsored threat groups from Iran, North Korea, China, and Russia, that were abusing its artificial intelligence chatbot, ChatGPT.
February 15, 2024
Over 13,000 Ivanti gateways vulnerable to actively exploited bugs
Thousands of Ivanti Connect Secure and Policy Secure endpoints remain vulnerable to multiple security issues first disclosed more than a month ago and which the vendor gradually patched.
February 15, 2024
Three critical application security flaws scanners can’t detect
In this article, Outpost24 explains three key limitations of automated vulnerability scanners, emphasizing the significance of manual pen testing in enhancing security.
February 15, 2024
Turla hackers backdoor NGOs with new TinyTurla-NG malware
Security researchers have identified and analyzed new malware they call TinyTurla-NG and TurlaPower-NG used by the Russian hacker group Turla to maintain access to a target's network and to steal sensitive data.
February 15, 2024
New Qbot malware variant uses fake Adobe installer popup for evasion
The developer of Qakbot malware, or someone with access to the source code, seems to be experimenting with new builds as fresh samples have been observed in email campaigns since mid-December.
February 15, 2024
New ‘Gold Pickaxe’ Android, iOS malware steals your face for fraud
A new iOS and Android trojan named 'GoldPickaxe' employs a social engineering scheme to trick victims into scanning their faces and ID documents, which are believed to be used to generate deepfakes for unauthorized banking access.
February 14, 2024
Microsoft: New critical Exchange bug exploited as zero-day
Microsoft warned today in an updated security advisory that a critical vulnerability in Exchange Server was exploited as a zero-day before being fixed during this month's Patch Tuesday.
February 14, 2024
LockBit claims ransomware attack on Fulton County, Georgia
The LockBit ransomware gang claims to be behind the recent cyberattack on Fulton County, Georgia, and is threatening to publish "confidential" documents if a ransom is not paid.
February 14, 2024
Zoom patches critical privilege elevation flaw in Windows apps
The Zoom desktop and VDI clients and the Meeting SDK for Windows are vulnerable to an improper input validation flaw that could allow an unauthenticated attacker to conduct privilege escalation on the target system over the network.
February 14, 2024
Microsoft: New critical Outlook RCE bug exploited as zero-day
Microsoft updated a security advisory today to warn that a critical Outlook bug was exploited in attacks as a zero-day before being fixed during this month's Patch Tuesday.
February 14, 2024
Microsoft Exchange update enables Extended Protection by default
Microsoft is automatically enabling Windows Extended Protection on Exchange servers after installing this month's 2024 H1 Cumulative Update (aka CU14).
February 14, 2024
German battery maker Varta halts production after cyberattack
Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants.
February 14, 2024
Ubuntu 'command-not-found' tool can be abused to spread malware
A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users.
February 14, 2024
Trans-Northern Pipelines investigating ALPHV ransomware attack claims
Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang.
February 14, 2024
DuckDuckGo browser gets end-to-end encrypted sync feature
The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices.
February 13, 2024
Prudential Financial breached in data theft cyberattack
Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later.
February 13, 2024
Hackers used new Windows Defender zero-day to drop DarkMe malware
Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT).
February 13, 2024
Windows 10 KB5034763 update released with new fixes, changes
Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA).
February 13, 2024
200,000 Facebook Marketplace user records leaked on hacking forum
A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users.
February 13, 2024
Integris Health says data breach impacts 2.4 million patients
Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people.
February 13, 2024
Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 74 flaws
Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 74 flaws and two actively exploited zero-days.
February 13, 2024
Windows 11 KB5034765 update released with Start Menu fixes
Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu.
February 13, 2024
Hackers steal $290 million in crypto from PlayDapp gaming platform
Hackers are believed to have used a stolen private key to mint and steal over $290 million in PLA tokens, a cryptocurrency used within the PlayDapp ecosystem.
February 13, 2024
Bumblebee malware attacks are back after 4-month break
The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns.
February 13, 2024
5 Steps to Improve Your Security Posture in Microsoft Teams
Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture.
February 12, 2024
Bank of America warns customers of data breach after vendor hack
Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year.
February 12, 2024
FBI seizes Warzone RAT infrastructure, arrests malware vendor
The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation.
February 12, 2024
FCC orders telecom carriers to report PII data breaches within 30 days
Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements.
February 12, 2024
Microsoft tests Windows 11 ‘Super Resolution’ AI-upscaling for gamers
Microsoft is testing a new "Automatic Super Resolution" AI-assisted upscaling feature that increases the video and image quality of supported games while also making them run more smoothly.
February 12, 2024
Ongoing Microsoft Azure account hijacking campaign targets executives
A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives.
February 12, 2024
CISA: Roundcube email server bug now exploited in attacks
CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks.
February 12, 2024
Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor
Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices.
February 12, 2024
Free Rhysida ransomware decryptor for Windows exploits RNG flaw
South Korean researchers have publicly disclosed an encryption flaw in the Rhysida ransomware encryptor, allowing the creation of a Windows decryptor to recover files for free.
February 12, 2024
Ransomware attack forces 18 Romanian hospitals to go offline
At least 18 hospitals in Romania were knocked offline after a ransomware attack took down their healthcare management system.
February 11, 2024
ExpressVPN bug has been leaking some DNS requests for years
ExpressVPN has removed the split tunneling feature from the latest version of its software after finding that a bug exposed the domains users were visiting to configured DNS servers.
February 10, 2024
Raspberry Robin malware evolves with early access to Windows exploits
Recent versions of the Raspberry Robin malware are stealthier and implement one-day exploits that are deployed only on systems that are susceptible to them.
February 10, 2024
UK to replace physical biometric immigration cards with e-visas
By 2025, Britain is set to ditch physical immigration documents like Biometric Residence Permits (BRPs) and Biometric Residence Cards (BRCs) in a bid to make its borders digital, in-line with developed countries like Australia. Understand what these Home Office changes mean for existing BRP and BRC holders, and what you need to do.
February 9, 2024
New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
February 9, 2024
Canada to ban the Flipper Zero to stop surge in car thefts
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
February 9, 2024
Microsoft: Outlook clients not syncing over Exchange ActiveSync
Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update.
February 9, 2024
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
February 9, 2024
Americans lost record $10 billion to fraud in 2023, FTC warns
The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year.
February 8, 2024
New Fortinet RCE flaw in SSL VPN likely exploited in attacks
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.
February 8, 2024
Microsoft fixes Copilot issue blocking Windows 11 upgrades
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems.
February 8, 2024
Hyundai Motor Europe hit by Black Basta ransomware attack
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
February 8, 2024
Ivanti: Patch new Connect Secure auth bypass bug immediately
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
February 8, 2024
Microsoft unveils new 'Sudo for Windows' feature in Windows 11
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals.
February 8, 2024
Android XLoader malware can now auto-execute after installation
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch.
February 8, 2024
US offers $10 million for tips on Hive ransomware leadership
The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.
February 8, 2024
Fake LastPass password manager spotted on Apple’s App Store
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.
February 8, 2024
Data breaches at Viamedis and Almerys impact 33 million in France
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.
February 8, 2024
Google teases a new modern look for sign-in pages, including Gmail
Google is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover.
February 7, 2024
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
February 7, 2024
Facebook ads push new Ov3r_Stealer password-stealing malware
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.
February 7, 2024
Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.
February 7, 2024
Chinese hackers hid in US infrastructure network for 5 years
The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies.
February 7, 2024
Google tests blocking side-loaded Android apps with risky permissions
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
February 7, 2024
Critical Cisco bug exposes Expressway gateways to CSRF attacks
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.
February 7, 2024
No, 3 million electric toothbrushes were not used in a DDoS attack
A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack.
February 7, 2024
Critical flaw in Shim bootloader impacts major Linux distros
A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms.
February 7, 2024
How to Apply Zero Trust to your Active Directory
With cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles.
February 7, 2024
Chinese hackers fail to rebuild botnet after FBI takedown
Chinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States.
February 7, 2024
Ransomware payments reached record $1.1 billion in 2023
Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs.
February 7, 2024
Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error
It turns out that critical Fortinet FortiSIEM vulnerabilities tracked as CVE-2024-23108 and CVE-2024-23109 are not new and have been published this year in error.
February 6, 2024
Chinese hackers infect Dutch military network with malware
A Chinese cyber-espionage group breached the Dutch Ministry of Defence last year and deployed malware on compromised devices, according to the Military Intelligence and Security Service (MIVD) of the Netherlands.
February 6, 2024
Data breach at French healthcare services firm puts millions at risk
French healthcare services firm Viamedis suffered a cyberattack that exposed the data of policyholders and healthcare professionals in the country.
February 6, 2024
JetBrains warns of new TeamCity auth bypass vulnerability
JetBrains urged customers today to patch their TeamCity On-Premises servers against a critical authentication bypass vulnerability that can let attackers take over vulnerable instances with admin privileges.
February 6, 2024
Google says spyware vendors behind most zero-days it discovers
Commercial spyware vendors (CSV) were behind 80% of the zero-day vulnerabilities Google's Threat Analysis Group (TAG) discovered in 2023 and used to spy on devices worldwide.
February 6, 2024
Verizon insider data breach hits over 63,000 employees
Verizon Communications is warning that an insider data breach impacts almost half its workforce, exposing sensitive employee information.
February 6, 2024
Criminal IP ASM: A new cybersecurity listing on Microsoft Azure
AI SPERA, a leader in Cyber Threat Intelligence (CTI)-based solutions, today announced that Criminal IP ASM (Attack Surface Management) is now available on the Microsoft Azure Marketplace.
February 6, 2024
Hackers steal data of 2 million in SQL injection, XSS attacks
A threat group named 'ResumeLooters' has stolen the personal data of over two million job seekers after compromising 65 legitimate job listing and retail sites using SQL injection and cross-site scripting (XSS) attacks.
February 5, 2024
Microsoft Outlook December updates trigger ICS security alerts
Microsoft is investigating an issue that triggers Outlook security alerts when trying to open .ICS calendar files after installing December 2023 Patch Tuesday Office security updates.
February 5, 2024
US announces visa ban on those linked to commercial spyware
Secretary of State Antony J. Blinken announced today a new visa restriction policy that will enable the Department of State to ban those linked to commercial spyware from entering the United States.
February 5, 2024
HPE investigates new breach after data for sale on hacking forum
Hewlett Packard Enterprise (HPE) is investigating a potential new breach after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains HPE credentials and other sensitive information.
February 5, 2024
Newest Ivanti SSRF zero-day now under mass exploitation
An Ivanti Connect Secure and Ivanti Policy Secure server-side request forgery (SSRF) vulnerability tracked as CVE-2024-21893 is currently under mass exploitation by multiple attackers.
February 4, 2024
Microsoft is bringing the Linux sudo command to Windows Server
Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.
February 4, 2024
Leaky Vessels flaws allow hackers to escape Docker, runc containers
Four vulnerabilities collectively called "Leaky Vessels" allow hackers to escape containers and access data on the underlying host operating system.
February 3, 2024
Clorox says cyberattack caused $49 million in expenses
Clorox has confirmed that a September 2023 cyberattack has so far cost the company $49 million in expenses related to the response to the incident.
February 3, 2024
Check if you're in Google Chrome's third-party cookie phaseout test
Google has started testing the phasing out of third-party cookies on Chrome, affecting about 1% of its users or approximately 30 million people. Learn how to check if you are part of the initial test.
February 3, 2024
Mastodon vulnerability allows attackers to take over accounts
Mastodon, the free and open-source decentralized social networking platform, has fixed a critical vulnerability that allows attackers to impersonate and take over any remote account.
February 2, 2024
The Week in Ransomware - February 2nd 2024 - No honor among thieves
Attacks on hospitals continued this week, with ransomware operations disrupting patient care as they force organization to respond to cyberattacks.
February 2, 2024
AnyDesk says hackers breached its production servers, resets passwords
AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack.
February 2, 2024
Lurie Children's Hospital took systems offline after cyberattack
Lurie Children's Hospital in Chicago was forced to take IT systems offline after a cyberattack, disrupting normal operations and delaying medical care in some instances.
February 2, 2024
BTC-e server admin indicted for laundering ransom payments, stolen crypto
Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation.
February 2, 2024
Interpol operation Synergia takes down 1,300 servers used for cybercrime
An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns.
February 1, 2024
FTC orders Blackbaud to boost security after massive data breach
Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people.
February 1, 2024
Cloudflare hacked using auth tokens stolen in Okta attack
Cloudflare disclosed today that its internal Atlassian server was breached by a suspected 'nation state attacker' who accessed its Confluence wiki, Jira bug database, and Bitbucket source code management system.
February 1, 2024
Microsoft fixes connection issue affecting Outlook email apps
Microsoft has fixed a known issue causing desktop and mobile email clients to fail to connect when using Outlook.com accounts.
February 1, 2024
More Android apps riddled with malware spotted on Google Play
An Android remote access trojan (RAT) known as VajraSpy was found in 12 malicious applications, six of which were available on Google Play from April 1, 2021, through September 10, 2023.
February 1, 2024
PurpleFox malware infected thousands of systems in Ukraine
The Computer Emergency Response Team in Ukraine (CERT-UA) is warning about a PurpleFox malware campaign that has infected at least 2,000 computers in the country.
February 1, 2024
Google shares fix for Pixel phones hit by bad system update
Google has shared a temporary fix for owners of Google Pixel devices that were rendered unusable after installing the January 2024 Google Play system update.
February 1, 2024
New Windows Event Log zero-day flaw gets unofficial patches
Free unofficial patches are available for a new Windows zero-day vulnerability dubbed 'EventLogCrasher' that lets attackers remotely crash the Event Log service on devices within the same Windows domain.
February 1, 2024
CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday
CISA has ordered U.S. federal agencies to disconnect all Ivanti Connect Secure and Policy Secure VPN appliances vulnerable to multiple actively exploited bugs before Saturday.
January 31, 2024
Hackers push USB malware payloads via news, media hosting sites
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.
January 31, 2024
Police seize record 50,000 Bitcoin from now-defunct piracy site
The police in Saxony, eastern Germany, have seized 50,000 Bitcoin from the former operator of the pirate site movie2k.to through a voluntary deposit to a state-controlled wallet.
January 31, 2024
Europcar denies data breach of 50 million users, says data is fake
Car rental company Europcar says it has not suffered a data breach and that shared customer data is fake after a threat actor claimed to be selling the personal info of 50 million customers.
January 31, 2024
Exploit released for Android local elevation flaw impacting 7 OEMs
A proof-of-concept (PoC) exploit for a local privilege elevation flaw impacting at least seven Android original equipment manufacturers (OEMs) is now publicly available on GitHub. However, as the exploit requires local access, its release will mostly be helpful to researchers.
January 31, 2024
CISA warns of patched iPhone kernel bug now exploited in attacks
CISA warned today that a patched kernel security flaw affecting Apple iPhones, Macs, TVs, and watches is now being actively exploited in attacks.
January 31, 2024
FBI disrupts Chinese botnet by wiping malware from infected routers
The FBI has disrupted the KV Botnet used by Chinese Volt Typhoon state hackers to evade detection during attacks targeting U.S. critical infrastructure.
January 31, 2024
CISA: Vendors must secure SOHO routers against Volt Typhoon attacks
CISA has urged manufacturers of small office/home office (SOHO) routers to ensure their devices' security against ongoing attacks attempting to hijack them, especially those coordinated by Chinese state-backed hacking group Volt Typhoon (Bronze Silhouette).
January 31, 2024
Johnson Controls says ransomware attack cost $27 million, data stolen
Johnson Controls International has confirmed that a September 2023 ransomware attack cost the company $27 million in expenses and led to a data breach after hackers stole corporate data.
January 31, 2024
Ivanti warns of new Connect Secure zero-day exploited in attacks
Today, Ivanti warned of two more vulnerabilities impacting Connect Secure, Policy Secure, and ZTA gateways, one of them a zero-day bug already under active exploitation.
January 30, 2024
New Linux glibc flaw lets attackers get root on major distros
​Unprivileged attackers can get root access on multiple major Linux distributions in default configurations by exploiting a newly disclosed local privilege escalation (LPE) vulnerability in the GNU C Library (glibc).
January 30, 2024
Online ransomware decryptor helps recover partially encrypted files
CyberArk has created an online version of 'White Phoenix,' an open-source ransomware decryptor targeting operations using intermittent encryption.
January 30, 2024
US charges two more suspects with DraftKing account hacks
​The U.S. Department of Justice arrested and charged two more suspects for their involvement in the hacking of almost 68,000 DraftKings accounts in a November 2022 credential stuffing attack.
January 30, 2024
Vastaamo hacker traced via ‘untraceable’ Monero transactions, police says
Julius Aleksanteri Kivimäki, the suspect believed to be behind an attack against one of Finland's largest psychotherapy clinics, Vastaamo, was allegedly identified by tracing what has been believed to be untraceable Monero transactions.
January 30, 2024
A mishandled GitHub token exposed Mercedes-Benz source code
A mishandled GitHub token gave unrestricted access to Mercedes-Benz's internal GitHub Enterprise Service, exposing source code to the public.
January 30, 2024
Microsoft Teams phishing pushes DarkGate malware via group chats
New phishing attacks abuse Microsoft Teams group chat requests to push malicious attachments that install DarkGate malware payloads on victims' systems.
January 30, 2024
How SMBs can lower their risk of cyberattacks and data breaches
SMBs are attractive targets for cybercriminals as they typically have fewer resources like IT support, and lack robust security procedures, like employee cybersecurity training. Learn more from Specops Software on how SMBs can protect themselves from cyberattacks.
January 30, 2024
Citibank sued over failure to defend customers against hacks, fraud
New York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and refusal to reimburse victims after allowing fraudsters to steal millions from their accounts.
January 30, 2024
Police disrupt Grandoreiro banking malware operation, make arrests
The Federal Police of Brazil and cybersecurity researchers have disrupted the Grandoreiro banking malware operation, which has been targeting Spanish-speaking countries with financial fraud since 2017.
January 29, 2024
Keenan warns 1.5 million people of data breach after summer cyberattack
Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack.
January 29, 2024
45k Jenkins servers exposed to RCE attacks using public exploits
Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation.
January 29, 2024
Energy giant Schneider Electric hit by Cactus ransomware attack
Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter.
January 29, 2024
Microsoft says Outlook apps can’t connect to Outlook.com
Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account.
January 29, 2024
FBI: Tech support scams now use couriers to collect victims' money
​Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams.
January 29, 2024
Ransomware payments drop to record low as victims refuse to pay
The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware.
January 29, 2024
DHS employees jailed for stealing data of 200K U.S. govt workers
Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees.
January 29, 2024
Microsoft Teams hit by second outage in three days
Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days.
January 28, 2024
Exploits released for critical Jenkins RCE flaw, patch now
Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks.
January 27, 2024
The Week in Ransomware - January 26th 2024 - Govts strike back
Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison.
January 27, 2024
Kansas public transportation authority hit by ransomware
The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23.
January 26, 2024
Microsoft releases first Windows Server 2025 preview build
Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program.
January 26, 2024
Microsoft introduces flighting for Windows Server insiders
Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program.
January 26, 2024
Microsoft Teams outage causes connection issues, message delays
Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays.
January 26, 2024
Ukraine: Hack wiped 2 petabytes of data from Russian research center
The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data.
January 26, 2024
Microsoft reveals how hackers breached its Exchange Online accounts
Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign.
January 26, 2024
Role of Wazuh in building a robust cybersecurity architecture
Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions.
January 26, 2024
Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice
The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26.
January 25, 2024
23andMe data breach: Hackers stole raw genotype data, health reports
Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27.
January 25, 2024
Blackwood hackers hijack WPS Office update to install malware
A previously unknown advanced threat actor tracked  as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals.
January 25, 2024
Russian TrickBot malware dev sentenced to 64 months in prison
Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide.
January 25, 2024
iPhone apps abuse iOS push notifications to collect user data
Numerous iOS apps are using background processes triggered by push notifications to collect user data about devices, potentially allowing the creation of fingerprinting profiles used for tracking.
January 25, 2024
Tesla hacked again, 24 more zero-days exploited at Pwn2Own Tokyo
Security researchers hacked the Tesla infotainment system and demoed a total of 24 zero-days on the second day of the Pwn2Own Automotive 2024 hacking competition.
January 25, 2024
Cisco warns of critical RCE flaw in communications software
Cisco is warning that several of its Unified Communications Manager (CM) and Contact Center Solutions products are vulnerable to a critical severity remote code execution security issue.
January 25, 2024
Hackers target WordPress database plugin active on 1 million sites
Malicious activity targeting a critical severity flaw in the 'Better Search Replace' WordPress plugin has been detected, with researchers observing thousands of attempts in the past 24 hours.
January 24, 2024
HPE: Russian hackers breached its security team’s email accounts
Hewlett Packard Enterprise (HPE) disclosed today that suspected Russian hackers known as Midnight Blizzard gained access to the company's Microsoft Office 365 email environment to steal data from its cybersecurity team and other departments.
January 24, 2024
VexTrio TDS: Inside a massive 70,000-domain cybercrime operation
A previously unknown traffic distribution system (TDS) named 'VexTrio' has been active since at least 2017, aiding 60 affiliates in their cybercrime operations through a massive network of 70,000 sites.
January 24, 2024
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
January 24, 2024
UK says AI will empower ransomware over the next two years
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.
January 24, 2024
Global fintech firm EquiLend offline after recent cyberattack
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack.
January 24, 2024
Google Pixel phones unusable after January 2024 system update
Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps.
January 24, 2024
How to secure AD passwords without sacrificing end-user experience
To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. Learn more from Specops Software on an alternative approach that supports security and end-user experience at the same time.
January 24, 2024
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
January 24, 2024
Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugs
Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues.
January 24, 2024
Microsoft: Recent updates cause Sysprep Windows validation errors
Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates.
January 23, 2024
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
January 23, 2024
Water services giant Veolia North America hit by ransomware attack
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.
January 23, 2024
Trello API abused to link email addresses to 15 million accounts
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
January 23, 2024
X adds passkeys support for iOS users in the United states
X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys.
January 23, 2024
Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.
January 23, 2024
Windows 10 KB5034203 preview update adds EU DMA compliance
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6.
January 23, 2024
Jason’s Deli says customer data exposed in credential stuffing attack
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks.
January 23, 2024
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
January 23, 2024
Australia sanctions REvil hacker behind Medibank data breach
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group.
January 22, 2024
SEC confirms X account was hacked in SIM swapping attack
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.
January 22, 2024
Cracked macOS apps drain wallets using scripts fetched from DNS records
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts.
January 22, 2024
FTC orders Intuit to stop pushing "free" software that isn't really free
Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as "free" unless they're actually free for all consumers.
January 22, 2024
Malicious web redirect scripts stealth up to hide on hacked sites
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms.
January 22, 2024
Apple fixes first zero-day bug exploited in attacks this year
Apple released security updates to address this year's first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and Apple TVs.
January 22, 2024
Ivanti: VPN appliances vulnerable if pushing configs after mitigation
Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable to ongoing attacks exploiting two zero-day vulnerabilities.
January 22, 2024
loanDepot says ransomware gang stole data of 16.6 million people
Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier this month.
January 22, 2024
Trezor support site breach exposes personal data of 66,000 customers
Trezor issued an alert following a security breach on January 17, 2024, when unauthorized access was gained to their third-party support ticketing portal.
January 22, 2024
Hackers start exploiting critical Atlassian Confluence RCE flaw
Security researchers are observing exploitation attempts for the CVE-2023-22527 remote code execution flaw vulnerability that affects outdated versions of Atlassian Confluence servers.
January 21, 2024
Tietoevry ransomware attack causes outages for Swedish firms, cities
Finnish IT services and enterprise cloud hosting provider Tietoevry has suffered a ransomware attack impacting cloud hosting customers in one of its data centers in Sweden, with the attack reportedly conducted by the Akira ransomware gang.
January 21, 2024
Watch out for "I can't believe he is gone" Facebook phishing posts
A widespread Facebook phishing campaign stating, "I can't believe he is gone. I'm gonna miss him so much," leads unsuspecting users to a website that steals your Facebook credentials.
January 21, 2024
Brave to end 'Strict' fingerprinting protection as it breaks websites
Brave Software has announced plans to deprecate the 'Strict' fingerprinting protection mode in its privacy-focused Brave Browser because it causes many sites to function incorrectly.
January 20, 2024
Court charges dev with hacking after cybersecurity issue disclosure
A German court has charged a programmer investigating an IT problem with hacking and fined them €3,000 ($3,265) for what it deemed was unauthorized access to external computer systems and spying on data.
January 20, 2024
Researchers link 3AM ransomware to Conti, Royal cybercrime gangs
Security researchers analyzing the activity of the recently emerged 3AM ransomware operation uncovered close connections with infamous groups, such as the Conti syndicate and the Royal ransomware gang.
January 20, 2024
Meta won't remove fake Instagram profiles used for obvious catfishing
Meta seems to be falling short of effectively tackling fake Instagram profiles even when there are sufficient signs to indicate that a profile is misusing someone else's photos and identity.
January 19, 2024
Russian hackers stole Microsoft corporate emails in month-long breach
Microsoft disclosed Friday night that some of its corporate email accounts were breached and data stolen by the Russian state-sponsored hacking group Midnight Blizzard.
January 19, 2024
BreachForums hacking forum admin sentenced to 20 years supervised release
Conor Brian Fitzpatrick was sentenced to 20 years of supervised release today in the Eastern District of Virginia for operating the notorious BreachForums hacking forum, known for the sale and leaking of personal data for hundreds of millions of people worldwide.
January 19, 2024
Payoneer accounts in Argentina hacked in 2FA bypass attacks
Numerous Payoneer users in Argentina report waking up to find that their 2FA-protected accounts were hacked and funds stolen after receiving SMS OTP codes while they were sleeping.
January 19, 2024
CISA emergency directive: Mitigate Ivanti zero-days immediately
CISA issued this year's first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect Secure and Ivanti Policy Secure zero-day flaws in response to widespread and active exploitation by multiple threat actors.
January 19, 2024
FTC bans one more data broker from selling your location info
The U.S. Federal Trade Commission (FTC) continues to target data brokers, this time in a settlement with InMarket Media, which bans the company from selling Americans' precise location data.
January 19, 2024
Chinese hackers exploit VMware bug as zero-day for two years
A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late 2021.
January 19, 2024
Vans, North Face owner says ransomware breach affects 35 million people
VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35 million customers had their personal information stolen in a December ransomware attack.
January 19, 2024
VMware confirms critical vCenter flaw now exploited in attacks
VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation.
January 18, 2024
TeamViewer abused to breach networks in new ransomware attacks
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.
January 18, 2024
CISA: Critical Ivanti auth bypass bug now actively exploited
CISA warns that a critical authentication bypass vulnerability in Ivanti's Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now under active exploitation.
January 18, 2024
Microsoft tests instant access to Android photos in Windows 11
Microsoft plans to provide Windows 11 users with almost instant access to photos and screenshots they've taken on their Android smartphones.
January 18, 2024
Kansas State University cyberattack disrupts IT network and services
Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services on Canvas and Mediasite.
January 18, 2024
Haier hits Home Assistant plugin dev with takedown notice
Appliances giant Haier reportedly issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company's home appliances and releasing them on GitHub.
January 18, 2024
US govt wants BreachForums admin sentenced to 15 years in prison
The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of 15 years in prison.
January 18, 2024
Credentials are Still King: Leaked Credentials, Data Breaches and Dark Web Markets
Learn how threat actors utilize credentials to break into privileged IT infrastructure to create data breaches and distribute ransomware.
January 18, 2024
Google: Russian FSB hackers deploy new Spica backdoor malware
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool.
January 18, 2024
Docker hosts hacked in ongoing website traffic theft scheme
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy.
January 18, 2024
Jira down: Atlassian outage affecting multiple cloud services
Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira Product Discovery are facing connection issues.
January 17, 2024
Have I Been Pwned adds 71 million emails from Naz.API stolen account list
Have I Been Pwned has added almost 71 million email addresses associated with stolen accounts in the Naz.API dataset to its data breach notification service.
January 17, 2024
Microsoft: Iranian hackers target researchers with new MediaPl malware
Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe and the United States in spearphishing attacks pushing new backdoor malware.
January 17, 2024
Bigpanzi botnet infects 170,000 Android TV boxes with malware
A previously unknown cybercrime syndicate named 'Bigpanzi' has been making significant money by infecting Android TV and eCos set-top boxes worldwide since at least 2015.
January 17, 2024
CISA pushes federal agencies to patch Citrix RCE within a week
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks.
January 17, 2024
iShutdown scripts can help detect iOS spyware on your iPhone
Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log file that stores reboot events.
January 17, 2024
AMD, Apple, Qualcomm GPUs leak AI data in LeftoverLocals attacks
A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space.
January 17, 2024
Wazuh: Building robust cybersecurity architecture with open source tools
Open source solutions allow organizations to customize and adapt their cybersecurity infrastructure to their specific needs. Learn more from @wazuh on building open source cybersecurity infrastructure.
January 16, 2024
GitHub rotates keys to mitigate impact of credential-exposing flaw
GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables.
January 16, 2024
MacOS info-stealers quickly evolve to evade XProtect detection
Multiple information stealers for the macOS platform have demonstrated the capability to evade detection even when security companies follow and report about new variants frequently.
January 16, 2024
Citrix warns of new Netscaler zero-days exploited in attacks
Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day vulnerabilities.
January 16, 2024
Google fixes first actively exploited Chrome zero-day of 2024
Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of the year.
January 16, 2024
Majorca city Calvià extorted for $11M in ransomware attack
The Calvià City Council in Majorca announced it was targeted by a ransomware attack on Saturday, which impacted municipal services.
January 16, 2024
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials
CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential theft and using the stolen information to deliver additional malicious payloads.
January 16, 2024
PixieFail flaws impact PXE network boot in enterprise systems
A set of nine vulnerabilities, collectively called 'PixieFail,' impact the IPv6 network protocol stack of Tianocore's EDK II, the open-source reference implementation of the UEFI specification widely used in enterprise computers and servers.
January 16, 2024
Atlassian warns of critical RCE flaw in older Confluence versions
Atlassian Confluence Data Center and Confluence Server are vulnerable to a critical remote code execution (RCE) vulnerability that impacts versions released before December 5, 2023, including out-of-support releases.
January 16, 2024
The Dual Role AI Plays in Cybersecurity: How to Stay Ahead
AI presents significant advantages for organizations, but it's also being exploited to amplify and intensify cyberattacks. Learn more from Outpost24 about how hackers are harnessing the power of AI.
January 15, 2024
Ivanti Connect Secure zero-days now under mass exploitation
Two zero-day vulnerabilities affecting Ivanti's Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass exploitation.
January 15, 2024
Windows Copilot autostart tests limited to 27" displays or larger
Microsoft says that tests of a controversial new Windows 11 feature that automatically opens the AI-powered Copilot assistant after Windows starts are limited to systems with 27-inch displays.
January 15, 2024
US court docs expose fake antivirus renewal phishing tactics
In a seizure warrant application, the U.S. Secret Service sheds light on how threat actors stole $34,000 using fake antivirus renewal subscription emails.
January 15, 2024
Microsoft working on a fix for Windows 10 0x80070643 errors
Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the CVE-2024-20666 BitLocker vulnerability.
January 15, 2024
Windows SmartScreen flaw exploited to drop Phemedrone malware
A Phemedrone information-stealing malware campaign exploits a Microsoft Defender SmartScreen vulnerability (CVE-2023-36025) to bypass Windows security prompts when opening URL files.
January 15, 2024
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks
Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service (DoS) and potential remote code execution (RCE) attacks.
January 15, 2024
Latest Adblock update causes massive YouTube performance hit
Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension.
January 14, 2024
The new Windows 11 features coming in 2024
Windows 11 is gearing up to introduce an array of exciting new features in 2024 aimed at enhancing user experience across various aspects of the operating system.
January 14, 2024
GrapheneOS: Frequent Android auto-reboots block firmware exploits
GrapheneOS, a privacy and security-focused Android-based operating system, has posted a series of tweets on X suggesting that Android should introduce frequent auto-reboots to make it harder for forensic software vendors to exploit firmware flaws and spy on the users.
January 14, 2024
Save up to $315 on data privacy tools with AdGuard VPN
A VPN is the first defense you have again ISP throttling, commercial data trackers, and malicious actors. AdGuard VPN has three deals to choose from now through January 14th.
January 13, 2024
Hacker spins up 1 million virtual servers to illegally mine crypto
A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. 
January 12, 2024
The Week in Ransomware - January 12th 2024 - Targeting homeowners' data
Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.
January 12, 2024
CISA: Critical Microsoft SharePoint bug now actively exploited
CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.
January 12, 2024
GitLab warns of critical zero-click account hijacking vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
January 12, 2024
Juniper warns of critical RCE bug in its firewalls and switches
Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.
January 12, 2024
Ivanti Connect Secure zero-days exploited to deploy custom malware
Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.
January 11, 2024
Major T-Mobile outage takes down account access, mobile app
A major T-Mobile outage is preventing customers from logging into their accounts and using the company's mobile app.
January 11, 2024
Framework discloses data breach after accountant gets phished
Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack.
January 11, 2024
Over 150k WordPress sites at takeover risk via vulnerable plugin
Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.
January 11, 2024
Halara probes breach after hacker leaks data for 950,000 people
Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.
January 11, 2024
Microsoft testing Windows 11 USB 80Gbps support, Copilot on login
Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables.
January 11, 2024
Bitwarden adds passkey support to log into web password vaults
The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs.
January 11, 2024
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.
January 11, 2024
New Balada Injector campaign infects 6,700 WordPress sites
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.
January 11, 2024
Finland warns of Akira ransomware wiping NAS and tape backup devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
January 10, 2024
Mandiant's X account hacked by crypto Drainer-as-a-Service gang
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."
January 10, 2024
Cisco says critical Unity Connection bug lets attackers get root
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.
January 10, 2024
Fidelity National Financial: Hackers stole data of 1.3 million people
Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers.
January 10, 2024
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack
A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator.
January 10, 2024
Ivanti warns of Connect Secure zero-days exploited in attacks
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways.
January 10, 2024
Fake 401K year-end statements used to steal corporate credentials
Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.
January 10, 2024
Windows 10 KB5034441 security update fails with 0x80070643 errors
Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker.
January 10, 2024
Microsoft Exchange 2019 has reached end of mainstream support
Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023.
January 10, 2024
ShinyHunters member gets 3 years in prison for breaching 60 firms
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000.
January 9, 2024
Nigerian gets 10 years for laundering millions stolen from elderly
A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes.
January 9, 2024
US SEC’s X account hacked to announce fake Bitcoin ETF approval
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges.
January 9, 2024
China claims it cracked Apple's AirDrop to find numbers, email addresses
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.
January 9, 2024
Ransomware victims targeted by fake hack-back offers
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.
January 9, 2024
FTC bans data broker from selling Americans’ location data
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes.
January 9, 2024
Windows 10 KB5034122 update released with fix for shut down bug
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season.
January 9, 2024
CISA warns agencies of fourth flaw used in Triangulation spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
January 9, 2024
Microsoft January 2024 Patch Tuesday fixes 49 flaws, 12 RCE bugs
Today is Microsoft's January 2024 Patch Tuesday, which includes security updates for a total of 49 flaws and 12 remote code execution vulnerabilities.
January 9, 2024
Windows 11 KB5034123 update released with security and Wi-Fi fixes
Microsoft has released the Windows 11 KB5034123 cumulative update for versions 23H2 and 22H2 to fix a variety of issues, including a potential Wi-Fi bug that was fixed in a KIR last month.
January 9, 2024
Hackers target Microsoft SQL servers in Mimic ransomware attacks
A group of financially motivated Turkish hackers targets Microsoft SQL (MSSQL) servers worldwide to encrypt the victims' files with Mimic (N3ww4v3) ransomware.
January 9, 2024
Decryptor for Babuk ransomware variant released after hacker arrested
Researchers from Cisco Talos working with the Dutch police obtained a decryption tool for the Tortilla variant of Babuk ransomware and shared intelligence that led to the arrest of the ransomware's operator.
January 9, 2024
Paraguay warns of Black Hunt ransomware attacks after Tigo Business breach
The Paraguay military is warning of Black Hunt ransomware attacks after Tigo Business suffered a cyberattack last week impacting cloud and hosting services in the company's business division.
January 9, 2024
Criminal IP and Tenable Partner for Swift Vulnerability Detection
Cyber Threat Intelligence (CTI) search engine Criminal IP has established a technical partnership with Tenable. Learn more from Criminal IP about how this partnership can assist in real-time vulnerability and maliciousness scans.
January 9, 2024
Google Search bug shows blank page in Firefox for Android
Users of the Firefox browser for Android have been reporting that they are seeing a blank page when trying to load the main Google Search site.
January 9, 2024
The best Windows 11 features added in 2023
The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more.
January 8, 2024
The best Windows 11 features added in 2023
The year 2023 marks a significant milestone for Windows 11 with the introduction of several new features and improvements. This includes drag and drop for the taskbar, AI, and more.
January 8, 2024
Toronto Zoo: Ransomware attack had no impact on animal wellbeing
Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations.
January 8, 2024
Toronto Zoo: Ransomware attack had no impact on animal wellbeing
Toronto Zoo, the largest zoo in Canada, says that a ransomware attack that hit its systems on early Friday had no impact on the animals, its website, or its day-to-day operations.
January 8, 2024
Netgear, Hyundai latest X accounts hacked to push crypto drainers
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
January 8, 2024
Netgear, Hyundai latest X accounts hacked to push crypto drainers
The official Netgear and Hyundai MEA Twitter/X accounts (together with over 160,000 followers) are the latest hijacked to push scams designed to infect potential victims with cryptocurrency wallet drainer malware.
January 8, 2024
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos
The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites.
January 8, 2024
Turkish hackers Sea Turtle expand attacks to Dutch ISPs, telcos
The Turkish state-backed cyber espionage group tracked as Sea Turtle has been carrying out multiple spying campaigns in the Netherlands, focusing on telcos, media, internet service providers (ISPs), and Kurdish websites.
January 8, 2024
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only
The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app.
January 8, 2024
Twilio will ditch its Authy desktop 2FA app in August, goes mobile only
The Authy desktop apps for Windows, macOS, and Linux will be discontinued in August 2024, with the company recommending users switch to a mobile version of the two-factor authentication (2FA) app.
January 8, 2024
US mortgage lender loanDepot confirms ransomware attack
​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.
January 8, 2024
US mortgage lender loanDepot confirms ransomware attack
​Leading U.S. mortgage lender loanDepot confirmed today that a cyber incident disclosed over the weekend was a ransomware attack that led to data encryption.
January 8, 2024
Capital Health attack claimed by LockBit ransomware, risk of data leak
The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.
January 8, 2024
Capital Health attack claimed by LockBit ransomware, risk of data leak
The Lockbit ransomware operation has claimed responsibility for a November 2023 cyberattack on the Capital Health hospital network and threatens to leak stolen data and negotiation chats by tomorrow.
January 8, 2024
Securing helpdesks from hackers: What we can learn from the MGM breach
In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents.
January 8, 2024
Securing helpdesks from hackers: What we can learn from the MGM breach
In the wake of the MGM Resorts service desk hack, it's clear that organizations need to rethink their approach to securing their help desks. Learn more from Specops Software on how to prevent such incidents.
January 7, 2024
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans.
January 7, 2024
Mortgage firm loanDepot cyberattack impacts IT systems, payment portal
U.S. mortgage lender loanDepot has suffered a cyberattack that caused the company to take IT systems offline, preventing online payments against loans.
January 7, 2024
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains.
January 7, 2024
Stealthy AsyncRAT malware attacks targets US infrastructure for 11 months
A campaign delivering the AsyncRAT malware to select targets has been active for at least the past 11 months, using hundreds of unique loader samples and more than 100 domains.
January 7, 2024
KyberSlash attacks put quantum encryption projects at risk
Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys.
January 7, 2024
KyberSlash attacks put quantum encryption projects at risk
Multiple implementations of the Kyber key encapsulation mechanism for quantum-safe encryption, are vulnerable to a set of flaws collectively referred to as KyberSlash, which could allow the recovery of secret keys.
January 6, 2024
Google: Malware abusing API is standard token theft, not an API issue
Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
January 6, 2024
Google: Malware abusing API is standard token theft, not an API issue
Google is downplaying reports of malware abusing an undocumented Google Chrome API to generate new authentication cookies when previously stolen ones have expired.
January 6, 2024
X users fed up with constant stream of malicious crypto ads
Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.
January 6, 2024
X users fed up with constant stream of malicious crypto ads
Cybercriminals are abusing X advertisements to promote websites that lead to crypto drainers, fake airdrops, and other scams.
January 5, 2024
The Week in Ransomware - January 5th 2024 - Secret decryptors
With it being the first week of the New Year and some still away on vacation, it has been slow with ransomware news, attacks, and new information.
January 5, 2024
US charged 19 suspects linked to xDedic cybercrime marketplace
The U.S. Department of Justice announced the end of a transnational investigation into the dark web xDedic cybercrime marketplace, charging 19 suspects for their involvement in running and using the market's services.
January 5, 2024
BreachForums admin jailed again for using a VPN, unmonitored PC
The administrator behind the notorious BreachForums hacking forum has been arrested again for breaking pretrial release conditions, including using an unmonitored computer and a VPN.
January 5, 2024
Hackers target Apache RocketMQ servers vulnerable to RCE attacks
Security researchers are detecting hundreds of IP addresses on a daily basis that scan or attempt to exploit Apache RocketMQ services vulnerable to a remote command execution flaw identified as CVE-2023-33246 and CVE-2023-37582.
January 5, 2024
Web3 security firm CertiK's X account hacked to push crypto drainer
The Twitter/X account of blockchain security firm CertiK was hijacked today to redirect the company's more than 343,000 followers to a malicious website pushing a cryptocurrency wallet drainer.
January 5, 2024
Memorial University recovers from cyberattack, delays semester start
The Memorial University of Newfoundland (MUN) continues to deal with the effects of a cyberattack that occurred in late December and postponed the start of classes in one campus.
January 5, 2024
Update your white hat hacking skills with $70 off this training bundle
Aggressively pursuing flaws and problems is the most effective way to ensure networks and data are secure. This 10-course ethical hacking bundle shows you how for $39.99, $70 off the $110 MSRP.
January 5, 2024
Crypto wallet founder loses $125,000 to fake airdrop website
A crypto wallet service co-founder shares with the world his agony after losing $125,000 to a crypto scam. The startup CEO, who at the time believed he was on a legitimate cryptocurrency airdrop website, realized after his loss that the domain he'd went on was setup for the purposes of phishing unsuspecting users.
January 4, 2024
Ivanti warns critical EPM bug lets hackers hijack enrolled devices
Ivanti fixed a critical remote code execution (RCE) vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers hijack enrolled devices or the core server.
January 4, 2024
Russian hackers wiped thousands of systems in KyivStar attack
The Russian hackers behind a December breach of Kyivstar, Ukraine's largest telecommunications service provider, have wiped all systems on the telecom operator's core network.
January 4, 2024
Hackers hijack govt and business accounts on X for crypto scams
Hackers are increasingly targeting verified accounts on X (formerly Twitter) belonging to government and business profiles and marked with 'gold' and 'grey' checkmarks to promote cryptocurrency scams.
January 4, 2024
Zeppelin ransomware source code sold for $500 on hacking forum
A threat actor announced on a cybercrime forum that they sold the source code and a cracked version of the Zeppelin ransomware builder for just $500.
January 4, 2024
FTC offers $25,000 prize for detecting AI-enabled voice cloning
The U.S. Federal Trade Commission (FTC) has started accepting submissions for its Voice Cloning Challenge, a public competition with a $25,000 top prize for ideas that protect consumers from the danger of AI-enabled voice cloning for fraudulent activity.
January 4, 2024
'everything' blocks devs from removing their own npm packages
Over the holidays, the npm package registry was flooded with more than 3,000 packages, including one called "everything," and others named a variation of the word. These 3,000+ packages make it impossible for all npm authors to unpublish their packages from the registry.
January 3, 2024
Mandiant's Twitter account hacked to push cryptocurrency scam
The Twitter account of American cybersecurity firm and Google subsidiary Mandiant was hijacked earlier today to impersonate the Phantom crypto wallet and share a cryptocurrency scam.
January 3, 2024
Hacker hijacks Orange Spain RIPE account to cause BGP havoc
Orange Spain suffered an internet outage today after a hacker breached the company's RIPE account to misconfigure BGP routing and an RPKI configuration.
January 3, 2024
Nigerian hacker arrested for stealing $7.5M from charities
A Nigerian national was arrested in Ghana and is facing charges related to business email compromise (BEC) attacks that caused a charitable organization in the United States to lose more than $7.5 million.
January 3, 2024
PornHub blocks North Carolina, Montana over new age verification laws
Adult media giant Aylo has blocked access to many of its websites, including PornHub, to visitors from Montana and North Caroline as new age verifications laws go into effect.
January 3, 2024
LastPass now requires 12-character master passwords for better security
LastPass notified customers today that they are now required to use complex master passwords with a minimum of 12 characters to increase their accounts' security.
January 3, 2024
Data breach at healthcare tech firm impacts 4.5 million patients
HealthEC LLC, a provider of health management solutions, suffered a data breach that impacts close to 4.5 million individuals who received care through one of the company's customers.
January 3, 2024
Nearly 11 million SSH servers vulnerable to new Terrapin attacks
Almost 11 million internet-exposed SSH servers are vulnerable to the Terrapin attack that threatens the integrity of some SSH connections.
January 3, 2024
CISA warns of actively exploited bugs in Chrome and Excel parsing library
The U.S. Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to the Known Exploited Vulnerabilities catalog, a recently patched flaw in Google Chrome and a bug affecting an open-source Perl library for reading information in an Excel file called Spreadsheet::ParseExcel.
January 2, 2024
Steam drops support for Windows 7 and 8.1 to boost security
Steam is no longer supported on Windows 7, Windows 8, and Windows 8.1 as of January 1, with the company recommending users upgrade to a newer operating system.
January 2, 2024
Orbit Chain loses $86 million in the last fintech hack of 2023
Orbit Chain has experienced a security breach that has resulted in a loss of $86 million in cryptocurrency, particularly Ether, Dai, Tether, and USD Coin.
January 2, 2024
Online museum collections down after cyberattack on service provider
Museum software solutions provider Gallery Systems has disclosed that its ongoing IT outages were caused by a ransomware attack last week.
January 2, 2024
Xerox says subsidiary XBS U.S. breached after ransomware gang leaks data
The U.S. division of Xerox Business Solutions (XBS) has been compromised by hackers, and a limited amount of personal information might have been exposed, according to an announcement by the parent company, Xerox Corporation.
January 2, 2024
Google Groups is ending support for Usenet to combat spam
Google has officially announced it's ceasing support for Usenet groups on its Google Groups platform, a move partly attributed to the platform's increasing struggle with spam content.
January 2, 2024
Victoria court recordings exposed in reported ransomware attack
Australia's Court Services Victoria (CSV) is warning that video recordings of court hearings were exposed after suffering a reported Qilin ransomware attack.
January 1, 2024
The law enforcement operations targeting cybercrime in 2023
In 2023, we saw numerous law enforcement operations targeting cybercrime operations, including cryptocurrency scams, phishing attacks, credential theft, malware development, and ransomware attacks.
January 1, 2024
The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
December 31, 2023
Android game dev’s Google Drive misconfig highlights cloud security risks
Japanese game developer Ateam has proven that a simple Google Drive configuration mistake can result in the potential but unlikely exposure of sensitive information for nearly one million people over a period of six years and eight months.
December 30, 2023
New Black Basta decryptor exploits ransomware flaw to recover files
Researchers have created a decryptor that exploits a flaw in Black Basta ransomware, allowing victims to recover their files for free.
December 29, 2023
The Week in Ransomware - December 29th 2023 - LockBit targets hospitals
It's been a quiet week, with even threat actors appearing to take some time off for the holidays. We did not see much research released on ransomware this week, with most of the news focusing on new attacks and LockBit affiliates increasingly targeting hospitals.
December 29, 2023
Hospitals ask courts to force cloud storage firm to return stolen data
Two not-for-profit hospitals in New York are seeking a court order to retrieve data stolen in an August ransomware attack that's now stored on the servers of a Boston cloud storage company.
December 29, 2023
Malware abuses Google OAuth endpoint to ‘revive’ cookies, hijack accounts
Multiple information-stealing malware families are abusing an undocumented Google OAuth endpoint named "MultiLogin" to restore expired authentication cookies and log into users' accounts, even if an account's password was reset.
December 28, 2023
Game mod on Steam breached to push password-stealing malware
Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.
December 28, 2023
Eagers Automotive halts trading in response to cyberattack
Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident.
December 28, 2023
EasyPark discloses data breach that may impact millions of users
Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users.
December 28, 2023
Microsoft disables MSIX protocol handler abused in malware attacks
Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.
December 28, 2023
Kroll reveals FTX customer info exposed in August data breach
Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants.
December 28, 2023
Russian military hackers target Ukraine with new MASEPIE malware
Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.
December 28, 2023
Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers
A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.
December 28, 2023
Blockchain dev's wallet emptied in "job interview" using npm package
A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied.
December 27, 2023
Ohio Lottery hit by cyberattack claimed by DragonForce ransomware
The Ohio Lottery was forced to shut down some key systems after a cyberattack affected an undisclosed number of internal applications on Christmas Eve.
December 27, 2023
Lockbit ransomware disrupts emergency care at German hospitals
German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions were caused by a Lockbit ransomware attack where the threat actors gained access to IT systems and encrypted devices on the network.
December 27, 2023
Mortgage firm LoanCare warns 1.3 million people of data breach
Mortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial.
December 27, 2023
Panasonic discloses data breach after December 2022 cyberattack
Panasonic Avionics Corporation, a leading supplier of in-flight communications and entertainment systems, disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago, in December 2022.
December 27, 2023
New Xamalicious Android malware installed 330k times on Google Play
A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store.
December 27, 2023
iPhone Triangulation attack abused undocumented hardware feature
The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.
December 27, 2023
Barracuda fixes new ESG zero-day exploited by Chinese hackers
Network and email security firm Barracuda says it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers.
December 27, 2023
Yakult Australia confirms 'cyber incident' after 95 GB data leak
Yakult Australia, manufacturer of a probiotic milk drink, has confirmed experiencing a "cyber incident" in a statement to BleepingComputer. Both the company's Australian and New Zealand IT systems have been affected. Cybercrime actor DragonForce which claimed responsibility for the attack has also leaked 95 GB of data.
December 26, 2023
GitHub warns users to enable 2FA before upcoming deadline
GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts.
December 26, 2023
Integris Health patients get extortion emails after cyberattack
Integris Health patients in Oklahoma are receiving blackmail emails stating that their data was stolen in a cyberattack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors.
December 25, 2023
GTA 5 source code reportedly leaked online a year after RockStar hack
​The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data.
December 24, 2023
Google Chrome now scans for compromised passwords in the background
Google says the Chrome Safety Check feature will work in the background to check if passwords saved in the web browser have been compromised.
December 23, 2023
‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks
A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices.
December 22, 2023
Mint Mobile discloses new data breach exposing customer data
Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks.
December 22, 2023
The Week in Ransomware - December 22nd 2023 - BlackCat hacked
Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action.
December 22, 2023
Ubisoft says it's investigating reports of a new security breach
Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online.
December 22, 2023
Nissan Australia cyberattack claimed by Akira ransomware gang
Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan.
December 22, 2023
Europol warns 443 online shops infected with credit card stealers
Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases.
December 22, 2023
Fake VPN Chrome extensions force-installed 1.5 million times
Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers.
December 21, 2023
Crypto drainer steals $59 million from 63k people in Twitter ad push
Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months.
December 21, 2023
Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence
Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced to life in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI.
December 21, 2023
Microsoft: Hackers target defense firms with new FalseFont malware
Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide.
December 21, 2023
Title insurance giant First American offline after cyberattack
First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack.
December 21, 2023
Microsoft deprecates Defender Application Guard for some Edge users
Microsoft is deprecating Defender Application Guard (including the Windows Isolated App Launcher APIs) for Edge for Business users.
December 21, 2023
OpenAI rolls out imperfect fix for ChatGPT data leak flaw
OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL.
December 21, 2023
BidenCash darkweb market gives 1.9 million credit cards for free
The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals.
December 21, 2023
Android malware Chameleon disables Fingerprint Unlock to steal PINs
The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs.
December 20, 2023
Fake F5 BIG-IP zero-day warning emails push data wipers
The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers.
December 20, 2023
Google fixes 8th Chrome zero-day exploited in attacks this year
Google has released emergency updates to fix another Chrome zero-day vulnerability exploited in the wild, the eighth patched since the start of the year.
December 20, 2023
Crypto scammers abuse X 'feature' to impersonate high-profile accounts
Cryptocurrency scammers are abusing a legitimate X "feature" to promote scams, fake giveaways, and fraudulent Telegram channels used to steal your crypto and NFTs.
December 20, 2023
New phishing attack steals your Instagram backup codes to bypass 2FA
A new phishing campaign pretending to be a 'copyright infringement' email attempts to steal the backup codes of Instagram users, allowing hackers to bypass the two-factor authentication configured on the account.
December 20, 2023
Ivanti releases patches for 13 critical Avalanche RCE flaws
​Ivanti has released security updates to fix 13 critical security vulnerabilities in the company's Avalanche enterprise mobile device management (MDM) solution.
December 20, 2023
Microsoft fixes Wi-Fi issues triggered by recent Windows updates
Microsoft has fixed a known issue causing Wi-Fi network connectivity problems on Windows 11 systems triggered by recently released cumulative updates.
December 20, 2023
Healthcare software provider data breach impacts 2.7 million
ESO Solutions, a provider of software products for healthcare organizations and fire departments, disclosed that data belonging to 2.7 million patients has been compromised as a result of a ransomware attack.
December 20, 2023
The password attacks of 2023: Lessons learned and next steps
The password attacks of 2023 involved numerous high-profile brands, leading to the exposure of millions of users' data. Learn more from Specops Software on how to respond to these types of attacks.
December 20, 2023
German police takes down Kingdom Market cybercrime marketplace
The Federal Criminal Police Office in Germany (BKA) and the internet-crime combating unit of Frankfurt (ZIT) have announced the seizure of Kingdom Market, a dark web marketplace for drugs, cybercrime tools, and fake government IDs.
December 19, 2023
New Web injections campaign steals banking data from 50,000 people
A new malware campaign that emerged in March 2023 used JavaScript web injections to try to steal the banking data of over 50,000 users of 40 banks in North America, South America, Europe, and Japan.
December 19, 2023
FBI: ALPHV ransomware raked in $300 million from over 1,000 victims
The ALPHV/BlackCat ransomware gang has made over $300 million in ransom payments from more than 1,000 victims worldwide as of September 2023, according to the Federal Bureau of Investigation (FBI).
December 19, 2023
Interpol operation arrests 3,500 cybercriminals, seizes $300 million
An international law enforcement operation codenamed 'Operation HAECHI IV' has led to the arrest of 3,500 suspects of various lower-tier cybercrimes and seized $300 million in illicit proceeds.
December 19, 2023
Microsoft confirms Windows 11 Wi-Fi issues, asks for user feedback
Microsoft has confirmed that some Windows 11 devices experience Wi-Fi connectivity issues after installing recent cumulative updates.
December 19, 2023
How the FBI seized BlackCat (ALPHV) ransomware’s servers
An unsealed FBI search warrant revealed how law enforcement hijacked the ALPHV/BlackCat ransomware operations websites and seized the associated URLs.
December 19, 2023
Terrapin attacks can downgrade security of OpenSSH connections
Academic researchers developed a new attack called Terrapin that manipulates sequence numbers during the handshake process to breaks the SSH channel integrity when certain widely-used encryption modes are used.
December 19, 2023
FBI disrupts Blackcat ransomware operation, creates decryption tool
The Department of Justice announced today that the FBI successfully breached the ALPHV ransomware operation's servers to monitor their activities and obtain decryption keys.
December 18, 2023
Xfinity discloses data breach after recent Citrix server hack
Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.
December 18, 2023
December's Windows 11 KB5033375 update breaks Wi-Fi connectivity
The KB5033375 cumulative update released during the December 2023 Patch Tuesday causes Wi-Fi connectivity issues on some Windows 11 devices.
December 18, 2023
Microsoft discovers critical RCE flaw in Perforce Helix Core Server
Four vulnerabilities, one of which is rated critical, have been discovered in the Perforce Helix Core Server, a source code management platform widely used by the gaming, government, military, and technology sectors.
December 18, 2023
Vans and North Face owner VF Corp hit by ransomware attack
American global apparel and footwear giant VF Corporation, the owner of brands like Supreme, Vans, Timberland, and The North Face, has disclosed a security incident that caused operational disruptions.
December 18, 2023
Microsoft fixes Windows printer issues with new troubleshooter
Microsoft has released a troubleshooter tool to fix an issue where the HP Smart app would automatically install on Windows systems after renaming all printers to HP LaserJet M101-M106.
December 18, 2023
FBI: Play ransomware breached 300 victims, including critical orgs
The Federal Bureau of Investigation (FBI) says the Play ransomware gang has breached roughly 300 organizations worldwide between June 2022 and October 2023, some of them critical infrastructure entities.
December 18, 2023
Former IT manager pleads guilty to attacking high school network
Conor LaHiff, a former IT manager for a New Jersey public high school, has admitted to committing a cyberattack against his former employer following the termination of his employment in June 2023.
December 18, 2023
Mortgage giant Mr. Cooper data breach affects 14.7 million people
Mr. Cooper is sending notices of a data breach to customers who were impacted by a cyberattack the firm suffered in November 2023.
December 17, 2023
WordPress hosting service Kinsta targeted by Google phishing ads
WordPress hosting provider Kinsta is warning customers that Google ads have been observed promoting phishing sites to steal hosting credentials.
December 17, 2023
Rhadamanthys Stealer malware evolves with more powerful features
The developers of the Rhadamanthys information-stealing malware have recently released two major versions to add improvements and enhancements across the board, including new stealing capabilities and enhanced evasion.
December 17, 2023
What to do when receiving unprompted MFA OTP codes
Receiving an unprompted one-time passcode (OTP) sent as an email or text should be a cause for concern as it likely means your credentials have been stolen.
December 17, 2023
Qbot malware returns in campaign targeting hospitality industry
The QakBot malware is once again being distributed in phishing campaigns after the botnet was disrupted by law enforcement over the summer.
December 16, 2023
MongoDB says customer data was exposed in a cyberattack
MongoDB is warning that its corporate systems were breached and that customer data was exposed in a cyberattack that was detected by the company earlier this week.
December 16, 2023
QNAP VioStor NVR vulnerability actively exploited by malware botnet
A Mirai-based botnet named 'InfectedSlurs' is exploiting a remote code execution (RCE) vulnerability in QNAP VioStor NVR (Network Video Recorder) devices to hijack and make them part of its DDoS (distributed denial of service) swarm.
December 16, 2023
Microsoft unveils new, more secure Windows Protected Print Mode
Microsoft announced a new Windows Protected Print Mode (WPP), introducing significant security enhancements to the Windows print system.
December 15, 2023
The Week in Ransomware - December 15th 2023 - Ransomware Drama
The big news over the past two weeks is the continued drama plaguing BlackCat/ALPHV after their infrastructure suddenly stopped working for almost five days. Multiple sources told BleepingComputer that this outage was related to a law enforcement operation, but BlackCat claims the outages were caused by a hardware/hosting issue.
December 15, 2023
Ex-Amazon engineer pleads guilty to hacking crypto exchanges
Former Amazon security engineer Shakeeb Ahmed pleaded guilty this week to hacking and stealing over $12.3 million from two cryptocurrency exchanges in July 2022.
December 15, 2023
CISA urges tech manufacturers to stop using default passwords
Today, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged technology manufacturers to stop providing software and devices with default passwords.
December 15, 2023
3CX warns customers to disable SQL database integrations
VoIP communications company 3CX warned customers today to disable SQL Database integrations because of risks posed by what it describes as a potential vulnerability.
December 15, 2023
Ransomware gang behind threats to Fred Hutch cancer patients
The Hunters International ransomware gang claimed to be behind a cyberattack on the Fred Hutchinson Cancer Center (Fred Hutch) that resulted in patients receiving personalized extortion threats.
December 15, 2023
Box cloud storage down amid 'critical' outage
Cloud storage provider Box.com is suffering an outtage preventing customers from accessing their files.
December 15, 2023
Delta Dental says data breach exposed info of 7 million people
Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach.
December 14, 2023
Kraft Heinz investigates hack claims, says systems ‘operating normally’
Kraft Heinz has confirmed that their systems are operating normally and that there is no evidence they were breached after an extortion group listed them on a data leak site.
December 14, 2023
New NKAbuse malware abuses NKN blockchain for stealthy comms
A new Go-based multi-platform malware identified as 'NKAbuse' is the first malware abusing NKN (New Kind of Network) technology for data exchange, making it a stealthy threat.
December 14, 2023
Ubiquiti users report having access to others’ UniFi routers, cameras
Since yesterday, customers of Ubiquiti networking devices, ranging from routers to security cameras, have reported seeing other people's devices and notifications through the company's cloud services.
December 14, 2023
US detains suspects behind $80 million 'pig butchering' scheme
The U.S. Department of Justice charged four suspects (two of them already detained) for their alleged involvement in a pig butchering fraud scheme that resulted in more than $80 million in victim losses.
December 14, 2023
Ten new Android banking trojans targeted 985 bank apps in 2023
This year has seen the emergence of ten new Android banking malware families, which collectively target 985 bank and fintech/trading apps from financial institutes across 61 countries.
December 14, 2023
Discord adds Security Key support for all users to enhance security
Discord has made security key multi-factor authentication (MFA) available for all accounts on the platform, bringing significant security and anti-phishing benefits to its 500+ million registered users.
December 14, 2023
U.S. nuclear research lab data breach impacts 45,000 people
The Idaho National Laboratory (INL) confirmed that attackers stole the personal information of more than 45,000 individuals after breaching its cloud-based Oracle HCM HR management platform last month.
December 14, 2023
Ledger dApp supply chain attack steals $600K from crypto wallets
Ledger is warnings users not to use web3 dApps after a supply chain attack on the 'Ledger dApp Connect Kit' library was found pushing a JavaScript wallet drainer that stole $600,000 in crypto and NFTs.
December 14, 2023
Protect your Active Directory from these Password-based Vulnerabilities
To safeguard against potential cyberattacks and outages, it is essential to be vigilant against common Active Directory attacks, Learn more from Specops Software about these attacks and how harden your defenses.
December 13, 2023
Microsoft seizes domains used to sell fraudulent Outlook accounts
Microsoft's Digital Crimes Unit seized multiple domains used by a Vietnam-based cybercrime group (Storm-1152) that registered over 750 million fraudulent accounts and raked in millions of dollars by selling them online to other cybercriminals.
December 13, 2023
Stealthy KV-botnet hijacks SOHO routers and VPN devices
The Chinese state-sponsored APT hacking group known as Volt Typhoon (Bronze Silhouette) has been linked to a sophisticated botnet named 'KV-botnet' since at least 2022 to attack SOHO routers in high-value targets.
December 13, 2023
BazarCall attacks abuse Google Forms to legitimize phishing emails
A new wave of BazarCall attacks uses Google Forms to generate and send payment receipts to victims, attempting to make the phishing attempt appear more legitimate.
December 13, 2023
French police arrests Russian suspect linked to Hive ransomware
French authorities arrested a Russian national in Paris for allegedly helping the Hive ransomware gang with laundering their victims' ransom payments.
December 13, 2023
LockBit ransomware now poaching BlackCat, NoEscape affiliates
The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams.
December 13, 2023
CISA: Russian hackers target TeamCity servers since September
CISA and partner cybersecurity agencies and intelligence services warned that the APT29 hacking group linked to Russia's Foreign Intelligence Service (SVR) has been targeting unpatched TeamCity servers in widespread attacks since September 2023.
December 13, 2023
Hackers are exploiting critical Apache Struts flaw using public PoC
Hackers are attempting to leverage a recently fixed critical vulnerability (CVE-2023-50164) in Apache Struts that leads to remote code execution, in attacks that rely on publicly available proof-of-concept exploit code.
December 13, 2023
New cybercrime market 'OLVX' gains popularity among hackers
A new cybercrime marketplace, OLVX, has emerged and is quickly gaining new customers looking to purchase tools to conduct online fraud and cyberattacks.
December 12, 2023
Microsoft: OAuth apps used to automate BEC and cryptomining attacks
Microsoft warns that financially-motivated threat actors are using OAuth applications to automate BEC and phishing attacks, push spam, and deploy VMs for cryptomining.
December 12, 2023
Ukrainian military says it hacked Russia's federal tax agency
​The Ukrainian government's military intelligence service says it hacked the Russian Federal Taxation Service (FNS), wiping the agency's database and backup copies.
December 12, 2023
Avira antivirus causes Windows computers to freeze after boot
Since Friday, Windows users have reported problems with the operating system freezing shortly after booting, an issue linked to a faulty update for Avira's security software.
December 12, 2023
Microsoft December 2023 Patch Tuesday fixes 34 flaws, 1 zero-day
Today is Microsoft's December 2023 Patch Tuesday, which includes security updates for a total of 34 flaws and one previously disclosed, unpatched vulnerability in AMD CPUs.
December 12, 2023
Windows 11 KB5033375 update released with upgraded Copilot AI-assistant
Microsoft has released the KB5033375 update for Windows 11 versions 23H2 and 22H2 to fix security vulnerabilities, upgrade Copilot for Windows, and make 36 changes and fixes
December 12, 2023
Windows 10 KB5033372 update released with Copilot for everyone, 20 changes
Microsoft has released the KB5033372 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes Copilot for Windows and nineteen other changes to the operating system.
December 12, 2023
Sophos backports RCE fix after attacks on unsupported firewalls
Sophos was forced to backport a security update for CVE-2022-3236 for end-of-life (EOL) firewall firmware versions after discovering hackers actively exploiting the flaw in attacks.
December 12, 2023
Ukraine's largest mobile carrier Kyivstar down following cyberattack
Kyivstar, Ukraine's largest telecommunications service provider serving over 25 million mobile and home internet subscribers, has suffered a cyberattack impacting mobile and data services.
December 12, 2023
Cloud engineer gets 2 years for wiping ex-employer’s code repos
Miklos Daniel Brody, a cloud engineer, was sentenced to two years in prison and a restitution of $529,000 for wiping the code repositories of his former employer in retaliation for being fired by the company. 
December 12, 2023
Over 1,450 pfSense servers exposed to RCE attacks via bug chain
Roughly 1,450 pfSense instances exposed online are vulnerable to command injection and cross-site scripting flaws that, if chained, could enable attackers to perform remote code execution on the appliance.
December 11, 2023
50K WordPress sites exposed to RCE attacks by critical bug in backup plugin
A critical severity vulnerability in a WordPress plugin with more than 90,000 installs can let attackers gain remote code execution to fully compromise vulnerable websites.
December 11, 2023
Lazarus hackers drop new RAT malware using 2-year-old Log4j bug
The notorious North Korean hacking group known as Lazarus continues to exploit CVE-2021-44228, aka "Log4Shell," this time to deploy three previously unseen malware families written in DLang.
December 11, 2023
Counter-Strike 2 HTML injection bug exposes players’ IP addresses
Valve has reportedly fixed an HTML injection flaw in Counter-Strike 2 that was heavily abused today to inject images into games and obtain other players' IP addresses.
December 11, 2023
Apple emergency updates fix recent zero-days on older iPhones
Apple has issued emergency security updates to backport patches for two actively exploited zero-day flaws to older iPhones and some Apple Watch and Apple TV models.
December 11, 2023
Cold storage giant Americold discloses data breach after April malware attack
Cold storage and logistics giant Americold has confirmed that over 129,000 employees and their dependents had their personal information stolen in an April attack, later claimed by Cactus ransomware.
December 11, 2023
Toyota warns customers of data breach exposing personal, financial info
Toyota Financial Services (TFS) is warning customers it suffered a data breach, stating that sensitive personal and financial data was exposed in the attack.
December 11, 2023
Kelvin Security hacking group leader arrested in Spain
The Spanish police have arrested one of the alleged leaders of the 'Kelvin Security' hacking group, which is believed to be responsible for 300 cyberattacks against organizations in 90 countries since 2020.
December 10, 2023
Over 30% of Log4J apps use a vulnerable version of the library
Roughly 38% of applications using the Apache Log4j library are using a version vulnerable to security issues, including Log4Shell, a critical vulnerability identified as CVE-2021-44228 that carries the maximum severity rating, despite patches being available for more than two years.
December 9, 2023
AutoSpill attack steals credentials from Android password managers
Security researchers developed a new attack, which they named AutoSpill, to steal account credentials on Android during the autofill operation.
December 8, 2023
Norton Healthcare discloses data breach after May ransomware attack
Kentucky health system Norton Healthcare has confirmed that a ransomware attack in May exposed personal information belonging to patients, employees, and dependents.
December 8, 2023
Google shares “fix” for deleted Google Drive files
Google says it identified and fixed a bug causing customer files added to Google Drive after April-May 2023 to disappear. However, the fix isn't working for all affected users.
December 8, 2023
Microsoft: Outlook email sending issues for users with lots of folders
Microsoft has acknowledged a new issue affecting Outlook for Microsoft 365 users and causing email-sending problems for those with too many nested folders.
December 8, 2023
ALPHV ransomware site outage rumored to be caused by law enforcement
A law enforcement operation is rumored to be behind an outage affecting ALPHV ransomware gang's websites over the last 30 hours.
December 8, 2023
Privilege elevation exploits used in over 50% of insider attacks
Elevation of privilege flaws are the most common vulnerability leveraged by corporate insiders when conducting unauthorized activities on networks, whether for malicious purposes or by downloading risky tools in a dangerous manner.
December 8, 2023
Amazon sues REKK fraud gang that stole millions in illicit refunds
Amazon's Customer Protection and Enforcement team has taken legal action against an underground store refund scheme that has resulted in the theft of millions of dollars worth of products from Amazon's online platforms.
December 8, 2023
New 5Ghoul attack impacts 5G phones with Qualcomm, MediaTek chips
A new set of vulnerabilities in 5G modems by Qualcomm and MediaTek, collectively called "5Ghoul," impact 710 5G smartphone models from Google partners (Android) and Apple, routers, and USB modems.
December 7, 2023
Russian military hackers target NATO fast reaction corps
Russian APT28 military hackers used Microsoft Outlook zero-day exploits to target multiple European NATO member countries, including a NATO Rapid Deployable Corps.
December 7, 2023
23andMe updates user agreement to prevent data breach lawsuits
As Genetic testing provider 23andMe faces multiple lawsuits for an October credential stuffing attack that led to the theft of customer data, the company has modified its Terms of Use to make it harder to sue the company.
December 7, 2023
Windows 11 Notepad gets a built-in character counter, finally
Microsoft keeps improving and adding more features to the Windows 11 Notepad application, the latest being a built-in character counter.
December 7, 2023
WordPress fixes POP chain exposing websites to RCE attacks
WordPress has released version 6.4.2 that addresses a remote code execution (RCE) vulnerability that could be chained with another flaw to allow attackers run arbitrary PHP code on the target website.
December 7, 2023
Russian pleads guilty to running crypto-exchange used by ransomware gangs
Russian national Anatoly Legkodymov pleaded guilty to operating the Bitzlato cryptocurrency exchange that helped ransomware gangs and other cybercriminals launder over $700 million.
December 7, 2023
UK and allies expose Russian FSB hacking group, sanction members
The UK National Cyber Security Centre (NCSC) and Microsoft warn that the Russian state-backed actor "Callisto Group" (aka "Seaborgium" or "Star Blizzard") is targeting organizations worldwide with spear-phishing campaigns used to steal account credentials and data.
December 7, 2023
Meta rolls out default end-to-end encryption on Messenger, Facebook
Meta has announced that the immediate availability of end-to-end encryption for all chats and calls made through the Messenger app, as well as the Facebook social media platform.
December 7, 2023
Krasue RAT malware hides on Linux servers using embedded rootkits
Security researchers discovered a remote access trojan they named Krasue that is targeting Linux systems of telecommunications companies and managed to remain undetected since 2021.
December 6, 2023
New SLAM attack steals sensitive data from AMD, future Intel CPUs
Academic researchers developed a new side-channel attack called SLAM that exploits hardware features designed to improve security in upcoming CPUs from Intel, AMD, and Arm to obtain the root password hash from the kernel memory.
December 6, 2023
US senator: Govts spy on Apple, Google users via mobile notifications
A U.S. senator revealed today that government agencies worldwide demand mobile push notification records from Apple and Google users to spy on their customers.
December 6, 2023
Navy contractor Austal USA confirms cyberattack after data leak
Austal USA, a shipbuilding company and a contractor for the U.S. Department of Defense (DoD) and the Department of Homeland Security (DHS) confirmed that it suffered a cyberattack and is currently investigating the impact of the incident.
December 6, 2023
Atlassian patches critical RCE flaws across multiple products
Atlassian has published security advisories for four critical remote code execution (RCE) vulnerabilities impacting Confluence, Jira, and Bitbucket servers, along with a companion app for macOS.
December 6, 2023
Varonis Introduces Athena AI to Transform Data Security and Incident Response
Athena AI, a new generative AI layer that spans across the entire Varonis Data Security Platform, enhances how security teams protect data — from visibility to action. Learn more from Varonis in this article.
December 6, 2023
Nissan is investigating cyberattack and potential data breach
Japanese car maker Nissan is investigating a cyberattack that targeted its systems in Australia and New Zealand, which may have let hackers access personal information.
December 6, 2023
"Sierra:21" vulnerabilities impact critical infrastructure routers
A set of 21 newly discovered vulnerabilities impact Sierra OT/IoT routers and threaten critical infrastructure with remote code execution, unauthorized access, cross-site scripting, authentication bypass, and denial of service attacks.
December 5, 2023
HTC Global Services confirms cyberattack after data leaked online
IT services and business consulting company HTC Global Services has confirmed that they suffered a cyberattack after the ALPHV ransomware gang began leaking screenshots of stolen data.
December 5, 2023
Multiple NFT collections at risk by flaw in open-source library
A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase.
December 5, 2023
Kali Linux 2023.4 released with GNOME 45 and 15 new tools
Kali Linux 2023.4, the fourth and final version of 2023, is now available for download, with fifteen new tools and the GNOME 45 desktop environment.
December 5, 2023
Microsoft to let Windows 10 home users buy Extended Security Updates
Microsoft says that all Windows 10 customers (including home users) will be able to pay for three extra years of security updates through the company's Extended Security Updates (ESU) program after the end of support (EOS) date.
December 5, 2023
Hackers breach US govt agencies using Adobe ColdFusion exploit
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning about hackers actively exploiting a critical vulnerability in Adobe ColdFusion identified as CVE-2023-26360 to gain initial access to government servers.
December 5, 2023
Holiday Hackers: How to Safeguard Your Service Desk
Consumer traffic rises sharply during the holidays, as do the scope and severity of cyberattacks. Learn more from Specops Software on how to protect your service or help desk from social engineering attacks during the holiday season.
December 5, 2023
SpyLoan Android malware on Google Play downloaded 12 million times
More than a dozen malicious loan apps, which are generically named SpyLoan, have been downloaded more than 12 million times this year from Google Play but the count is much larger since they are also available on third-party stores and suspicious websites.
December 5, 2023
Microsoft confirms Windows bug renames printers to HP LaserJet M101-M106
Microsoft has confirmed an issue causing the HP Smart app to automatically install on Windows systems after all printers are renamed to HP LaserJet M101-M106.
December 4, 2023
Windows 11 KB5032288 update improves Copilot, fixes 11 bugs
Microsoft has released the KB5032288 November 2023 Windows 11 preview update with improvements for the Copilot AI assistant and almost a dozen bug fixes.
December 4, 2023
Microsoft fixes Outlook Desktop crashes when sending emails
Microsoft has fixed a known issue causing Outlook Desktop clients to crash when sending emails from Outlook.com accounts.
December 4, 2023
Stealthier version of P2Pinfect malware targets MIPS devices
The latest variants of the P2Pinfect botnet are now focusing on infecting devices with 32-bit MIPS (Microprocessor without Interlocked Pipelined Stages) processors, such as routers and IoT devices.
December 4, 2023
Russian hackers exploiting Outlook bug to hijack Exchange accounts
Microsoft's Threat Intelligence team issued a warning earlier today about the Russian state-sponsored actor APT28 (aka "Fancybear" or "Strontium") actively exploiting the CVE-2023-23397 Outlook flaw to hijack Microsoft Exchange accounts and steal sensitive information.
December 4, 2023
December Android updates fix critical zero-click RCE flaw
Google announced today that the December 2023 Android security updates tackle 85 vulnerabilities, including a critical severity zero-click remote code execution (RCE) bug.
December 4, 2023
Tipalti investigates claims of data stolen by ransomware gang
Tipalti says they are investigating claims that the ALPHV ransomware gang breached its network and stole 256 GB of data, including data for Roblox and Twitch.
December 4, 2023
Fake WordPress security advisory pushes backdoor plugin
WordPress administrators are being emailed fake WordPress security advisories for a fictitious vulnerability tracked as CVE-2023-45124 to infect sites with a malicious plugin.
December 4, 2023
New AeroBlade hackers target aerospace sector in the U.S.
A previously unknown cyber espionage hacking group named 'AeroBlade' was discovered targeting organizations in the United States aerospace sector.
December 3, 2023
Linux version of Qilin ransomware focuses on VMware ESXi
A sample of the Qilin ransomware gang's VMware ESXi encryptor has been found and it could be one of the most advanced and customizable Linux encryptors seen to date.
December 3, 2023
North Korea's state hackers stole $3 billion in crypto since 2017
North Korean-backed state hackers have stolen an estimated $3 billion in a long string of hacks targeting the cryptocurrency industry over the last six years since January 2017.
December 3, 2023
Google is phasing out ad personalization for some AdSense products
Google has announced significant changes to its Search Ads publisher products, including AdSense for Search (AFS), AdSense for Shopping (AFSh), and Programmable Search Engine (ProSE).
December 3, 2023
New proxy malware targets Mac users through pirated software
Cybercriminals are targeting Mac users with a new proxy trojan malware bundled with popular, copyrighted macOS software being offered on warez sites.
December 2, 2023
Over 20,000 vulnerable Microsoft Exchange servers exposed to attacks
Tens of thousands of Microsoft Exchange email servers in Europe, the U.S., and Asia exposed on the public internet are vulnerable to remote code execution flaws.
December 2, 2023
Google Chrome's new cache change could boost performance
Google is introducing a significant change to Chrome's Back/Forward Cache (BFCache) behavior, allowing web pages to be stored in the cache, even if a webmaster specifies not to store a page in the browser's cache.
December 2, 2023
US Health Dept urges hospitals to patch critical Citrix Bleed bug
The U.S. Department of Health and Human Services (HHS) warned hospitals this week to patch the critical 'Citrix Bleed' Netscaler vulnerability actively exploited in attacks.
December 1, 2023
The Week in Ransomware - December 1st 2023 - Police hits affiliates
An international law enforcement operation claims to have dismantled a ransomware affiliate operation in Ukraine, which was responsible for attacks on organizations in 71 countries.
December 1, 2023
TrickBot malware dev pleads guilty, faces 35 years in prison
On Thursday, a Russian national pleaded guilty to charges related to his involvement in developing and deploying the Trickbot malware, which was used in attacks against hospitals, companies, and individuals in the United States and worldwide.
December 1, 2023
Hackers use new Agent Raccoon malware to backdoor US targets
A novel malware named 'Agent Raccoon' (or Agent Racoon) is being used in cyberattacks against organizations in the United States, the Middle East, and Africa.
December 1, 2023
French government recommends against using foreign chat apps
Prime Minister of France Élisabeth Borne signed a circular last week requesting all government employees to uninstall foreign communication apps such as Signal, WhatsApp, and Telegram by December 8, 2023, in favor of a French messaging app named 'Olvid.'
December 1, 2023
VMware fixes critical Cloud Director auth bypass unpatched for 2 weeks
VMware has fixed a critical authentication bypass vulnerability in Cloud Director appliance deployments, a bug that was left unpatched for over two weeks since it was disclosed on November 14th.
December 1, 2023
Windows 10 KB5032278 update adds Copilot AI assistant, fixes 13 bugs
Microsoft has started rolling out its Copilot AI assistant to Windows 10 with the KB5032278 November 2023 non-security preview update for systems running Windows 10, version 22H2.
November 30, 2023
LogoFAIL attack can install UEFI bootkits through bootup logos
Multiple security vulnerabilities collectively named LogoFAIL affect image-parsing components in the UEFI code from various vendors. Researchers warn that they could be exploited to hijack the execution flow of the booting process and to deliver bootkits.
November 30, 2023
US govt sanctions North Korea’s Kimsuky hacking group
The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned the North Korean-backed Kimsuky hacking group for stealing intelligence in support of the country's strategic goals.
November 30, 2023
WhatsApp's new Secret Code feature hides your locked chats
WhatsApp has introduced a new Secret Code feature that allows users to hide their locked chats by setting a custom password.
November 30, 2023
Get 20% off Emsisoft's Enterprise Security EDR solution for the holidays
Emsisoft is having a holiday deal where you can get 20% off 1-year licenses of the Emsisoft Enterprise Security EDR solution through December 17th, 2023, with no license limits.
November 30, 2023
Apple fixes two new iOS zero-days in emergency updates
Apple released emergency security updates to fix two zero-day vulnerabilities exploited in attacks and impacting iPhone, iPad, and Mac devices, reaching 20 zero-days patched since the start of the year.
November 30, 2023
Capital Health Hospitals hit by cyberattack causing IT outages
Capital Health hospitals and physician offices across New Jersey are experiencing IT outages after a cyberattack hit the non-profit organization's network earlier this week.
November 30, 2023
Cactus ransomware exploiting Qlik Sense flaws to breach networks
Cactus ransomware has been exploiting critical vulnerabilities in the Qlik Sense data analytics solution to get initial access on corporate networks.
November 30, 2023
Staples confirms cyberattack behind service outages, delivery issues
American office supply retailer Staples took down some of its systems earlier this week after a cyberattack to contain the breach's impact and protect customer data.
November 30, 2023
Zyxel warns of multiple critical vulnerabilities in NAS devices
Zyxel has addressed multiple security issues, including three critical ones that could allow an unauthenticated attacker to execute operating system commands on vulnerable network-attached storage (NAS) devices.
November 30, 2023
FjordPhantom Android malware uses virtualization to evade detection
A new Android malware named FjordPhantom has been discovered using virtualization to run malicious code in a container and evade detection.
November 29, 2023
Dollar Tree hit by third-party data breach impacting 2 million people
Discount store chain Dollar Tree was impacted by a third-party data breach affecting 1,977,486 people after the hack of service provider Zeroed-In Technologies.
November 29, 2023
SIM swapper gets 8 years in prison for account hacks, crypto theft
Amir Hossein Golshan, 25, was sentenced to eight years in prison by a Los Angeles District Court and ordered to pay $1.2 million in restitution for crimes involving SIM swapping, merchant fraud, support fraud, account hacking, and cryptocurrency theft.
November 29, 2023
Microsoft starts testing new Windows 11 Energy Saver feature
Microsoft has started testing a new Windows 11 Energy Saver feature that helps customers extend their portable computers' battery life.
November 29, 2023
Black Basta ransomware made over $100 million from extortion
Russia-linked ransomware gang Black Basta has raked in at least $100 million in ransom payments from more than 90 victims since it first surfaced in April 2022, according to joint research from Corvus Insurance and Elliptic.
November 29, 2023
Hackers breach US water facility via exposed Unitronics PLCs
CISA (Cybersecurity & Infrastructure Security Agency) is warning that threat actors breached a U.S. water facility by hacking into Unitronics programmable logic controllers (PLCs) exposed online.
November 29, 2023
Japanese Space Agency JAXA hacked in summer cyberattack
The Japan Aerospace Exploration Agency (JAXA) was hacked in a cyberattack over the summer, potentially compromising sensitive space-related technology and data.
November 29, 2023
US seizes Sinbad crypto mixer used by North Korean Lazarus hackers
The U.S. Department of the Treasury has sanctioned the Sinbad cryptocurrency mixing service for its use as a money-laundering tool by the North Korean Lazarus hacking group.
November 29, 2023
How Continuous Pen Testing Protects Web Apps from Emerging Threats
The nature and ubiquity of modern web apps make them rife for targeting by hackers. Learn more from Outpost24 about the value of continuous monitoring to secure modern web apps.
November 29, 2023
Okta: October data breach affects all customer support system users
Okta's investigation into the breach of its Help Center environment last month revealed that the hackers obtained data belonging to all customer support system users.
November 28, 2023
New BLUFFS attack lets attackers hijack Bluetooth connections
Researchers at Eurecom have developed six new attacks collectively named 'BLUFFS' that can break the secrecy of Bluetooth sessions, allowing for device impersonation and man-in-the-middle (MitM) attacks.
November 28, 2023
Google Chrome emergency update fixes 6th zero-day exploited in 2023
Google has fixed the sixth Chrome zero-day vulnerability this year in an emergency security update released today to counter ongoing exploitation in attacks.
November 28, 2023
Qilin ransomware claims attack on automotive giant Yanfeng
The Qilin ransomware group has claimed responsibility for a cyber attack on Yanfeng Automotive Interiors (Yanfeng), one of the world's largest automotive parts suppliers.
November 28, 2023
Microsoft shares temp fix for Outlook crashes when sending emails
Today, Microsoft shared a temporary fix for a known issue causing Outlook Desktop to crash when sending emails from Outlook.com accounts.
November 28, 2023
DP World confirms data stolen in cyberattack, no ransomware used
International logistics giant DP World has confirmed that data was stolen during a cyber attack that disrupted its operations in Australia earlier this month. However, no ransomware payloads or encryption was used in the attack.
November 28, 2023
Hackers start exploiting critical ownCloud flaw, patch now
Hackers are exploiting a critical ownCloud vulnerability tracked as CVE-2023-49103 that exposes admin passwords, mail server credentials, and license keys in containerized deployments.
November 28, 2023
Police dismantle ransomware group behind attacks in 71 countries
In cooperation with Europol and Eurojust, law enforcement agencies from seven nations have arrested in Ukraine the core members of a ransomware group linked to attacks against organizations in 71 countries.
November 27, 2023
Microsoft deprecates Defender Application Guard for Office
Microsoft is deprecating Defender Application Guard for Office and the Windows Security Isolation APIs, and it recommends Defender for Endpoint attack surface reduction rules, Protected View, and Windows Defender Application Control as an alternative.
November 27, 2023
Ransomware attack on indie game maker wiped all player accounts
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game.
November 27, 2023
Healthcare giant Henry Schein hit twice by BlackCat ransomware
American healthcare company Henry Schein has reported a second cyberattack this month by the BlackCat/ALPHV ransomware gang, who also breached their network in October.
November 27, 2023
Ukraine says it hacked Russian aviation agency, leaks data
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.
November 27, 2023
Ardent hospital ERs disrupted in 6 states after ransomware attack
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.
November 27, 2023
Slovenia's largest power provider HSE hit by ransomware attack
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
November 27, 2023
Leveraging Wazuh to combat insider threats
Effective strategies for mitigating insider threats involve a combination of detective and preventive controls. Such controls are provided by the Wazuh SIEM and XDR platform.
November 27, 2023
Google Drive users angry over losing months of stored data
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
November 26, 2023
New Rust-based SysJoker backdoor linked to Hamas hackers
A new version of the multi-platform malware known as 'SysJoker' has been spotted, featuring a complete code rewrite in the Rust programming language.
November 25, 2023
General Electric investigates claims of cyber attack, data theft
General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data.
November 25, 2023
Atomic Stealer malware strikes macOS via fake browser updates
The 'ClearFake' fake browser update campaign has expanded to macOS, targeting Apple computers with Atomic Stealer (AMOS) malware.
November 24, 2023
Critical bug in ownCloud file sharing app exposes admin passwords
Open source file sharing software ownCloud is warning of three critical-severity security vulnerabilities, including one that can expose administrator passwords and mail server credentials.
November 24, 2023
UK and South Korea: Hackers use zero-day in supply-chain attack
A joint advisory by the National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) discloses a supply-chain attack executed by North Korean hackers involving the MagicLineThe National Cyber Security Centre (NCSC) and Korea's National Intelligence Service (NIS) warn that the North Korean Lazarus hacking grou
November 24, 2023
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
November 23, 2023
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
November 22, 2023
Kansas courts confirm data theft, ransom demand after cyberattack
The Kansas Judicial Branch has published an update on a cybersecurity incident it suffered last month, confirming that hackers stole sensitive files containing confidential information from its systems.
November 22, 2023
Windows Hello auth bypassed on Microsoft, Dell, Lenovo laptops
Security researchers bypassed Windows Hello fingerprint authentication on Dell Inspiron, Lenovo ThinkPad, and Microsoft Surface Pro X laptops in attacks exploiting security flaws found in the embedded fingerprint sensors.
November 22, 2023
Welltok data breach exposes data of 8.5 million US patients
Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack.
November 22, 2023
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
November 22, 2023
New botnet malware exploits two zero-days to infect NVRs and routers
A new Mirai-based malware botnet named 'InfectedSlurs' has been exploiting two zero-day remote code execution (RCE) vulnerabilities to infect routers and video recorder (NVR) devices.
November 22, 2023
The Black Friday 2023 Security, IT, VPN, & Antivirus Deals
Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.
November 22, 2023
Open-source Blender project battling DDoS attacks since Saturday
Blender has confirmed that recent site outages have been caused by ongoing DDoS (distributed denial of service) attacks that started on Saturday.
November 21, 2023
Microsoft now rolling out Copilot to Windows 10 devices
Microsoft is now rolling out the Copilot AI assistant to eligible non-managed systems enrolled in the Windows Insider program and running Windows 10 22H2 Home and Pro editions.
November 21, 2023
Hacktivists breach U.S. nuclear research lab, steal employee data
The Idaho National Laboratory (INL) confirms they suffered a cyberattack after 'SiegedSec' hacktivists leaked stolen human resources data online.
November 21, 2023
Lumma malware can allegedly restore expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
November 21, 2023
Microsoft launches Defender Bounty Program with $20,000 rewards
Microsoft has unveiled a new bug bounty program aimed at the Microsoft Defender security platform, with rewards between $500 and $20,000.
November 21, 2023
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks.
November 21, 2023
CISA orders federal agencies to patch Looney Tunables Linux bug
Today, CISA ordered U.S. federal agencies to secure their systems against an actively exploited vulnerability that lets attackers gain root privileges on many major Linux distributions.
November 21, 2023
Citrix warns admins to kill NetScaler user sessions to block hackers
Citrix reminded admins today that they must take additional measures after patching their NetScaler appliances against the CVE-2023-4966 'Citrix Bleed' vulnerability to secure vulnerable devices against attacks.
November 21, 2023
DarkGate and Pikabot malware emerge as Qakbot’s successors
A sophisticated phishing campaign pushing the DarkGate malware infections has recently added the PikaBot malware into the mix, making it the most advanced phishing campaign since the Qakbot operation was dismantled.
November 21, 2023
Criminal IP Becomes VirusTotal IP and URL Scan Contributor
The Criminal IP Threat Intelligence (CTI) search engine has integrated its IP address and URL scans into VirusTotal. Learn more from Criminal IP about how this integration can help you.
November 21, 2023
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
November 20, 2023
Tor Project removes relays because of for-profit, risky activity
The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users.
November 20, 2023
Gamaredon's LittleDrifter USB malware spreads beyond Ukraine
A recently discovered worm that researchers call LittleDrifter has been spreading over USB drives infecting systems in multiple countries as part of a campaign from the Gamaredon state-sponsored espionage group.
November 20, 2023
Microsoft fixes ‘Something Went Wrong’ Office sign-in errors
Microsoft is rolling out fixes for known Microsoft 365 issues causing 'Something Went Wrong [1001]' sign-in errors and rendering desktop applications unusable for many customers.
November 20, 2023
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
November 20, 2023
Cybersecurity firm executive pleads guilty to hacking hospitals
The former chief operating officer of a cybersecurity company has pleaded guilty to hacking two hospitals, part of the Gwinnett Medical Center (GMC), in June 2021 to boost his company's business.
November 20, 2023
Canadian government discloses data breach after contractor hacks
The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees. 
November 20, 2023
Kinsing malware exploits Apache ActiveMQ RCE to plant rootkits
The Kinsing malware operator is actively exploiting the CVE-2023-46604 critical vulnerability in the Apache ActiveMQ open-source message broker to compromise Linux systems.
November 20, 2023
Rhysida ransomware gang claims British Library cyberattack
The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage.
November 20, 2023
How to boost Security with Self-Service Password Resets
Learn more from Specops Software about the benefits of self-service password resets and ways to accomplish this with on-premises Active Directory.
November 20, 2023
Lumma Stealer malware now uses trigonometry to evade detection
The Lumma information-stealing malware is now using an interesting tactic to evade detection by security software - the measuring of mouse movements using trigonometry to determine if the malware is running on a real machine or an antivirus sandbox.
November 19, 2023
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies
After Sandworm and APT28 (known as Fancy Bear), another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks.
November 19, 2023
Researchers extract RSA keys from SSH server signing errors
A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts.
November 18, 2023
Windows 10 to let admins control how optional updates are deployed
Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks.
November 18, 2023
FCC adopts new rules to protect consumers from SIM-swapping attacks
The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud.
November 18, 2023
Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.
November 18, 2023
Google shares plans for blocking third-party cookies in Chrome
Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative.
November 17, 2023
The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.
November 17, 2023
Bloomberg Crypto X account snafu leads to Discord phishing attack
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.
November 17, 2023
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information.
November 17, 2023
Google: Hackers exploited Zimbra zero-day in attacks on govt orgs
Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25.
November 17, 2023
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.
November 17, 2023
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.
November 16, 2023
Long Beach, California turns off IT systems after cyberattack
The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread.
November 16, 2023
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
November 16, 2023
MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet
MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.
November 16, 2023
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
November 16, 2023
Microsoft confirms Copilot AI assistant coming to Windows 10
Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months.
November 16, 2023
Fortinet warns of critical command injection bug in FortiSIEM
Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.
November 16, 2023
How DDoS attacks are taking down even the largest tech companies
DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets.
November 15, 2023
Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
November 15, 2023
Samsung hit by new data breach impacting UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
November 15, 2023
Microsoft fixes Windows Server VMs broken by October updates
Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts.
November 15, 2023
Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw
Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems.
November 15, 2023
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
November 15, 2023
FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
November 15, 2023
PJ&A says cyberattack exposed data of nearly 9 million patients
PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients.
November 15, 2023
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
November 15, 2023
The OWASP Top 10: What They Are and How to Test Them
This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks.
November 14, 2023
IPStorm botnet with 23,000 proxies for malicious traffic dismantled
The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm.
November 14, 2023
WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks
The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database.
November 14, 2023
New Reptar CPU flaw impacts Intel desktop and server systems
Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures.
November 14, 2023
VMware discloses critical VCD Appliance auth bypass with no patch
VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments.
November 14, 2023
New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs
A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution.
November 14, 2023
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files.
November 14, 2023
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.
November 14, 2023
Microsoft fixes critical Azure CLI flaw that leaked credentials in logs
Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface).
November 14, 2023
Windows 11 KB5032190 update enables Moment 4 features for everyone
Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the "Get latest updates" toggle.
November 14, 2023
Windows 10 KB5032189 update released with 11 improvements
Microsoft has released the KB5032189 cumulative update for Windows 10 21H2 and Windows 10 22H2, which contains eleven fixes for various issues.
November 14, 2023
Pharmacy provider Truepill data breach hits 2.3 million customers
Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information.
November 14, 2023
Meet the Unique New "Hacking" Group: AlphaLock
A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group.
November 13, 2023
Ethereum feature abused to steal $60 million from 99K victims
Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months.
November 13, 2023
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
November 13, 2023
DP World cyberattack blocks thousands of containers in ports
A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.
November 13, 2023
CISA warns of actively exploited Juniper pre-auth RCE exploit chain
CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain.
November 13, 2023
Israel warns of BiBi wiper attacks targeting Linux and Windows
Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems.
November 13, 2023
Criminal IP & Cisco SecureX/XDR: Enhanced Cyber Threat Analysis
The Criminal IP threat intelligence search engine by AI SPERA has recently integrated with Cisco SecureX/XDR, empowering organizations to stay ahead of malicious actors. Learn more about this integration from Criminal IP in this article.
November 12, 2023
LockBit ransomware leaks gigabytes of Boeing data
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
November 12, 2023
Windows 11 will soon let you uninstall more inbox apps
Microsoft is gearing up to roll out an update for Windows 11 that will significantly enhance user control over built-in apps. In the upcoming version, you will be able to uninstall a wider range of inbox apps.
November 12, 2023
Google Chrome & Microsoft Edge to get 'Save Frame' feature for YouTube
You can soon right-click on any YouTube video in Microsoft Edge or Google Chrome and save the frame (capture the screenshot of the video) in the original resolution and PNG format.
November 12, 2023
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
November 12, 2023
Microsoft Edge is testing a new video translation feature
Microsoft Edge's latest Canary update has an innovative feature: video translation. This feature translates YouTube videos in real-time, and it allegedly supports four languages.
November 11, 2023
Police takes down BulletProftLink large-scale phishing provider
The notorious BulletProftLink phishing-as-a-service (PhaaS) platform that provided more than 300 phishing templates has been seized, the Royal Malaysian Police announced.
November 11, 2023
Microsoft fixes Outlook Desktop bug causing slow saving issues
Microsoft has resolved a known issue causing significant delays for Microsoft 365 customers when saving attachments in Outlook Desktop.
November 10, 2023
Mortgage giant Mr. Cooper says customer data exposed in breach
Mr. Cooper, the largest home loan servicer in the United States, says it found evidence of customer data exposed during a cyberattack disclosed last week, on October 31.
November 10, 2023
Microsoft: BlueNoroff hackers plan new crypto-theft attacks
Microsoft warns that the BlueNoroff North Korean hacking group is setting up new attack infrastructure for upcoming social engineering campaigns on LinkedIn.
November 10, 2023
Hackers breach healthcare orgs via ScreenConnect remote access
Security researchers are warning that hackers are targeting multiple healthcare organizations in the U.S. by abusing the ScreenConnect remote access tool.
November 10, 2023
Microsoft extends Windows Server 2012 ESUs to October 2026
Microsoft provides three more years of Windows Server 2012 Extended Security Updates (ESUs) until October 2026, allowing administrators more time to upgrade or migrate to Azure.
November 10, 2023
Maine govt notifies 1.3 million people of MOVEit data breach
The State of Maine has announced that its systems were breached after threat actors exploited a vulnerability in the MOVEit file transfer tool and accessed personal information of about 1.3 million, which is close to the state's entire population.
November 10, 2023
McLaren Health Care says data breach impacted 2.2 million people
McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information.
November 10, 2023
The Rise of Ransomware in Healthcare: What IT Leaders Need to Know
Ransomware attacks are rapidly becoming the weapon of choice, making up over half of all attacks in the healthcare industry. Learn more from Specops Software on securing your organization from these attacks.
November 9, 2023
Kyocera AVX says ransomware attack impacted 39,000 individuals
Kyocera AVX Components Corporation (KAVX) is sending notices of a data breach exposing personal information of 39,111 individuals following a ransomware attack.
November 9, 2023
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
November 9, 2023
Industrial and Commercial Bank of China hit by ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
November 9, 2023
Microsoft shares temp fix for broken Windows Server 2022 VMs
Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine (VM) blue screens and boot failures on VMware ESXi hosts.
November 9, 2023
Google ads push malicious CPU-Z app from fake Windows news site
A threat actor has been abusing Google Ads to distribute a trojanized version of the CPU-Z tool to deliver the Redline info-stealing malware.
November 9, 2023
Microsoft: SysAid zero-day flaw exploited in Clop ransomware attacks
Threat actors are exploiting a zero-day vulnerability in the service management software SysAid to gain access to corporate servers for data theft and to deploy Clop ransomware.
November 9, 2023
Russian hackers switch to LOTL technique to cause power outage
Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources
November 9, 2023
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages
During the last 24 hours, OpenAI has been addressing what it describes as "periodic outages" linked to DDoS attacks affecting its API and ChatGPT services.
November 8, 2023
Signal tests usernames that keep your phone number private
Signal is now testing public usernames that allow users to conceal the phone numbers linked to their accounts while communicating with others.
November 8, 2023
Microsoft drops SMB1 firewall rules in new Windows 11 build
Windows 11 will no longer add SMB1 Windows Defender Firewall rules when creating new SMB shares starting with today's Canary Channel Insider Preview Build 25992 build.
November 8, 2023
Sumo Logic discloses security breach, advises API key resets
Security and data analytics company Sumo Logic disclosed a security breach after discovering that its AWS (Amazon Web Services) account was compromised last week.
November 8, 2023
Russian state-owned Sberbank hit by 1 million RPS DDoS attack
Russian financial organization Sberbank states in a press release that two weeks ago it faced the most powerful distributed denial of service (DDoS) attack in recent history.
November 8, 2023
FBI: Ransomware gangs hack casinos via 3rd party gaming vendors
The Federal Bureau of Investigation is warning that ransomware threat actors are targeting casino servers and use legitimate system management tools to increase their permissions on the network.
November 8, 2023
ChatGPT down after major outage impacting OpenAI systems
OpenAI's AI-powered ChatGPT large language model-based chatbot is down because of a major ongoing outage that also took down the company's Application Programming Interface (API).
November 8, 2023
WhatsApp now lets users hide their location during calls
WhatsApp is rolling out a new privacy feature that helps Android and iOS users hide their location during calls by relaying the connection through WhatsApp servers.
November 8, 2023
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs
The operator of the Nokoyawa ransomware-as-a-service (RaaS), a threat actor known as 'farnetwork', built experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management.
November 7, 2023
TransForm says ransomware data breach affects 267,000 patients
Shared service provider TransForm has published an update on the cyberattack that recently impacted operations in multiple hospitals in Ontario, Canada, clarifying that it was a ransomware attack.
November 7, 2023
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto
Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.
November 7, 2023
BlueNoroff hackers backdoor Macs with new ObjCShellz malware
The North Korean-backed BlueNorOff threat group targets Apple customers with new macOS malware tracked as ObjCShellz that can open remote shells on compromised devices.
November 7, 2023
Microsoft: Some Outlook.com users can't send emails with attachments
In a Monday advisory, Microsoft warned Outlook.com users about issues they might encounter when sending emails containing attachments.
November 7, 2023
Microsoft Authenticator now blocks suspicious MFA alerts by default
Microsoft has introduced a new protective feature in the Authenticator app to block notifications that appear suspicious based on specific checks performed during the account login stage.
November 7, 2023
OpenAI confirms it's not killing off ChatGPT plugins for now
During its inaugural developer conference, OpenAI unveiled GPTs, short for Generative Pre-trained Transformers. These custom versions of ChatGPT are designed to be shaped by and for individual users, whether for recreational or professional use, and can be shared with others.
November 7, 2023
Marina Bay Sands discloses data breach impacting 665,000 customers
The Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers.
November 6, 2023
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company's Veeam ONE IT infrastructure monitoring and analytics platform, two of them critical.
November 6, 2023
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
November 6, 2023
Microsoft will roll out MFA-enforcing policies for admin portal access
Microsoft will roll out Conditional Access policies requiring multifactor authentication from administrators when signing into Microsoft admin portals such as Microsoft Entra, Microsoft 365, Exchange, and Azure.
November 6, 2023
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims' files using Cerber ransomware.
November 6, 2023
US sanctions Russian who laundered money for Ryuk ransomware affiliate
The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions in cryptocurrency for various individuals, including ransomware actors.
November 6, 2023
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously exploited as a zero-day.
November 6, 2023
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system and applications on its network-attached storage (NAS) devices.
November 6, 2023
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) named 'SecuriDropper' has emerged, using a method that bypasses Android 13's 'Restricted Settings' to install malware on devices and grant them access to the Accessibility Services.
November 5, 2023
Socks5Systemz proxy service infects 10,000 systems worldwide
A proxy botnet called 'Socks5Systemz' has been infecting computers worldwide via the 'PrivateLoader' and 'Amadey' malware loaders, currently counting 10,000 infected devices.
November 4, 2023
Discord will switch to temporary file links to block malware delivery
Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware.
November 4, 2023
Apple 'Find My' network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards.
November 3, 2023
The Week in Ransomware - November 3rd 2023 - Hive's Back
Over the past couple of months, ransomware attacks have been escalating as new operations launch, old ones return, and existing operations continue to target the enterprise.
November 3, 2023
Dutch hacker jailed for extortion, selling stolen data on RaidForums
A former Dutch cybersecurity professional was sentenced to four years in prison after being found guilty of hacking and blackmailing more than a dozen companies in the Netherlands and worldwide.
November 3, 2023
American Airlines pilot union hit by ransomware attack
Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday.
November 3, 2023
Google Play adds security audit badges for Android VPN apps
Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform.
November 3, 2023
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
November 3, 2023
Okta breach: 134 customers exposed in October support system hack
Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.
November 2, 2023
Atlassian warns of exploit for Confluence data wiping bug, get patching
Atlassian warned admins that a public exploit is now available for a critical Confluence security flaw that can be used in data destruction attacks targeting Internet-exposed and unpatched instances.
November 2, 2023
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers.
November 2, 2023
New macOS 'KandyKorn' malware targets cryptocurrency engineers
A new macOS malware dubbed 'KandyKorn' has been spotted in a campaign attributed to the North Korean Lazarus hacking group, targeting blockchain engineers of a cryptocurrency exchange platform.
November 2, 2023
BlackCat ransomware claims breach of healthcare giant Henry Schein
The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information.
November 2, 2023
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
November 2, 2023
HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks
A remote code execution (RCE) flaw impacting Apache ActiveMQ has been under active exploitation by threat actors who use HelloKitty ransomware payloads.
November 2, 2023
Cloudflare Dashboard and APIs down after data center power outage
An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations.
November 2, 2023
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.
November 2, 2023
Microsoft pledges to bolster security as part of ‘Secure Future’ initiative
Microsoft announced today the 'Secure Future Initiative,' pledging to improve the built-in security of its products and platforms to better protect customers against escalating cybersecurity threats.
November 2, 2023
Okta hit by third-party data breach exposing employee information
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
November 2, 2023
Your end-users are reusing passwords – that’s a big problem
Password reuse is a difficult vulnerability for IT teams to get full visibility over. Learn more from Specops Software on how to mitigate the risk of compromised credentials.
November 1, 2023
Meta faces EU ban on Facebook, Instagram targeted advertising
The European Data Protection Board has extended the temporary ban on targeted advertising on Facebook and Instagram, imposed by the Norwegian Data Protection Authority (DPA) in July.
November 1, 2023
FSB arrests Russian hackers working for Ukrainian cyber forces
Russia's security agency published a press release on Tuesday saying that its officers detained two hackers who either assisted or joined Ukraine's hackers in cyber operations.
November 1, 2023
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack.
November 1, 2023
New CVSS 4.0 vulnerability severity rating standard released
The Forum of Incident Response and Security Teams (FIRST) has officially released CVSS v4.0, the next generation of its Common Vulnerability Scoring System standard, eight years after CVSS v3.0, the previous major version.
November 1, 2023
Hackers use Citrix Bleed flaw in attacks on govt networks worldwide
Threat actors are leveraging the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, to target government, technical, and legal organizations in the Americas, Europe, Africa, and the Asia-Pacific region.
November 1, 2023
3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution (RCE) vulnerability.
November 1, 2023
Microsoft: Windows Copilot makes desktop icons jump between displays
Microsoft says a new known issue is causing desktop icons to behave erratically on systems with multiple displays when using the Windows Copilot AI-powered digital assistant.
November 1, 2023
Mozi malware botnet goes dark after mysterious use of kill-switch
Mozi malware botnet activity faded away in August after a mysterious unknown party sent a payload on September 27, 2023, that triggered a kill switch to deactivate all bots.
November 1, 2023
Hackers exploit recent F5 BIG-IP flaws in stealthy attacks
F5 is warning BIG-IP admins that devices are being breached by "skilled" hackers exploiting two recently disclosed vulnerabilities to erase signs of their access and achieve stealthy code execution.
November 1, 2023
LayerX Enterprise Browser Security Extension – Secure the Modern Workspace
LayerX has developed a secure enterprise browser extension that delivers comprehensive visibility, monitoring, and granular policy enforcement on every event within a browsing session. Learn more about this cybersecurity platform from LayerxSecurity.
October 31, 2023
Avast confirms it tagged Google app as malware on Android phones
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
October 31, 2023
Flipper Zero Bluetooth spam attacks ported to new Android app
Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts.
October 31, 2023
Windows 11 23H2 - New features in the Windows 11 2023 Update
Microsoft released the new Windows 11 23H2 feature update today, and it comes with a ton of new features that may make Windows 10 holdouts willing to upgrade.
October 31, 2023
How to download a Windows 11 23H2 ISO from Microsoft
Microsoft released Windows 11 23H2, the Windows 11 2023 Update, today, and you can now download an ISO image for the new version to put aside for emergencies or clean installs.
October 31, 2023
British Library knocked offline by weekend cyberattack
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28.
October 31, 2023
Atlassian warns of critical Confluence flaw leading to data loss
Australian software company Atlassian warned admins to immediately patch Internet-exposed Confluence instances against a critical security flaw that could lead to data loss following successful exploitation.
October 31, 2023
Microsoft releases Windows 11 23H2 as an enablement package
Microsoft announced today the release of Windows 11, version 23H2, the next feature update for its operating system (also known as the Windows 11 2023 Update).
October 31, 2023
Dozens of countries will pledge to stop paying ransomware gangs
An alliance of 40 countries will sign a pledge during the third annual International Counter-Ransomware Initiative summit in Washington, D.C., to stop paying ransoms demanded by cybercriminal groups.
October 31, 2023
Samsung Galaxy gets new Auto Blocker anti-malware feature
Samsung has unveiled a new security feature called 'Auto Blocker' as part of the One UI 6 update, offering enhanced malware protection on Galaxy devices.
October 31, 2023
Massive cybercrime URL shortening service uncovered via DNS data
A threat actor that security researchers call Prolific Puma has been providing link shortening services to cybercriminals for at least four years while keeping a sufficiently low profile to operate undetected.
October 31, 2023
Canada bans WeChat and Kaspersky products on govt devices
Canada has banned the use of Kaspersky security products and Tencent's WeChat app on mobile devices used by government employees, citing network and national security concerns.
October 31, 2023
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
October 30, 2023
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
October 30, 2023
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
October 30, 2023
SEC sues SolarWinds for misleading investors before 2020 hack
The U.S. Securities and Exchange Commission (SEC) today charged SolarWinds with defrauding investors by allegedly concealing cybersecurity defense issues before a December 2020 linked to APT29, the Russian Foreign Intelligence Service (SVR) hacking division.
October 30, 2023
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
October 30, 2023
FTC orders non-bank financial firms to report breaches in 30 days
The U.S. Federal Trade Commission (FTC) has amended the Safeguards Rules, mandating that all non-banking financial institutions report data breach incidents within 30 days.
October 30, 2023
Google Chrome now auto-upgrades to secure connections for all users
Google has taken a significant step towards enhancing Chrome internet security by automatically upgrading insecure HTTP requests to HTTPS requests for 100% of users.
October 30, 2023
Toronto Public Library services down following weekend cyberattack
The Toronto Public Library (TPL) is warning that many of its online services are offline after suffering a cyberattack over the weekend, on Saturday, October 28.
October 30, 2023
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
October 30, 2023
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware.
October 29, 2023
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
October 29, 2023
Pirate IPTV network in Austria dismantled and $1.74 million seized
The Austrian police have arrested 20 people across the country linked to an illegal IPTV network that, between 2016 and 2023, decrypted copyright-protected broadcasts and redistributed them to thousands of customers.
October 29, 2023
Windows 11 adds support for 11 file archives, including 7-Zip and RAR
Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives.
October 28, 2023
Hackers email stolen student data to parents of Nevada school district
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack.
October 28, 2023
HackerOne paid ethical hackers over $300 million in bug bounties
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception.
October 27, 2023
Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.
October 27, 2023
The Week in Ransomware - October 27th 2023 - Breaking Records
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.
October 27, 2023
Microsoft 365 users get workaround for ‘Something Went Wrong’ errors
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.
October 27, 2023
Lazarus hackers breached dev repeatedly to deploy SIGNBT malware
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.
October 27, 2023
F5 fixes BIG-IP auth bypass allowing remote code execution attacks
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.
October 27, 2023
Windows 11 KB5031455 preview update enables Moment 4 features by default
Microsoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues.
October 26, 2023
Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe.
October 26, 2023
Microsoft: Octo Tempest is one of the most dangerous financial hacking groups
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.
October 26, 2023
Android adware apps on Google Play amass two million installs
Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices.
October 26, 2023
Nigerian Police dismantle cybercrime recruitment, mentoring hub
The Nigerian Police Form has arrested six suspects and dismantled a mentoring hub linked to cybercrime activities, including business email compromise, romance, and investment scams.
October 26, 2023
France says Russian state hackers breached numerous critical networks
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.
October 26, 2023
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
October 26, 2023
Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks
The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.
October 26, 2023
New iLeakage attack steals emails, passwords from Apple Safari
Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser.
October 25, 2023
Samsung Galaxy S23 hacked two more times at Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada.
October 25, 2023
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
October 25, 2023
Microsoft tests Windows 11 encrypted DNS server auto-discovery
Microsoft is testing support for the Discovery of Network-designated Resolvers (DNR) internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks.
October 25, 2023
Flipper Zero can now spam Android, Windows users with Bluetooth alerts
A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices.
October 25, 2023
Windows 11 to let admins mandate SMB encryption for outbound connections
Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel.
October 25, 2023
Seiko says ransomware attack exposed sensitive customer data
Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information.
October 25, 2023
Citrix Bleed exploit lets hackers hijack NetScaler accounts
A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances.
October 25, 2023
Ransomware isn’t going away – the problem is only getting worse
Ransomware incidents continue to grow at an alarming pace, targeting the enterprise and governments worldwide. Learn more from Specops Software on how ransomware gangs gain initial access to networks and how to protect against attacks.
October 25, 2023
European govt email servers hacked using Roundcube zero-day
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks.
October 25, 2023
VMware fixes critical code execution flaw in vCenter Server
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers.
October 24, 2023
Samsung Galaxy S23 hacked twice on first day of Pwn2Own Toronto
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada.
October 24, 2023
Hackers backdoor Russian state, industrial orgs for data theft
Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations.
October 24, 2023
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
October 24, 2023
ASVEL basketball team confirms data breach after ransomware attack
French professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club.
October 24, 2023
VMware warns admins of public exploit for vRealize RCE flaw
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs).
October 24, 2023
September was a record month for ransomware attacks in 2023
Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months.
October 23, 2023
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant.
October 23, 2023
University of Michigan employee, student data stolen in cyberattack
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants.
October 23, 2023
Palestine crypto donation scams emerge amid Israel-Hamas war
As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where scammers list dubious cryptocurrency wallet addresses.
October 23, 2023
Citrix warns admins to patch NetScaler CVE-2023-4966 bug immediately
Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability.
October 23, 2023
US energy firm shares how Akira ransomware hacked its systems
In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack.
October 23, 2023
Spain arrests 34 cybercriminals who stole data of 4 million people
The Spanish National Police have dismantled a cybercriminal organization that carried out a variety of computer scams to steal and monetize the data of over four million people.
October 23, 2023
Cisco patches IOS XE zero-days used to hack over 50,000 devices
Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week.
October 23, 2023
QNAP takes down server behind widespread brute-force attacks
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords.
October 23, 2023
City of Philadelphia discloses data breach after five months
The City of Philadelphia is investigating a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May.
October 23, 2023
D.C. Board of Elections: Hackers may have breached entire voter roll
The District of Columbia Board of Elections (DCBOE) says that a threat actor who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters.
October 22, 2023
Google Chrome's new "IP Protection" will hide users' IP addresses
Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers.
October 22, 2023
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline.
October 22, 2023
New TetrisPhantom hackers steal data from secure USB drives on govt systems
A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region.
October 22, 2023
Microsoft announces Security Copilot early access program
Microsoft announced this week that its ChatGPT-like Security Copilot AI assistant is now available in early access for some customers.
October 21, 2023
American Family Insurance confirms cyberattack is behind IT outages
Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.
October 21, 2023
The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
October 21, 2023
International Criminal Court systems breached for cyber espionage
The International Criminal Court provided additional information about the cyberattack five weeks ago, saying that it was a targeted operation for espionage purposes.
October 20, 2023
Cisco discloses new IOS XE zero-day exploited to deploy malware implant
Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.
October 20, 2023
Okta says its support system was breached using stolen credentials
​Okta says attackers accessed files containing cookies and session tokens uploaded by customers to its support management system after breaching it using stolen credentials.
October 20, 2023
Ragnar Locker ransomware developer arrested in France
Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation.
October 20, 2023
Critical RCE flaws found in SolarWinds access audit solution
Security researchers found three critical remote code execution vulnerabilities in the SolarWinds Access Rights Manager (ARM) product that remote attackers could use to run code with SYSTEM privileges.
October 20, 2023
Kwik Trip finally confirms cyberattack was behind ongoing outage
Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store chain's internal network since October 9.
October 20, 2023
Fake Corsair job offers on LinkedIn push DarkGate malware
A threat actor is using fake LinkedIn posts and direct messages about a Facebook Ads specialist position at hardware maker Corsair to lure people into downloading info-stealing malware like DarkGate and RedLine.
October 19, 2023
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
October 19, 2023
E-Root admin faces 20 years for selling stolen RDP, SSH accounts
Sandu Diaconu, the operator of the E-Root marketplace, has been extradited to the U.S. to face a maximum imprisonment penalty of 20 years for selling access to compromised computers.
October 19, 2023
BlackCat ransomware uses new ‘Munchkin’ Linux VM in stealthy attacks
The BlackCat/ALPHV ransomware operation has begun to use a new tool named 'Munchkin' that utilizes virtual machines to deploy encryptors on network devices stealthily.
October 19, 2023
Microsoft extends Purview Audit log retention after July breach
Microsoft is extending Purview Audit log retention as promised after the Chinese Storm-0558 hacking group breached dozens of Exchange and Microsoft 365 corporate and government accounts in July.
October 19, 2023
Fake KeePass site uses Google Ads and Punycode to push malware
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.
October 19, 2023
India targets Microsoft, Amazon tech support scammers in nationwide crackdown
India's Central Bureau of Investigation (CBI) raided 76 locations in a nationwide crackdown on cybercrime operations behind tech support scams and cryptocurrency fraud.
October 19, 2023
Iranian hackers lurked in Middle Eastern govt network for 8 months
The Iranian hacking group tracked as OilRig (APT34) breached at least twelve computers belonging to a Middle Eastern government network and maintained access for eight months between February and September 2023.
October 19, 2023
Ragnar Locker ransomware’s dark web extortion sites seized by police
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation.
October 19, 2023
WhatsApp gets support for multiple accounts on the same phone
Meta announced today that it's rolling out support for multiple WhatsApp accounts on the same device, allowing users to switch between them without needing to log out.
October 19, 2023
Casio discloses data breach impacting customers in 149 countries
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
October 18, 2023
Ukrainian activists hack Trigona ransomware gang, wipe servers
A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.
October 18, 2023
North Korean hackers exploit critical TeamCity flaw to breach networks
Microsoft says that the North Korean Lazarus and Andariel hacking groups are exploiting the CVE-2023-42793 flaw in TeamCity servers to deploy backdoor malware, likely to conduct software supply chain attacks.
October 18, 2023
Ex-Navy IT head gets 5 years for selling people’s data on darkweb
Marquis Hooper, a former U.S. Navy IT manager, has received a sentence of five years and five months in prison for illegally obtaining US citizens' personally identifiable information (PII) and selling it on the dark web.
October 18, 2023
Hacker leaks millions of new 23andMe genetic data profiles
A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.
October 18, 2023
Google Play Protect adds real-time scanning to fight Android malware
Google has announced new, real-time scanning features for Google Play Protect that make it harder for malicious apps employing polymorphism to evade detection.
October 18, 2023
MATA malware framework exploits EDR in attacks on defense firms
An updated version of the MATA backdoor framework was spotted in attacks between August 2022 and May 2023, targeting oil and gas firms and the defense industry in Eastern Europe.
October 18, 2023
Google links WinRAR exploitation to Russian, Chinese state hackers
Google says that several state-backed hacking groups have joined ongoing attacks exploiting a high-severity vulnerability in WinRAR, a compression software used by over 500 million users, aiming to gain arbitrary code execution on targets' systems.
October 18, 2023
Single Sign On and the Cybercrime Ecosystem
One of the trends driving an increase is the compromise of enterprise single sign on (SSO) applications are info-stealer malware attacks. Learn more from Flare about this cybercrime ecosystem.
October 18, 2023
Recently patched Citrix NetScaler bug exploited as zero-day since August
A critical vulnerability tracked as CVE-2023-4966 in Citrix NetScaler ADC/Gateway devices has been actively exploited as a zero-day since late August, security researchers announced.
October 18, 2023
Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts.
October 18, 2023
Twitter testing annual subscriptions for tweeting and retweeting
Twitter, now renamed X, is testing new $1 annual subscriptions to provide unverified accounts access to core features like tweeting and retweeting.
October 18, 2023
Microsoft disables bad spam rule flagging all sent emails as junk
Microsoft has disabled a bad anti-spam rule flooding Microsoft 365 admins' inboxes with blind carbon copies (BCC) of outbound emails mistakenly flagged as spam.
October 18, 2023
FBI warns of extortion groups targeting plastic surgery offices
The FBI warns that cybercriminals are using spoofed emails and phone numbers to target plastic surgery offices across the United States for extortion in phishing attacks that spread malware.
October 17, 2023
Over 40,000 admin portal accounts use 'admin' as a password
Security researchers found that IT administrators are using tens of thousands of weak passwords to protect access to portals, leaving the door open to cyberattacks on enterprise networks.
October 17, 2023
KwikTrip all but says IT outage was caused by a cyberattack
Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions.
October 17, 2023
Malicious Notepad++ Google ads evade detection for months
A new Google Search malvertizing campaign targets users looking to download the popular Notepad++ text editor, employing advanced techniques to evade detection and analysis.
October 17, 2023
Amazon adds passkey support as new passwordless login option
Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware and phishing attacks.
October 17, 2023
D-Link confirms data breach after employee phishing attack
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
October 17, 2023
SpyNote Android malware spreads via fake volcano eruption alerts
Android malware 'SpyNote' was seen in an Italy-focused campaign that uses a phony 'IT-alert' public alert service website to infect visitors.
October 17, 2023
Microsoft fixes known issue causing Outlook freezes, slow starts
Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users since June and causing slow starts and freezes as if Offline Outlook Data Files (OST) were syncing right after launch.
October 17, 2023
Fighting off cyberattacks? Make sure user credentials aren’t compromised
Login credential theft presents one of the biggest and most enduring cybersecurity problems. This article by Specops SOftware looks at the motivations driving credential theft and the tactics bad actors are likely to use.
October 17, 2023
Thousands of Cisco IOS XE devices hacked in widespread attacks
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect thousands of Cisco IOS XE devices with malicious implants.
October 17, 2023
October Windows Server updates cause Hyper-V VM boot issues
According to customer reports, this month's Patch Tuesday updates are breaking virtual machines on Hyper-V hosts, causing them to no longer boot and display "failed to start" errors.
October 16, 2023
Discord still a hotbed of malware activity — Now APTs join the fun
Discord continues to be a breeding ground for malicious activity by hackers and now APT groups, with it commonly used to distribute malware, exfiltrate data, and targeted by threat actors to steal authentication tokens.
October 16, 2023
Kansas courts IT systems offline after ‘security incident’
Information systems of state courts across Kansas are still offline after they've been disrupted in what the Kansas judicial branch described last Thursday as a "security incident."
October 16, 2023
Hackers exploit critical flaw in WordPress Royal Elementor plugin
A critical severity vulnerability impacting Royal Elementor Addons and Templates up to version 1.3.78 is reported to be actively exploited by two WordPress security teams.
October 16, 2023
Russian Sandworm hackers breached 11 Ukrainian telcos since May
The state-sponsored Russian hacking group tracked as 'Sandworm' has compromised eleven telecommunication service providers in Ukraine between May and September 2023.
October 16, 2023
Cisco warns of new IOS XE zero-day actively exploited in attacks
Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers.
October 16, 2023
Fake 'RedAlert' rocket alert app for Israel installs Android spyware
Israeli Android users are targeted by a malicious version of the 'RedAlert - Rocket Alerts' app that, while it offers the promised functionality, acts as spyware in the background.
October 16, 2023
CISA, FBI urge admins to patch Atlassian Confluence immediately
CISA, FBI, and MS-ISAC warned network admins today to immediately patch their Atlassian Confluence servers against a maximum severity flaw actively exploited in attacks.
October 16, 2023
Microsoft fixes Windows 10 security update installation issue
Microsoft has resolved a known issue that caused Windows 10 security updates released during this month's Patch Tuesday to fail with 0x8007000d errors.
October 16, 2023
Signal says there is no evidence rumored zero-day bug is real
Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real.
October 15, 2023
Steam enforces SMS verification to curb malware-ridden updates
Valve has announced implementing additional security measures for developers publishing games on Steam, including SMS-based confirmation codes. This is to deal with a recent outbreak of malicious updates pushing malware from compromised publisher accounts.
October 15, 2023
Women Political Leaders Summit targeted in RomCom malware phishing
A new, lightweight variant of the RomCom backdoor was deployed against participants of the Women Political Leaders (WPL) Summit in Brussels, a summit focusing on gender equality and women in politics.
October 14, 2023
AI algorithm detects MitM attacks on unmanned military vehicles
Professors at the University of South Australia and Charles Sturt University have developed an algorithm to detect and intercept man-in-the-middle (MitM) attacks on unmanned military robots.
October 14, 2023
DarkGate malware spreads through compromised Skype accounts
Between July and September, DarkGate malware attacks have used compromised Skype accounts to infect targets through messages containing VBA loader script attachments.
October 14, 2023
Ubuntu discovers 'hate speech' in release 23.10 — how to upgrade?
Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the distro via a "third party tool."
October 13, 2023
The Week in Ransomware - October 13th 2023 - Increasing Attacks
Ransomware gangs continue to pummel the enterprise, with attacks causing disruption in business operations and resulting in data breaches if a ransom is not paid.
October 13, 2023
23andMe hit with lawsuits after hacker leaks stolen genetics data
Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers.
October 13, 2023
Microsoft: October Windows 10 security updates fail to install
Microsoft says Windows 10 security updates released during this month's Patch Tuesday may fail to install with 0x8007000d errors, although initially displaying progress.
October 13, 2023
Kwik Trip IT systems outage caused by mysterious ‘network incident’
​Kwik Trip has been impacted by a wide range of mysterious business disruptions since this weekend that are indicative of a ransomware attack.
October 13, 2023
Microsoft plans to kill off NTLM authentication in Windows 11
Microsoft announced earlier this week that the NTLM authentication protocol will be killed off in Windows 11 in the future.
October 13, 2023
Hackers use Binance Smart Chain contracts to store malicious scripts
Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in the blockchain.
October 13, 2023
CISA shares vulnerabilities, misconfigs used by ransomware gangs
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has unveiled additional details regarding misconfigurations and security vulnerabilities exploited by ransomware gangs, aiming to help critical infrastructure organizations thwart their attacks.
October 12, 2023
FBI shares AvosLocker ransomware technical details, defense tips
The U.S. government has updated the list of tools AvosLocker ransomware affiliates use in attacks to include open-source utilities along with custom PowerShell, and batch scripts.
October 12, 2023
Ransomware attacks now target unpatched WS_FTP servers
Internet-exposed WS_FTP servers unpatched against a maximum severity vulnerability are now targeted in ransomware attacks. 
October 12, 2023
Malicious Solana, Kucoin packages infect NuGet devs with SeroXen RAT
Malicious NuGet packages appearing to have over 2 million downloads impersonate crypto wallets, crypto exchange, and Discord libraries to infect developers with the SeroXen remote access trojan.
October 12, 2023
New Microsoft bug bounty program focuses on AI-powered Bing
Microsoft announced a new AI bounty program focused on the AI-driven Bing experience, with rewards reaching $15,000.
October 12, 2023
Apple fixes iOS Kernel zero-day vulnerability on older iPhones
Apple has published security updates for older iPhones and iPads to backport patches released one week ago, addressing two zero-day vulnerabilities exploited in attacks.
October 12, 2023
ToddyCat hackers use 'disposable' malware to target Asian telecoms
A newly discovered campaign dubbed "Stayin' Alive" has been targeting government organizations and telecommunication service providers across Asia since 2021, using a wide variety of "disposable" malware to evade detection.
October 12, 2023
Hyped up curl vulnerability falls short of expectations
curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38545), easing week-long concerns regarding the flaw's severity.
October 12, 2023
Shadow PC warns of data breach as hacker tries to sell gamers' info
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers.
October 11, 2023
New WordPress backdoor creates rogue admin to hijack websites
A new malware has been posing as a legitimate caching plugin to target WordPress sites, allowing threat actors to create an administrator account and control the site's activity.
October 11, 2023
BianLian extortion group claims recent Air Canada breach
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance.
October 11, 2023
Microsoft Defender now auto-isolates compromised accounts
Microsoft Defender for Endpoint now uses automatic attack disruption to isolate compromised user accounts and block lateral movement in hands-on-keyboard attacks with the help of a new 'contain user' capability in public preview.
October 11, 2023
Exchange Online mail delivery issues caused by anti-spam rules
Microsoft is investigating Exchange Online mail delivery issues causing "Server busy" errors and delays when receiving emails from outside organizations.
October 11, 2023
Windows 11 21H2 and Windows Server 2012 reach end of support
Windows Server 2012 and multiple editions of Windows 11, version 21H2, have reached the end of support with this month's Patch Tuesday.
October 11, 2023
Microsoft: State hackers exploiting Confluence zero-day since September
Microsoft says a Chinese-backed threat group tracked as 'Storm-0062' (aka DarkShadow or Oro0lxy) has been exploiting a critical privilege escalation zero-day in the Atlassian Confluence Data Center and Server since September 14, 2023.
October 11, 2023
Generative AI Security: Preventing Microsoft Copilot Data Exposure
Microsoft Copilot introduces potential privacy risks as it can have full access to your organization's documents, email, contacts, chats, and calendar. Learn more from Varonis about Microsoft Copilot's security model works and the privacy risks associated with using it.
October 11, 2023
Simpson Manufacturing shuts down IT systems after cyberattack
Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue.
October 11, 2023
LinkedIn Smart Links attacks return to target Microsoft accounts
Hackers are once again abusing LinkedIn Smart Links in phishing attacks to bypass protection measures and evade detection in attempts to steal Microsoft account credentials.
October 10, 2023
Microsoft warns of incorrect BitLocker encryption errors
Microsoft warned customers this week of incorrect BitLocker drive encryption errors being shown in some managed Windows environments.
October 10, 2023
Mirai DDoS malware variant expands targets with 13 router exploits
A Mirai-based DDoS (distributed denial of service) malware botnet tracked as IZ1H9 has added thirteen new payloads to target Linux-based routers and routers from D-Link, Zyxel, TP-Link, TOTOLINK, and others.
October 10, 2023
Microsoft Exchange gets ‘better’ patch to mitigate critical bug
The Exchange Team asked admins to deploy a new and "better" patch for a critical Microsoft Exchange Server vulnerability initially addressed in August.
October 10, 2023
Windows 10 KB5031356 update released with 11 improvements
Microsoft has released the optional KB5031356 Preview cumulative update for Windows 10 21H2 and Windows 10 22H2, with twenty-five fixes for various issues.
October 10, 2023
Windows 11 KB5031354 cumulative update released with new features
Microsoft has released the Windows 11 22H2 KB5031354 cumulative update to fix security vulnerabilities. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features provide you turn on the "Get latest updates" toggle 
October 10, 2023
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
October 10, 2023
Air Europa data breach: Customers warned to cancel credit cards
Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach.
October 10, 2023
Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.
October 10, 2023
New critical Citrix NetScaler flaw exposes 'sensitive' data
Citrix NetScaler ADC and NetScaler Gateway are impacted by a critical severity flaw that allows the disclosure of sensitive information from vulnerable appliances.
October 10, 2023
New 'HTTP/2 Rapid Reset' zero-day attack breaks DDoS records
A new DDoS (distributed denial of service) technique named 'HTTP/2 Rapid Reset' has been actively exploited as a zero-day since August, breaking all previous records in magnitude.
October 10, 2023
A Primer on Cyber Risk Acceptance and What it Means to Your Business
A fundamental idea to understand about risk is that it is inevitable. Learn more from Outpost24 on cyber risk acceptance and the role of continuous penetration testing in making informed risk acceptance decisions.
October 10, 2023
Google makes passkeys the default sign-in for personal accounts
Google announced today that passkeys are now the default sign-in option across all personal Google Accounts across its services and platforms.
October 9, 2023
D-Link WiFi range extender vulnerable to command injection attacks
The popular D-Link DAP-X1860 WiFi 6 range extender is susceptible to a vulnerability allowing DoS (denial of service) attacks and remote command injection.
October 9, 2023
ALPHV ransomware gang claims attack on Florida circuit court
The ALPHV (BlackCat) ransomware gang has claimed an attack that affected state courts across Northwest Florida (part of the First Judicial Circuit) last week.
October 9, 2023
GNOME Linux systems exposed to RCE attacks via file downloads
A memory corruption vulnerability in the open-source libcue library can let attackers execute arbitrary code on GNOME Linux systems.
October 9, 2023
Over 17,000 WordPress sites hacked in Balada Injector attacks last month
Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins.
October 9, 2023
Hackers modify online stores’ 404 pages to steal credit cards
A new Magecart card skimming campaign hijacks the 404 error pages of online retailer's websites, hiding malicious code to steal customers' credit card information.
October 9, 2023
Hackers hijack Citrix NetScaler login pages to steal credentials
Hackers are conducting a large-scale campaign to exploit the recent CVE-2023-3519 flaw in Citrix NetScaler Gateways to steal user credentials.
October 9, 2023
HelloKitty ransomware source code leaked on hacking forum
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor.
October 8, 2023
Google Chrome's organize tabs will automatically reorder tabs
In a bid to upgrade user experience, the Chrome team is developing an "Organise Tabs" feature, soon to be seen at the top left corner of the browser, adjacent to the tab search function. This new addition would be a natural extension of Tab Groups functionality.
October 8, 2023
Microsoft 365 admins warned of new Google anti-spam rules
Microsoft urged Microsoft 365 email senders this week to authenticate outbound messages following new anti-spam rules for bulk senders announced earlier this week by Google.
October 8, 2023
Third Flagstar Bank data breach since 2021 affects 800,000 customers
Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.
October 7, 2023
Bounty offered for secret NSA seeds behind NIST elliptic curves algo
A bounty of $12,288 has been announced for the first person to crack the NIST elliptic curves seeds and discover the original phrases that were hashed to generate them.
October 6, 2023
D.C. Board of Elections confirms voter data stolen in site hack
The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC.
October 6, 2023
Blackbaud agrees to $49.5 million settlement for ransomware data breach
Cloud computing provider Blackbaud reached a $49.5 million agreement with attorneys general from 49 U.S. states to settle a multi-state investigation of a May 2020 ransomware attack and the resulting data breach.
October 6, 2023
FTC warns of ‘staggering’ losses to social media scams since 2021
The Federal Trade Commission says Americans have lost at least $2.7 billion to social media scams since 2021, with the real number likely many times larger due to unreported incidents. 
October 6, 2023
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
October 6, 2023
MGM Resorts ransomware attack led to $100 million loss, data theft
MGM Resorts reveals that last month's cyberattack cost the company $100 million and allowed the hackers to steal customers' personal information.
October 5, 2023
Microsoft officially removes Cortana for Windows 11 Insiders
Microsoft finally removed the Cortana standalone app from Windows 11 in the latest preview build for Insiders in the Canary Channel.
October 5, 2023
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
October 5, 2023
China-linked cyberspies backdoor semiconductor firms with Cobalt Strike
Hackers engaging in cyber espionage have targeted Chinese-speaking semiconductor companies with TSMC-themed lures that infect them with Cobalt Strike beacons.
October 5, 2023
NSA and CISA reveal top 10 cybersecurity misconfigurations
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) revealed today the top ten most common cybersecurity misconfigurations discovered by their red and blue teams in the networks of large organizations.
October 5, 2023
Amazon to make MFA mandatory for 'root' AWS accounts by mid-2024
Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024.
October 5, 2023
Microsoft releases new, faster Teams app for Windows and Mac PCs
A new, redesigned, and faster Microsoft Teams application is generally available for all Windows and macOS users starting today.
October 5, 2023
Lyca Mobile investigates customer data leak after cyberattack
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data.
October 4, 2023
Hundreds of malicious Python packages found stealing sensitive data
A malicious campaign that researchers observed growing more complex over the past half year, has been planting on open-source platforms hundreds of info-stealing packages that counted about 75,000 downloads.
October 4, 2023
Apple emergency update fixes new zero-day used to hack iPhones
Apple released emergency security updates to patch a new zero-day security flaw exploited in attacks targeting iPhone and iPad users. [...]
October 4, 2023
Atlassian patches critical Confluence zero-day exploited in attacks
Australian software company Atlassian released emergency security updates to fix a maximum severity zero-day vulnerability in its Confluence Data Center and Server software, which has been exploited in attacks. [...]
October 4, 2023
Researchers warn of 100,000 industrial control systems exposed online
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems. [...]
October 4, 2023
Cisco fixes hard-coded root credentials in Emergency Responder
Cisco released security updates to fix a Cisco Emergency Responder (CER) vulnerability that let attackers log into unpatched systems using hard-coded credentials. [...]
October 4, 2023
Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection. [...]
October 4, 2023
Enhancing your application security program with continuous monitoring
Pen Testing as a Service and Traditional web application pen testing offers two different approaches to securing your applications. Learn more from Outpost24 on which approach may be best for your business. [...]
October 4, 2023
Sony confirms data breach impacting thousands in the U.S.
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information. [...]
October 4, 2023
Emergency alert on US phones and TVs today — Don't worry, it's just a test
The U.S. Federal Emergency Management Agency (FEMA) and the Federal Communications Commission (FCC) will run an emergency alert test today to check Emergency Alert System (EAS) and Wireless Emergency Alerts (WEA) capabilities nationwide. [...]
October 3, 2023
New 'Looney Tunables' Linux bug gives root on major distros
A new Linux vulnerability known as 'Looney Tunables' enables local attackers to gain root privileges by exploiting a buffer overflow weakness in the GNU C Library's ld.so dynamic loader. [...]
October 3, 2023
Microsoft now lets you play a game during Windows 11 installs
Microsoft has introduced a new twist to the Windows 11 installation and update process, transforming it from a mundane task into an enjoyable experience. [...]
October 3, 2023
Google to bolster phishing and malware delivery defenses in 2024
Google will introduce new sender guidelines in February to bolster email security against phishing and malware delivery by mandating bulk senders to authenticate their emails and adhere to stricter spam thresholds [...]
October 3, 2023
Android October security update fixes zero-days exploited in attacks
Google has released the October 2023 security updates for Android, addressing 54 unique vulnerabilities, including two known to be actively exploited. [...]
October 3, 2023
ShellTorch flaws expose AI servers to code execution attacks
A set of critical vulnerabilities dubbed 'ShellTorch' in the open-source TorchServe AI model-serving tool impact tens of thousands of internet-exposed servers, some of which belong to large organizations. [...]
October 3, 2023
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. [...]
October 3, 2023
Microsoft Edge, Teams get fixes for zero-days in open-source libraries
Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. [...]
October 3, 2023
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings. [...]
October 2, 2023
Microsoft Defender no longer flags Tor Browser as malware
For Windows users who frequently use the TorBrowser, there's been a pressing concern. Recent versions of the TorBrowser, specifically because of the tor.exe file it contained, were being flagged as potential threats by Windows Defender. [...]
October 2, 2023
Exim patches three of six zero-day bugs disclosed last week
Exim developers have released patches for three of the zero-days disclosed last week through Trend Micro's Zero Day Initiative (ZDI), one of them allowing unauthenticated attackers to gain remote code execution. [...]
October 2, 2023
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
Security researchers discovered a new malware-as-a-service (MaaS) named 'BunnyLoader' advertised on multiple hacker forums as a fileless loader that can steal and replace the contents of the system clipboard. [...]
October 2, 2023
Ransomware gangs now exploiting critical TeamCity RCE flaw
Ransomware gangs are now targeting a recently patched critical vulnerability in JetBrains' TeamCity continuous integration and deployment server. [...]
October 2, 2023
Exploit available for critical WS_FTP bug exploited in attacks
Over the weekend, security researchers released a proof-of-concept (PoC) exploit for a maximum severity remote code execution vulnerability in Progress Software's WS_FTP Server file sharing platform. [...]
October 2, 2023
Arm warns of Mali GPU flaws likely exploited in targeted attacks
Arm in a security advisory today is warning of an actively exploited vulnerability affecting the widely-used Mali GPU drivers. [...]
October 2, 2023
Motel One discloses data breach following ransomware attack
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards. [...]
October 2, 2023
FBI warns of surge in 'phantom hacker' scams impacting elderly
The FBI issued a public service announcement warning of a significant increase in 'phantom hacker' scams targeting senior citizens across the United States. [...]
October 1, 2023
Amazon sends Mastercard, Google Play gift card order emails by mistake
Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised. [...]
October 1, 2023
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors. [...]
October 1, 2023
New Marvin attack revives 25-year-old decryption flaw in RSA
A flaw related to the PKCS #1 v1.5 padding in SSL servers discovered in 1998 and believed to have been resolved still impacts several widely-used projects today. [...]
September 30, 2023
Cloudflare DDoS protections ironically bypassed using Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls. [...]
September 30, 2023
Microsoft fixes Outlook prompts to reopen closed windows
Microsoft has resolved a known issue that caused Outlook Desktop to unexpectedly prompt users to reopen previously closed windows. [...]
September 29, 2023
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed. [...]
September 29, 2023
Millions of Exim mail servers exposed to zero-day RCE attacks
A critical zero-day vulnerability in all versions of Exim mail transfer agent (MTA) software can let unauthenticated attackers gain remote code execution (RCE) on Internet-exposed servers. [...]
September 29, 2023
Exploit released for Microsoft SharePoint Server auth bypass flaw
Proof-of-concept exploit code has surfaced on GitHub for a critical authentication bypass vulnerability in Microsoft SharePoint Server, allowing privilege escalation. [...]
September 29, 2023
ShinyHunters member pleads guilty to $6 million in data theft damages
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group. [...]
September 29, 2023
Discord is investigating cause of 'You have been blocked' errors
Many Discord users attempting to access the popular instant messaging and VoIP social platform today have been met with a scary "Sorry, you have been blocked" message. [...]
September 29, 2023
Lazarus hackers breach aerospace firm with new LightlessCan malware
The North Korean 'Lazarus' hacking group targeted employees of an aerospace company located in Spain with fake job opportunities to hack into the corporate network using a previously unknown 'LightlessCan' backdoor. [...]
September 28, 2023
Progress warns of maximum severity WS_FTP Server vulnerability
Progress, the maker of the MOVEit Transfer file-sharing platform recently exploited in widespread data theft attacks, warned customers to patch a maximum severity vulnerability in its WS_FTP Server software. [...]
September 28, 2023
Microsoft breach led to theft of 60,000 US State Dept emails
Chinese hackers stole tens of thousands of emails from U.S. State Department accounts after breaching Microsoft's cloud-based Exchange email platform in May. [...]
September 28, 2023
Bing Chat responses infiltrated by ads pushing malware
Malicious advertisements are now being injected into Microsoft's AI-powered Bing Chat responses, promoting fake download sites that distribute malware. [...]
September 28, 2023
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days. [...]
September 28, 2023
Cisco urges admins to fix IOS software zero-day exploited in attacks
Cisco warned customers on Wednesday to patch a zero-day IOS and IOS XE software vulnerability targeted by attackers in the wild. [...]
September 28, 2023
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco is warning of five new Catalyst SD-WAN Manager products vulnerabilities with the most critical allowing unauthenticated remote access to the server. [...]
September 28, 2023
Security researcher stopped at US border for investigating crypto scam
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Curry was further served with a 'Grand Jury' subpoena that demanded him to appear in court for testimony. [...]
June 23, 2022
Spyware vendor works with ISPs to infect iOS and Android users
Google's Threat Analysis Group (TAG) revealed today that RCS Labs, an Italian spyware vendor, has received help from some Internet service providers (ISPs) to infect Android and iOS users in Italy and Kazakhstan with commercial surveillance tools. [...]
June 23, 2022
Microsoft aims to make Edge the go-to browser for gaming
Microsoft wants to make Edge the go-to browser for gaming, with new features unveiled today, including a new gaming portal and the public release of its Clarity boost upscaling feature when using Xbox Cloud Gaming. [...]
June 23, 2022
Lithuania warns of rise in DDoS attacks against government sites
The National Cyber Security Center (NKSC) of Lithuania has issued a public warning about a steep increase in distributed denial of service (DDoS) attacks directed against public authorities in the country. [...]
June 23, 2022
Malicious Windows 'LNK' attacks made easy with new Quantum builder
Malware researchers have noticed a new tool that helps cybercriminals build malicious .LNK files to deliver payloads for the initial stages of an attack. [...]
June 23, 2022
Automotive hose maker Nichirin hit by ransomware attack
Nichirin-Flex U.S.A, a subsidiary of the Japanese car and motorcycle hose maker Nichirin, has been hit by a ransomware attack causing the company to take the network offline. [...]
June 23, 2022
Chinese hackers use ransomware as decoy for cyber espionage
Two Chinese hacking groups conducting cyber espionage and stealing intellectual property from Japanese and western companies are deploying ransomware as a decoy to cover up their malicious activities. [...]
June 23, 2022
New MetaMask phishing campaign uses KYC lures to steal passphrases
A new phishing campaign is targeting users on Microsoft 365 while spoofing the popular MetaMask cryptocurrency wallet provider and attempting to steal recovery phrases. [...]
June 23, 2022
Conti ransomware hacking spree breaches over 40 orgs in a month
The Conti cybercrime syndicate runs one of the most aggressive ransomware operations and has grown highly organized, to the point that affiliates were able to hack more than 40 companies in a little over a month. [...]
June 22, 2022
NSA shares tips on securing Windows devices with PowerShell
The National Security Agency (NSA) and cybersecurity partner agencies issued an advisory today recommending system administrators to use PowerShell to prevent and detect malicious activity on Windows machines. [...]
June 22, 2022
Chinese hackers target script kiddies with info-stealer trojan
Cybersecurity researchers have discovered a new campaign attributed to the Chinese "Tropic Trooper" hacking group, which employs a novel loader called Nimbda and a new variant of the Yahoyah trojan. [...]
June 22, 2022
Microsoft: Russia stepped up cyberattacks against Ukraine’s allies
Microsoft said today that Russian intelligence agencies have stepped up cyberattacks against governments of countries that have allied themselves with Ukraine after Russia's invasion. [...]
June 22, 2022
Privacy-focused Brave Search grew by 5,000% in a year
Brave Search, the browser developer's privacy-centric Internet search engine, is celebrating its first anniversary after surpassing 2.5 billion queries and seeing almost 5,000% growth in a year. [...]
June 22, 2022
MEGA fixes critical flaws that allowed the decryption of user data
MEGA has released a security update to address a set of severe vulnerabilities that could have exposed user data, even if the data had been stored in encrypted form. [...]
June 22, 2022
June Windows Server 2022 update adds support for WSL2
Microsoft says support for Windows Subsystem for Linux (WSL 2) distros can now be added to any machine running Windows Server 2022 by installing this month's Patch Tuesday updates. [...]
June 22, 2022
Microsoft reveals cause behind this week’s Microsoft 365 outage
Microsoft has revealed that this week's Microsoft 365 worldwide outage was caused by an infrastructure power outage that led to traffic management servicing failovers in multiple regions. [...]
June 22, 2022
Critical PHP flaw exposes QNAP NAS devices to RCE attacks
QNAP has warned customers today that many of its Network Attached Storage (NAS) devices are vulnerable to attacks that would exploit a three-year-old critical PHP vulnerability allowing remote code execution. [...]
June 21, 2022
Yodel parcel company confirms cyberattack is disrupting delivery
Services for the U.K.-based Yodel delivery service company have been disrupted due to a cyberattack that caused delays in parcel distribution and tracking orders online. [...]
June 21, 2022
7-zip now supports Windows ‘Mark-of-the-Web’ security feature
7-zip has finally added support for the long-requested 'Mark-of-the-Web' Windows security feature, providing better protection from malicious downloaded files. [...]
June 21, 2022
Russian govt hackers hit Ukraine with Cobalt Strike, CredoMap malware
The Ukrainian Computer Emergency Response Team (CERT) is warning that Russian hacking groups are exploiting the Follina code execution vulnerability in new phishing campaigns to install the CredoMap malware and Cobalt Strike beacons. [...]
June 21, 2022
Adobe Acrobat may block antivirus tools from monitoring PDF files
Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users. [...]
June 21, 2022
Phishing gang behind millions in losses dismantled by police
Members of a phishing gang behind millions of euros in losses were arrested today following a law enforcement operation coordinated by the Europol.  [...]
June 21, 2022
Massive Cloudflare outage caused by network configuration error
Cloudflare says a massive outage that affected more than a dozen of its data centers and hundreds of major online platforms and services today was caused by a change that should have increased network resilience. [...]
June 21, 2022
Microsoft 365 outage affects Microsoft Teams and Exchange Online
An ongoing outage is affecting multiple Microsoft 365 services, with customers worldwide reporting delays, sign-in failures, and issues accessing their accounts. [...]
June 21, 2022
New ToddyCat APT group targets Exchange servers in Asia, Europe
An advanced persistent threat (APT) group dubbed ToddyCat has been targeting Microsoft Exchange servers throughout Asia and Europe for more than a year, since at least December 2020. [...]
June 21, 2022
Icefall: 56 flaws impact thousands of exposed industrial devices
A security report has been published on a set of 56 vulnerabilities that are collectively called Icefall and affect operational technology (OT) equipment used in various critical infrastructure environments. [...]
June 20, 2022
Windows emergency update fixes Microsoft 365 issues on Arm devices
Microsoft has released an out-of-band (OOB) Windows update to address a known issue that would cause Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after installing the June 2022 Patch Tuesday updates. [...]
June 20, 2022
New DFSCoerce NTLM Relay attack allows Windows domain takeover
A new Windows NTLM relay attack called DFSCoerce has been discovered that uses MS-DFSNM, Microsoft's Distributed File System, to completely take over a Windows domain. [...]
June 20, 2022
Recent Windows Server updates break VPN, RDP, RRAS connections
This month's Windows Server updates are causing a wide range of issues for administrators, including VPN and RDP connectivity problems on servers with Routing and Remote Access Service (RRAS) enabled. [...]
June 20, 2022
Flagstar Bank discloses data breach impacting 1.5 million customers
Flagstar Bank is notifying 1.5 million customers of a data breach where hackers accessed personal data during a December cyberattack. [...]
June 20, 2022
Windows 10 and Windows 11 downloads blocked in Russia
People in Russia can no longer download Windows 10 and Windows 11 ISOs and installation tools from Microsoft, with no reason for the block provided by the company. [...]
June 20, 2022
New 'BidenCash' site sells your stolen credit card for just 15 cents
A recently launched carding site called 'BidenCash' is trying to get notoriety by leaking credit card details along with information about their owners. [...]
June 20, 2022
Microsoft 365 credentials targeted in new fake voicemail campaign
A new phishing campaign has been targeting U.S. organizations in the military, security software, manufacturing supply chain, healthcare and pharmaceutical sectors to steal Microsoft Office 365 and Outlook credentials. [...]
June 19, 2022
Google Chrome extensions can be fingerprinted to track you online
A researcher has discovered how to use your installed Google Chrome extensions to generate a fingerprint of your device that can be used to track you online. [...]
June 19, 2022
Android-wiping BRATA malware is evolving into a persistent threat
The threat actors operating the BRATA banking trojan have evolved their tactics and incorporated new information-stealing features into their malware. [...]
June 18, 2022
QNAP NAS devices targeted by surge of eCh0raix ransomware attacks
This week a new series of ech0raix ransomware has started targeting vulnerable QNAP Network Attached Storage (NAS) devices according to user reports and sample submissions on the ID-Ransomware platform. [...]
June 18, 2022
Browser extension lets you remove specific sites from search results
The uBlackList browser extension lets you clean up search results by removing specific sites when searching on Google, DuckDuckGo, Bing, and other search engines. [...]
June 18, 2022
Wave of 'Matanbuchus' spam is infecting devices with Cobalt Strike
Security researchers have noticed a new malicious spam campaign that delivers the 'Matanbuchus' malware to drop Cobalt Strike beacons on compromised machines. [...]
June 17, 2022
The Week in Ransomware - June 17th 2022 - Have I Been Ransomed?
Ransomware operations are constantly evolving their tactics to pressure victims to pay. For example, this week, we saw a new extortion tactic come into play with the creation of dedicated websites to extort victims with searchable data. [...]
June 17, 2022
June Windows updates break Microsoft 365 sign-ins on Arm devices
Microsoft is investigating a new known issue causing Azure Active Directory and Microsoft 365 sign-in issues on Arm devices after deploying the June 2022 Windows updates. [...]
June 17, 2022
Cisco says it won’t fix zero-day RCE in end-of-life VPN routers
Cisco advises owners of end-of-life Small Business RV routers to upgrade to newer models after disclosing a remote code execution vulnerability that will not be patched. [...]
June 17, 2022
New Windows 11 privacy feature lists apps that used your microphone, camera
Microsoft has recently added a new privacy feature that allows Windows 11 users to get a list of all the apps that have recently accessed their sensitive info and devices, including their camera, microphone, and contacts. [...]
June 17, 2022
Russian RSocks botnet disrupted after hacking millions of devices
The U.S. Department of Justice has announced the disruption of the Russian RSocks malware botnet used to hijack millions of computers, Android smartphones, and IoT (Internet of Things) devices worldwide for use as proxy servers. [...]
June 17, 2022
QNAP 'thoroughly investigating' new DeadBolt ransomware attacks
Network-attached storage (NAS) vendor QNAP once again warned customers on Friday to secure their devices against a new campaign of attacks pushing DeadBolt ransomware. [...]
June 17, 2022
Microsoft: June Windows updates may break Wi-Fi hotspots
Microsoft is investigating a newly acknowledged issue causing connectivity issues when using Wi-Fi hotspots after deploying Windows updates released during the June 2022 Patch Tuesday. [...]
June 16, 2022
Sophos Firewall zero-day bug exploited weeks before fix
Chinese hackers used a zero-day exploit for a critical-severity vulnerability in Sophos Firewall to compromise a company and breach cloud-hosted web servers operated by the victim. [...]
June 16, 2022
iCloud hacker gets 9 years in prison for stealing nude photos
A California man who hacked thousands of Apple iCloud accounts was sentenced to 8 years in prison after pleading guilty to conspiracy and computer fraud in October 2021. [...]
June 16, 2022
New MaliBot Android banking malware spreads as a crypto miner
Threat analysts have discovered a new Android malware strain named MaliBot, which poses as a cryptocurrency mining app or the Chrome web browser to target users in Italy and Spain. [...]
June 16, 2022
730K WordPress sites force-updated to patch critical plugin bug
WordPress sites using Ninja Forms, a forms builder plugin with more than 1 million installations, have been force-updated en masse this week to a new build that addresses a critical security vulnerability likely exploited in the wild. [...]
June 16, 2022
Anker Eufy smart home hubs exposed to RCE attacks by critical flaw
Anker's central smart home device hub, Eufy Homebase 2, was vulnerable to three vulnerabilities, one of which is a critical remote code execution (RCE) flaw. [...]
June 16, 2022
New cloud-based Microsoft Defender for home now generally available
Microsoft has announced today the general availability of Microsoft Defender for individuals, the company's new security solution for personal phones and computers. [...]
June 16, 2022
MetaMask, Phantom warn of flaw that could steal your crypto wallets
MetaMask and Phantom are warning of a new 'Demonic' vulnerability that could expose a crypto wallet's secret recovery phrase, allowing attackers to steal NFTs and cryptocurrency stored within it. [...]
June 16, 2022
Revisit Your Password Policies to Retain PCI Compliance
Organizations that are subject to the PCI regulations must carefully consider how best to address these new requirements. Some of the requirements are relatively easy to address. Even so, some of the new requirements go beyond what Windows native security mechanisms are capable of. Here is what you need to know. [...]
June 16, 2022
Microsoft Office 365 feature can help cloud ransomware attacks
Security researchers are warning that threat actors could hijack Office 365 accounts to encrypt for a ransom the files stored in SharePoint and OneDrive services that companies use for cloud-based collaboration, document management and storage. [...]
June 15, 2022
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike
The threat actor known as 'Blue Mockingbird' has been observed by analysts targeting Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. [...]
June 15, 2022
Cisco Secure Email bug can let attackers bypass authentication
Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. [...]
June 15, 2022
Zimbra bug allows stealing email logins with no user interaction
Zimbra and SonarSource proceeded to the coordinated disclosure of a high-severity vulnerability that allows unauthenticated attackers to steal cleartext credentials from Zimbra without any user interaction. [...]
June 15, 2022
Extortion gang ransoms Shoprite, largest supermarket chain in Africa
Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. [...]
June 15, 2022
Microsoft: Windows update to permanently disable Internet Explorer
Microsoft confirmed today that a future Windows update will permanently disable the Internet Explorer web browser on users' systems. [...]
June 15, 2022
Citrix warns critical bug can let attackers reset admin passwords
Citrix warned customers to deploy security updates that address a critical Citrix Application Delivery Management (ADM) vulnerability that can let attackers reset admin passwords. [...]
June 15, 2022
Interpol seizes $50 million, arrests 2000 social engineers
An international law enforcement operation, codenamed 'First Light 2022,' has seized 50 million dollars and arrested thousands of people involved in social engineering scams worldwide. [...]
June 15, 2022
InQuest Labs: Man + Machine vs Business Email Compromise (BEC)
Attackers only have to be right once while defenders need to be right 100% of the time. To help combat this asymmetric disadvantage, InQuest provides an open research portal that combines crowdsourced efforts with machine learning to combat the likes of Bumblebee and other BEC related threats. [...]
June 15, 2022
New peer-to-peer botnet infects Linux servers with cryptominers
A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. [...]
June 15, 2022
Microsoft: June Windows Server updates may cause backup issues
Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service (VSS) after applying the June 2022 Patch Tuesday Windows updates. [...]
June 15, 2022
Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs
For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. [...]
June 14, 2022
Ransomware gang creates site for employees to search for their stolen data
The ALPHV ransomware gang, aka BlackCat, has brought extortion to a new level by creating a dedicated website that allows the customers and employees of their victim to check if their data was stolen in an attack [...]
June 14, 2022
New Hertzbleed side-channel attack affects Intel, AMD CPUs
A new side-channel attack known as Hertzbleed allows remote attackers to steal full cryptographic keys by observing variations in CPU frequency enabled by dynamic voltage and frequency scaling (DVFS). [...]
June 14, 2022
Android malware on the Google Play Store gets 2 million downloads
Cybersecurity researchers have discovered adware and information-stealing malware on the Google Play Store last month, with at least five still available and having amassed over two million downloads. [...]
June 14, 2022
Windows 11 KB5014697 update adds Spotlight for Desktop, fixes 33 bugs
Microsoft has released the Windows 11 KB5014697 cumulative update with security updates, improvements, and the new Spotlight for Desktop feature that automatically changes your desktop background. [...]
June 14, 2022
Windows 10 KB5014699 and KB5014692 updates released
Microsoft has released the Windows 10 KB5014699 and KB5014692 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolve bugs. [...]
June 14, 2022
Microsoft patches actively exploited Follina Windows zero-day
Microsoft has released security updates with the June 2022 cumulative Windows Updates to address a critical Windows zero-day vulnerability known as Follina and actively exploited in ongoing attacks. [...]
June 14, 2022
Microsoft June 2022 Patch Tuesday fixes 1 zero-day, 55 flaws
Today is Microsoft's June 2022 Patch Tuesday, and with it comes fixes for 55 vulnerabilities, including fixes for the Windows MSDT 'Follina' zero-day vulnerability and new Intel MMIO flaws. [...]
June 14, 2022
Owner of ‘DownThem’ DDoS service gets 2 years in prison
Matthew Gatrel, 33, a citizen of Illinois, has been sentenced to two years in prison for operating platforms offering DDoS (distributed denial of service) services to subscribers. [...]
June 14, 2022
Firefox now blocks cross-site tracking by default for all users
Mozilla says that starting today, all Firefox users will now be protected by default against cross-site tracking while browsing the Internet. [...]
June 14, 2022
Cloudflare mitigates record-breaking HTTPS DDoS attack
Internet infrastructure firm Cloudflare said today that it mitigated a 26 million request per second distributed denial-of-service (DDoS) attack, the largest HTTPS DDoS attack detected to date. [...]
June 13, 2022
Kaiser Permanente data breach exposes health data of 69K people
Kaiser Permanente, one of America's leading not-for-profit health plans and health care providers, has recently disclosed a data breach that exposed the health information of more than 69,000 individuals. [...]
June 13, 2022
Gallium hackers backdoor finance, govt orgs using new PingPull malware
The Gallium state-sponsored hacking group has been spotted using a new 'PingPull' remote access trojan against financial institutions and government entities in Europe, Southeast Asia, and Africa. [...]
June 13, 2022
Internet Explorer (almost) breathes its final byte on Wednesday
Microsoft will finally end support for Internet Explorer on multiple Windows versions on Wednesday, June 15, almost 27 years after its launch on August 24, 1995. [...]
June 13, 2022
Hackers clone Coinbase, MetaMask mobile wallets to steal your crypto
Security researchers have uncovered a large-scale malicious operation that uses trojanized mobile cryptocurrency wallet applications for Coinbase, MetaMask, TokenPocket, and imToken services. [...]
June 13, 2022
Metasploit 6.2.0 improves credential theft, SMB support features, more
​Metasploit 6.2.0 has been released with 138 new modules, 148 new improvements/features, and 156 bug fixes since version 6.1.0 was released in August 2021. [...]
June 13, 2022
Microsoft: Exchange servers hacked to deploy BlackCat ransomware
Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. [...]
June 13, 2022
New Syslogk Linux rootkit uses magic packets to trigger backdoor
A new rootkit malware named 'Syslogk' has been spotted in the wild, and it features advanced process and file hiding techniques that make detection highly unlikely. [...]
June 13, 2022
Russian hackers start targeting Ukraine with Follina exploits
Ukraine's Computer Emergency Response Team (CERT) is warning that the Russian hacking group Sandworm may be exploiting Follina, a remote code execution vulnerability in Microsoft Windows Support Diagnostic Tool (MSDT) currently tracked as CVE-2022-30190. [...]
June 12, 2022
PyPI package 'keep' mistakenly included a password stealer
PyPI packages 'keep,' 'pyanxdns,' 'api-res-py' were found to contain a password-stealer and a backdoor due to the presence of malicious 'request' dependency within some versions. [...]
June 12, 2022
New Vytal Chrome extension hides location info that your VPN can't
A new Google Chrome browser extension called Vytal prevents webpages from using programming APIs to find your geographic location leaked, even when using a VPN. [...]
June 12, 2022
Hello XD ransomware now drops a backdoor while encrypting
Cybersecurity researchers report increased activity of the Hello XD ransomware, whose operators are now deploying an upgraded sample featuring stronger encryption. [...]
June 11, 2022
WiFi probing exposes smartphone users to tracking, info leaks
Researchers at the University of Hamburg in Germany have conducted a field experiment capturing hundreds of thousands of passersby's WiFi connection probe requests to determine the type of data transmitted without the device owners realizing it. [...]
June 11, 2022
Confluence servers hacked to deploy AvosLocker, Cerber2021 ransomware
Ransomware gangs are now targeting a recently patched and actively exploited remote code execution (RCE) vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. [...]
June 10, 2022
The Week in Ransomware - June 10th 2022 - Targeting Linux
It has been relatively quiet this week with many companies and researchers at the RSA conference. However, we still had some interesting ransomware reports released this week. [...]
June 10, 2022
New PACMAN hardware attack targets Macs with Apple M1 CPUs
A new hardware attack targeting Pointer Authentication in Apple M1 CPUs with speculative execution enables attackers to gain arbitrary code execution on Mac systems. [...]
June 10, 2022
Iranian hackers target energy sector with new DNS backdoor
The Iranian Lycaeum APT hacking group uses a new .NET-based DNS backdoor to conduct attacks on companies in the energy and telecommunication sectors. [...]
June 10, 2022
Hackers exploit recently patched Confluence bug for cryptomining
A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. [...]
June 9, 2022
Microsoft starts rolling out Windows 11 File Explorer tabs
Microsoft is finally rolling out the new File Explorer tabbed interface with the release of Windows 11 Insider Preview Build 25136 to the Dev Channel. [...]
June 9, 2022
Bizarre ransomware sells decryptor on Roblox Game Pass store
A new ransomware is taking the unusual approach of selling its decryptor on the Roblox gaming platform using the service's in-game Robux currency. [...]
June 9, 2022
New Notepad, Media Player updates out for Windows 11 Insiders
Microsoft has announced that the Windows 11 Notepad and Media Player applications are getting some new updates for Windows Insiders. [...]
June 9, 2022
Microsoft Defender now isolates hacked, unmanaged Windows devices
Microsoft has announced a new feature for Microsoft Defender for Endpoint (MDE) to help organizations prevent attackers and malware from using compromised unmanaged devices to move laterally through the network. [...]
June 9, 2022
Vice Society ransomware claims attack on Italian city of Palermo
The Vice Society ransomware group has claimed responsibility for the recent cyber attack on the city of Palermo in Italy, which has caused a large-scale service outage. [...]
June 9, 2022
Dark web sites selling Western weapons allegedly sent to Ukraine
Several weapon marketplaces on the dark web have listed military-grade firearms allegedly coming from Western countries that sent them to support the Ukrainian army in its fight against the Russian invaders. [...]
June 9, 2022
New Symbiote malware infects all running processes on Linux systems
Threat analysts have discovered a new malware targeting Linux systems that operates as a symbiote in the host, blending perfectly with running processes and network traffic to steal account credentials and give its operators backdoor access. [...]
June 9, 2022
Chinese hacking group Aoqin Dragon quietly spied orgs for a decade
A previously unknown Chinese-speaking threat actor has been uncovered by threat analysts SentinelLabs who were able to link it to malicious activity going as far back as 2013. [...]
June 8, 2022
Kali Linux team to stream free penetration testing course on Twitch
Offensive Security, the creators of Kali Linux, announced today that they would be offering free access to their live-streamed 'Penetration Testing with Kali Linux (PEN-200/PWK)' training course later this month. [...]
June 8, 2022
Massive Facebook Messenger phishing operation generates millions
Researchers have uncovered a large-scale phishing operation that abused Facebook and Messenger to lure millions of users to phishing pages, tricking them into entering their account credentials and seeing advertisements. [...]
June 8, 2022
Linux botnets now exploit critical Atlassian Confluence bug
Several botnets are now using exploits targeting a critical remote code execution (RCE) vulnerability to infect Linux servers running unpatched Atlassian Confluence Server and Data Center installs. [...]
June 8, 2022
Emotet malware now steals credit cards from Google Chrome users
The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. [...]
June 8, 2022
Cuba ransomware returns to extorting victims with updated encryptor
The Cuba ransomware operation has returned to regular operations with a new version of its malware found used in recent attacks. [...]
June 8, 2022
Poisoned CCleaner search results spread information-stealing malware
Malware that steals your passwords, credit cards, and crypto wallets is being promoted through search results for a pirated copy of the CCleaner Pro Windows optimization program. [...]
June 7, 2022
Surfshark, ExpressVPN pull out of India over data retention laws
Surfshark announced today they are shutting down its VPN (virtual private network) services in India in response to the new requirements in the country that demand all providers to keep customer logs for 180 days. [...]
June 7, 2022
Telegram to soon launch its premium plan at $4.99 per month
In addition to official advertisements in the messaging app, Telegram is also bringing a new premium subscription to the messaging app. [...]
June 7, 2022
US seizes SSNDOB market for selling personal info of 24 million people
SSNDOB, an online marketplace that sold the names, social security numbers, and dates of birth of approximately 24 million US people, has been taken offline following an international law enforcement operation. [...]
June 7, 2022
US: Chinese govt hackers breached telcos to snoop on network traffic
Several US federal agencies today revealed that Chinese-backed threat actors have targeted and compromised major telecommunications companies and network service providers to steal credentials and harvest data. [...]
June 7, 2022
New SVCReady malware loads from Word doc properties
A previously unknown malware loader named SVCReady has been discovered in phishing attacks, featuring an unusual way of loading the malware from Word documents onto compromised machines. [...]
June 7, 2022
Qbot malware now uses Windows MSDT zero-day in phishing attacks
A critical Windows zero-day vulnerability, known as Follina and still waiting for an official fix from Microsoft, is now being actively exploited in ongoing phishing attacks to infect recipients with Qbot malware. [...]
June 7, 2022
Linux version of Black Basta ransomware targets VMware ESXi servers
Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. [...]
June 7, 2022
Windows 11 22H2 closer to release, lands in the Release channel
Microsoft has moved Windows 11, version 22H2, to the Windows Insider Release channel, indicating that it is in its final round of testing before it's likely released this fall. [...]
June 7, 2022
New ‘DogWalk’ Windows zero-day bug gets free unofficial patches
Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform.  [...]
June 7, 2022
Online gun shops in the US hacked to steal credit cards
Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [...]
June 7, 2022
Shields Health Care Group data breach affects 2 million patients
Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data. [...]
June 7, 2022
Why Netflix isn't the Only One Bummed About Password Sharing
Carnegie Mellen found that as much as 28% of end-users willingly share passwords with others, and a Specops study found that of those who share passwords 21% of people don't know who else their password has been shared with. That's a lot of sharing going on. [...]
June 7, 2022
Android June 2022 updates bring fix for critical RCE vulnerability
Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. [...]
June 6, 2022
QBot now pushes Black Basta ransomware in bot-powered attacks
The Black Basta ransomware gang has partnered with the QBot malware operation to gain spread laterally through hacked corporate environments. [...]
June 6, 2022
Mandiant: “No evidence” we were hacked by LockBit ransomware
American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. [...]
June 6, 2022
Microsoft bug banned Rewards accounts when redeeming points
Microsoft has fixed a bug where the Microsoft Rewards accounts of customers who redeemed points would get suspended without warning. [...]
June 6, 2022
Ransomware gangs now give victims time to save their reputation
Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. [...]
June 6, 2022
Windows zero-day exploited in US local govt phishing attacks
European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [...]
June 6, 2022
Italian city of Palermo shuts down all systems to fend off cyberattack
The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. [...]
June 5, 2022
Exploit released for Atlassian Confluence RCE bug, patch now
Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. [...]
June 5, 2022
Evasive phishing mixes reverse tunnels and URL shortening services
Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners​​​​​​​ for large-scale phishing campaigns, making the malicious activity more difficult to stop. [...]
June 5, 2022
Microsoft: Windows Autopatch now available for public preview
Microsoft has announced this week that Windows Autopatch, a service to automatically keep Windows and Microsoft 365 software up to date in enterprise environments, has now reached public preview. [...]
June 4, 2022
Bored Ape Yacht Club, Otherside NFTs stolen in Discord server hack
Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. [...]
June 4, 2022
Windows 11 'Restore Apps' feature will make it easier to set up new PCs
Microsoft is working on a new 'Restore Apps' feature for Windows 11 that will allow users to quickly reinstall all of their previously installed apps from the Microsoft Store on a new or freshly installed PC. [...]
June 4, 2022
Apple blocked 1.6 millions apps from defrauding users in 2021
Apple said this week that it blocked more than 343,000 iOS apps were blocked by the App Store App Review team for privacy violations last year, while another 157,000 were rejected for attempting to mislead or spamming iOS users. [...]
June 4, 2022
SMSFactory Android malware sneakily subscribes to premium services
Security researchers are warning of an Android malware named SMSFactory that adds unwanted costs to the phone bill by subscribing victims to premium services. [...]
June 3, 2022
The Week in Ransomware - June 3rd 2022 - Evading sanctions
Ransomware gangs continue to evolve their operations as victims refuse to pay ransoms due to sanctions or other reasons. [...]
June 3, 2022
Novartis says no sensitive data was compromised in cyberattack
Pharmaceutical giant Novartis says no sensitive data was compromised in a recent cyberattack by the Industrial Spy data-extortion gang. [...]
June 3, 2022
WatchDog hacking group launches new Docker cryptojacking campaign
​The WatchDog hacking group is conducting a new cryptojacking campaign with advanced techniques for intrusion, worm-like propagation, and evasion of security software. [...]
June 3, 2022
Atlassian fixes Confluence zero-day widely exploited in attacks
Atlassian has released security updates to address a critical zero-day vulnerability in Confluence Server and Data Center actively exploited in the wild to backdoor Internet-exposed servers. [...]
June 3, 2022
Americans report losing over $1 billion to cryptocurrency scams
The U.S. Federal Trade Commission (FTC) says over 46,000 people Americans have reported losing more than $1 billion worth of cryptocurrency to scams between January 2021 and March 2022. [...]
June 3, 2022
Microsoft disrupts Bohrium hackers’ spear-phishing operation
The Microsoft Digital Crimes Unit (DCU) has disrupted a spear-phishing operation linked to an Iranian threat actor tracked as Bohrium that targeted customers in the U.S., Middle East, and India. [...]
June 3, 2022
GitLab security update fixes critical account take over flaw
GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover. [...]
June 2, 2022
Critical Atlassian Confluence zero-day actively used in attacks
Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. [...]
June 2, 2022
Windows 10 KB5014023 update fixes slow copying, app crashes
Microsoft has released optional cumulative update previews for Windows 10 versions 20H2, 21H1, and 21H2, with fixes for slow file copying and applications crashing due to Direct3D issues. [...]
June 2, 2022
Top 10 Android banking trojans target apps with 1 billion downloads
The ten most prolific Android mobile banking trojans target 639 financial applications that collectively have over one billion downloads on the Google Play Store. [...]
June 2, 2022
Evil Corp switches to LockBit ransomware to evade sanctions
The Evil Corp cybercrime group has now switched to deploying LockBit ransomware on targets' networks to evade sanctions imposed by the U.S. Treasury Department's Office of Foreign Assets Control (OFAC). [...]
June 2, 2022
Ransomware gang now hacks corporate websites to show ransom notes
A ransomware gang is taking extortion to a new level by publicly hacking corporate websites to publicly display ransom notes. [...]
June 2, 2022
Microsoft blocks Polonium hackers from using OneDrive in attacks
Microsoft said it blocked a Lebanon-based hacking group it tracks as Polonium from using the OneDrive cloud storage platform for data exfiltration and command and control while targeting and compromising Israelian organizations. [...]
June 2, 2022
Chinese LuoYu hackers deploy cyber-espionage malware via app updates
A Chinese-speaking hacking group known as LuoYu is infecting victims WinDealer information stealer malware deployed by switching legitimate app updates with malicious payloads in man-on-the-side attacks. [...]
June 2, 2022
Conti ransomware targeted Intel firmware for stealthy attacks
Researchers analyzing the leaked chats of the notorious Conti ransomware operation have discovered that teams inside the Russian cybercrime group were actively developing firmware hacks. [...]
June 2, 2022
Clipminer malware gang stole $1.7M by hijacking crypto payments
Threat analysts have discovered a large operation of a new cryptocurrency mining malware called Clipminer that brought its operators at least $1.7 million from transaction hijacking. [...]
June 2, 2022
Foxconn confirms ransomware attack disrupted production in Mexico
Foxconn electronics manufacturer has confirmed that one of its Mexico-based production plants has been impacted by a ransomware attack in late May. [...]
June 1, 2022
New Windows Search zero-day added to Microsoft protocol nightmare
A new Windows Search zero-day vulnerability can be used to automatically open a search window containing remotely-hosted malware executables simply by launching a Word document. [...]
June 1, 2022
Former OpenSea head of product charged with NFT insider trading
Nathaniel Chastain, a former product manager at OpenSea, the largest online non-fungible token (NFT) marketplace, has been arrested and charged by the U.S. Department of Justice (DOJ) with NFT insider trading. [...]
June 1, 2022
Hundreds of Elasticsearch databases targeted in ransom attacks
A campaign targeting poorly secured Elasticsearch databases has deleted their contents and dropped ransom notes on 450 instances, demanding a payment of $620 to give them back their indexes, totaling a demand of $279,000. [...]
June 1, 2022
FBI seizes domains used to sell stolen data, DDoS services
The Federal Bureau of Investigation (FBI) and the U.S. Department of Justice announced today the seizure of three domains used by cybercriminals to sell personal info stolen in data breaches and to provide DDoS attack services. [...]
June 1, 2022
US govt: Paying Karakurt extortion ransoms won’t stop data leaks
Several U.S. federal agencies warned organizations today against paying ransom demands made by the Karakurt gang since that will not prevent their stolen data from being sold to others.  [...]
June 1, 2022
RuneScape phishing steals accounts and in-game item bank PINs
Cybersecurity researchers have discovered a new RuneScape-themed phishing campaign, and it stands out among the various operations for being exceptionally well-crafted. [...]
June 1, 2022
Windows MSDT zero-day vulnerability gets free unofficial patch
A free unofficial patch is now available to block ongoing attacks against Windows systems that target a critical zero-day vulnerability known as 'Follina.' [...]
June 1, 2022
FluBot Android malware operation shutdown by law enforcement
Europol has announced the takedown of the FluBot operation, one of the largest and fastest-growing Android malware operations in existence. [...]
June 1, 2022
SideWinder hackers plant fake Android VPN app in Google Play Store
Phishing campaigns attributed to an advanced threat actor called SideWinder involved a fake VPN app for Android devices published on Google Play Store along with a custom tool that filters victims for better targeting. [...]
June 1, 2022
Ransomware attacks need less than four days to encrypt systems
The duration of ransomware attacks in 2021 averaged 92.5 hours, measured from initial network access to payload deployment. In 2020, ransomware actors spent an average of 230 hours to complete their attacks and 1637.6 hours in 2019. [...]
June 1, 2022
Telegram’s blogging platform abused in phishing attacks
Telegram's anonymous blogging platform, Telegraph, is being actively exploited by phishing actors who take advantage of the platform's lax policies to set up interim landing pages that lead to the theft of account credentials. [...]
May 31, 2022
Hackers steal WhatsApp accounts using call forwarding trick
There's a trick that allows attackers to hijack a victim's WhatsApp account and gain access to personal messages and contact list. [...]
May 31, 2022
Windows MSDT zero-day now exploited by Chinese APT hackers
Chinese-linked threat actors are now actively exploiting a Microsoft Office zero-day vulnerability (known as 'Follina') to execute malicious code remotely on Windows systems. [...]
May 31, 2022
Over 3.6 million MySQL servers found exposed on the Internet
​Over 3.6 million MySQL servers are publicly exposed on the Internet and responding to queries, making them an attractive target to hackers and extortionists. [...]
May 31, 2022
FBI warns of Ukrainian charities impersonated to steal donations
Scammers are claiming to be collecting donations to help Ukrainian refugees and war victims while impersonating legitimate Ukrainian humanitarian aid organizations, according to the Federal Bureau of Investigation (FBI). [...]
May 31, 2022
Costa Rica’s public health agency hit by Hive ransomware
All computer systems on the network of Costa Rica's public health service (known as Costa Rican Social Security Fund or CCCS) are now offline following a Hive ransomware attack that hit them this morning. [...]
May 31, 2022
New XLoader botnet uses probability theory to hide its servers
Threat analysts have spotted a new version of the XLoader botnet malware that uses probability theory to hide its command and control servers, making it difficult to disrupt the malware's operation. [...]
May 31, 2022
Aligning Your Password Policy enforcement with NIST Guidelines
Although most organizations are not required by law to comply with NIST standards, it is usually in an organization's best interest to follow NIST's cybersecurity standards. This is especially true for NIST's password guidelines. [...]
May 31, 2022
Microsoft shares mitigation for Office zero-day exploited in attacks
Microsoft has shared mitigation measures to block attacks exploiting a newly discovered Microsoft Office zero-day flaw abused in the wild to execute malicious code remotely. [...]
May 30, 2022
Vodafone plans carrier-level user tracking for targeted ads
Vodafone is piloting a new advertising ID system called TrustPid, which will work as a persistent user tracker at the mobile Internet Service Provider (ISP) level. [...]
May 30, 2022
Italy warns organizations to brace for incoming DDoS attacks
The Computer Security Incident Response Team in Italy issued an urgent alert yesterday to raise awareness about the high risk of cyberattacks against national bodies and organizations on Monday. [...]
May 30, 2022
Google quietly bans deepfake training projects on Colab
Google has quietly banned deepfake projects on its Colaboratory (Colab) service, putting an end to the large-scale utilization of the platform's resources for this purpose. [...]
May 30, 2022
Three Nigerians arrested for malware-assisted financial crimes
Interpol has announced the arrest of three Nigerian men in Lagos, who are suspected of using remote access trojans (RATs) to reroute financial transactions and steal account credentials. [...]
May 30, 2022
New Microsoft Office zero-day used in attacks to execute PowerShell
Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. [...]
May 29, 2022
EnemyBot malware adds exploits for critical VMware, F5 BIG-IP flaws
EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. [...]
May 29, 2022
Mobile trojan detections rise as malware distribution level declines
Kaspersky's quarterly report on mobile malware distribution records a downward trend that started at the end of 2020, detecting one-third of the malicious installations reported in Q1 2021, and about 85% of those counted in Q4 2021. [...]
May 29, 2022
New Yorker imprisoned for role in carding group behind $568M damages
John Telusma, a 37-year-old man from New York, was sentenced to four years in prison for selling and using stolen and compromised credit cards on the Infraud carding portal operated by the transnational cybercrime organization with the same name. [...]
May 28, 2022
Microsoft: The new Windows 11 features from Build 2022
During the Build 2022 developer conference, Microsoft announced a number of new features for Windows 11, including an improved Windows Subsystem for Android (WSA) and more. [...]
May 28, 2022
Clop ransomware gang is back, hits 21 victims in a single month
After effectively shutting down their entire operation for several months, between November and February, the Clop ransomware is now back according to NCC Group researchers. [...]
May 28, 2022
New Windows Subsystem for Linux malware steals browser auth cookies
Hackers are showing an increased interest in the Windows Subsystem for Linux (WSL) as an attack surface as they build new malware, the more advanced samples being suitable for espionage and downloading additional malicious modules. [...]
May 27, 2022
FBI warns of hackers selling credentials for U.S. college networks
Cybercriminals are offering to sell for thousands of U.S. dollars network access credentials for higher education institutions based in the United States. [...]
May 27, 2022
GitHub: Attackers stole login details of 100K npm user accounts
GitHub revealed today that an attacker stole the login details of roughly 100,000 npm accounts during a mid-April security breach with the help of stolen OAuth app tokens issued to Heroku and Travis-CI. [...]
May 27, 2022
Microsoft finds severe bugs in Android apps from large mobile providers
Microsoft security researchers have found high severity vulnerabilities in a framework used by Android apps from multiple large international mobile service providers. [...]
May 27, 2022
Microsoft to force better security defaults for all Azure AD tenants
Microsoft has announced that it will force enable stricter secure default settings known as 'security defaults' on all existing Azure Active Directory (Azure AD) tenants starting in late June 2022. [...]
May 27, 2022
BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state
Austrian federal state Carinthia has been hit by the BlackCat ransomware gang, also known as ALPHV, who demanded a $5 million to unlock the encrypted computer systems. [...]
May 26, 2022
Intuit warns of QuickBooks phishing threatening to suspend accounts
Tax software vendor Intuit has warned that QuickBooks customers are being targeted in an ongoing series of phishing attacks impersonating the company and trying to lure them with fake account suspension warnings. [...]
May 26, 2022
Microsoft: Windows 11 22H2 has reached RTM with build 22621
Microsoft's Windows Hardware Compatibility Program has confirmed that Windows 11 22H2 build 22621 is the Released to Manufacturing (RTM) build, meaning that the development of Window's 11 next feature update is ready for release. [...]
May 26, 2022
Windows 11 KB5014019 breaks Trend Micro ransomware protection
This week's Windows optional cumulative update previews have introduced a compatibility issue with some of Trend Micro's security products that breaks some of their capabilities, including the ransomware protection feature. [...]
May 26, 2022
OAS platform vulnerable to critical RCE and API access flaws
Threat analysts have disclosed vulnerabilities affecting the Open Automation Software (OAS) platform, leading to device access, denial of service, and remote code execution. [...]
May 26, 2022
Exploit released for critical VMware auth bypass bug, patch now
Proof-of-concept exploit code is now available online for a critical authentication bypass vulnerability in multiple VMware products that allows attackers to gain admin privileges. [...]
May 26, 2022
Microsoft shares mitigation for Windows KrbRelayUp LPE attacks
Microsoft has shared guidance to help admins defend their Windows enterprise environments against KrbRelayUp attacks that enable attackers to gain SYSTEM privileges on Windows systems with default configurations. [...]
May 26, 2022
Zyxel warns of flaws impacting firewalls, APs, and controllers
Zyxel has published a security advisory to warn admins about multiple vulnerabilities affecting a wide range of firewall, AP, and AP controller products. [...]
May 26, 2022
Google shut down caching servers at two Russian ISPs
Two Russian internet service providers (ISPs) have received notices from Google that the global caching servers on their network have been disabled. [...]
May 26, 2022
Industrial Spy data extortion market gets into the ransomware game
The Industrial Spy data extortion marketplace has now launched its own ransomware operation, where they now also encrypt victim's devices. [...]
May 26, 2022
New ERMAC 2.0 Android malware steals accounts, wallets from 467 apps
The ERMAC Android banking trojan has released version 2.0, increasing the number of applications targeted from 378 to 467, covering a much wider range of apps to steal account credentials and crypto wallets. [...]
May 25, 2022
FTC fines Twitter $150M for using 2FA info for targeted advertising
The Federal Trade Commission has fined Twitter $150 million for using phone numbers and email addresses collected to enable two-factor authentication for targeted advertising. [...]
May 25, 2022
Microsoft adds support for WSL2 distros on Windows Server 2022
Microsoft has announced that Windows Subsystem for Linux (WSL2) distros are now supported on Windows Server 2022 after installing this week's cumulative update previews. [...]
May 25, 2022
New ‘Cheers’ Linux ransomware targets VMware ESXi servers
A new ransomware named 'Cheers' has appeared in the cybercrime space and has started its operations by targeting vulnerable VMware ESXi servers. [...]
May 25, 2022
Microsoft adds Office subscriptions to Windows 11 account settings
Microsoft has improved the account settings in the latest Windows 11 preview build, a settings page that now lists Office subscriptions linked to the user's Microsoft 365 account. [...]
May 25, 2022
New ChromeLoader malware surge threatens browsers worldwide
The ChromeLoader malware is seeing an uptick in detections this month, following a relatively stable operation volume since the start of the year, which means that the malvertiser is now becoming a widespread threat. [...]
May 25, 2022
Tails 5.0 Linux users warned against using it "for sensitive information"
Tails developers have warned users to stop using the portable Debian-based Linux distro until the next release if they're entering or accessing sensitive information using the bundled Tor Browser application. [...]
May 25, 2022
Darknet market Versus shuts down after hacker leaks security flaw
​The Versus Market, one of the most popular English-speaking criminal darknet markets, is shutting down after discovering a severe exploit that could have allowed access to its database and exposed the IP address of its servers. [...]
May 25, 2022
Is 100% Cybersecurity Readiness Possible? Medical Device Pros Weigh In
As medical devices become more connected and reliant on software, their codebase grows both in size and complexity, and they are increasingly reliant on third-party and open source software components. Learn more from 150 senior decision makers who oversee product security or cybersecurity compliance in the medical device industry, [...]
May 25, 2022
Hacker says hijacking libraries, stealing AWS keys was ethical research
The hacker of 'ctx' and 'PHPass' libraries has now broken silence and explained the reasons behind this hijack to BleepingComputer. According to the hacker, this was a bug bounty exercise and no malicious activity was intended. [...]
May 25, 2022
Interpol arrests alleged leader of the SilverTerrier BEC gang
After a year-long investigation that involved Interpol and several cybersecurity companies, the Nigeria Police Force has arrested an individual believed to be in the top ranks of a prominent business email compromise (BEC) group known as SilverTerrier or TMT. [...]
May 25, 2022
SpiceJet airline passengers stranded after ransomware attack
Indian low-cost airline SpiceJet has informed its customers of an attempted ransomware attack that has impacted some of its systems and caused delays on flight departures today. [...]
May 25, 2022
BPFDoor malware uses Solaris vulnerability to get root privileges
New research into the inner workings of the stealthy BPFdoor malware for Linux and Solaris reveals that the threat actor behind it leveraged an old vulnerability to achieve persistence on targeted systems. [...]
May 24, 2022
Windows 11 KB5014019 update fixes app crashes, slow copying
Microsoft has released optional cumulative update previews for Windows 11, Windows 10 version 1809, and Windows Server 2022, with fixes for Direct3D issues impacting client and server systems. [...]
May 24, 2022
DuckDuckGo browser allows Microsoft trackers due to search agreement
The privacy-focused DuckDuckGo browser purposely allows Microsoft trackers on third-party sites due to an agreement in their syndicated search content contract between the two companies. [...]
May 24, 2022
Mozilla fixes Firefox, Thunderbird zero-days exploited at Pwn2Own
Mozilla has released security updates for multiple products to address zero-day vulnerabilities exploited during the Pwn2Own Vancouver 2022 hacking contest. [...]
May 24, 2022
Hackers target Russian govt with fake Windows updates pushing RATs
Hackers are targeting Russian government agencies with phishing emails that pretend to be Windows security updates and other lures to install remote access malware. [...]
May 24, 2022
Microsoft: Credit card stealers are getting much stealthier
Microsoft's security researchers have observed a worrying trend in credit card skimming, where threat actors employ more advanced techniques to hide their malicious info-stealing code. [...]
May 24, 2022
CISA adds 41 vulnerabilities to list of bugs used in cyberattacks
The Cybersecurity & Infrastructure Security Agency (CISA) has added 41 vulnerabilities to its catalog of known exploited flaws over the past two days, including flaws for the Android kernel and Cisco IOS XR. [...]
May 24, 2022
US Senate: Govt’s ransomware fight hindered by limited reporting
A report published today by U.S. Senator Gary Peters, Chairman of the Senate Homeland Security and Governmental Affairs Committee, says law enforcement and regulatory agencies lack insight into ransomware attacks to fight against them effectively. [...]
May 24, 2022
Screencastify Chrome extension flaws allow webcam hijacks
The popular Screencastify Chrome extension has fixed a vulnerability that allowed malicious sites to hijack users' webcams and steal recorded videos. However, security flaws still exist that could be exploited by unscrupulous insiders. [...]
May 24, 2022
Trend Micro fixes bug Chinese hackers exploited for espionage
Trend Micro says it patched a DLL hijacking flaw in Trend Micro Security used by a Chinese threat group to side-load malicious DLLs and deploy malware. [...]
May 24, 2022
Researchers to release exploit for new VMware auth bypass, patch now
Proof-of-concept exploit code is about to be published for a vulnerability that allows administrative access without authentication in several VMware products. [...]
May 24, 2022
Popular PyPI and PHP libraries hijacked to steal AWS keys
PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. Additionally, versions of a 'phpass' fork published to the PHP/Composer package repository Packagist had been altered to steal secrets. [...]
May 23, 2022
GM credential stuffing attack exposed car owners' personal info
US car manufacturer GM disclosed that it was the victim of a credential stuffing attack last month that exposed customer information and allowed hackers to redeem rewards points for gift cards. [...]
May 23, 2022
Fake Windows exploits target infosec community with Cobalt Strike
A threat actor targeted security researchers with fake Windows proof-of-concept exploits that infected devices with the Cobalt Strike backdoor. [...]
May 23, 2022
Photos of abused victims used in new ID verification scam
Scammers are now leveraging dating apps like Tinder and Grindr to pose themselves as former victims of physical abuse to gain your trust and sympathy and sell you "ID verification" services. BleepingComputer came across multiple instances of users on online dating apps being approached by these catfishing profiles. [...]
May 23, 2022
Hackers can hack your online accounts before you even register them
Security researchers have revealed that hackers can hijack your online accounts before you even register them by exploiting flaws that have been already been fixed on popular websites, including Instagram, LinkedIn, Zoom, WordPress, and Dropbox. [...]
May 23, 2022
New RansomHouse group sets up extortion market, adds first victims
Yet another data-extortion cybercrime operation has appeared on the darknet named 'RansomHouse' where threat actors publish evidence of stolen files and leak data of organizations that refuse to make a ransom payment. [...]
May 23, 2022
Russian hackers perform reconnaissance against Austria, Estonia
In a new reconnaissance campaign, the Russian state-sponsored hacking group Turla was observed targeting the Austrian Economic Chamber, a NATO platform, and the Baltic Defense College. [...]
May 22, 2022
Elon Musk deep fakes promote new cryptocurrency scam
Cryptocurrency scammers are using deep fake videos of Elon Musk and other prominent cryptocurrency advocates to promote a BitVex trading platform scam that steals deposited currency. [...]
May 22, 2022
PDF smuggles Microsoft Word doc to drop Snake Keylogger malware
Threat analysts have discovered a recent malware distribution campaign using PDF attachments to smuggle malicious Word documents that infect users with malware. [...]
May 22, 2022
Microsoft tests new Windows 11 Desktop search that only works with Edge
Microsoft is testing a new feature in the latest Windows 11 preview build that displays an Internet search box directly on the desktop. The problem is that it does not honor your default browser and only uses Bing and Microsoft Edge instead. [...]
May 22, 2022
Google: Predator spyware infected Android devices using zero-days
Google's Threat Analysis Group (TAG) says that state-backed threat actors used five zero-day vulnerabilities to install Predator spyware developed by commercial surveillance developer Cytrox. [...]
May 21, 2022
Ransomware attack exposes data of 500,000 Chicago students
The Chicago Public Schools has suffered a massive data breach that exposed the data of almost 500,000 students and 60,000 employee after their vendor, Battelle for Kids, suffered a ransomware attack in December. [...]
May 21, 2022
Malicious PyPI package opens backdoors on Windows, Linux, and Macs
Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. [...]
May 21, 2022
Windows 11 hacked three more times on last day of Pwn2Own contest
On the third and last day of the 2022 Pwn2Own Vancouver hacking contest, security researchers successfully hacked Microsoft's Windows 11 operating system three more times using zero-day exploits. [...]
May 20, 2022
The Week in Ransomware - May 20th 2022 - Another one bites the dust
Ransomware attacks continue to slow down, likely due to the invasion of Ukraine, instability in the region, and subsequent worldwide sanctions against Russia. [...]
May 20, 2022
Cisco urges admins to patch IOS XR zero-day exploited in attacks
Cisco has addressed a zero-day vulnerability in its IOS XR router software that allowed unauthenticated attackers to remotely gain access to Redis instances running in NOSi Docker containers. [...]
May 20, 2022
Microsoft disables telemetry in Windows 11 Subsystem for Android by default
Microsoft has updated the Windows Subsystem for Android in Windows 11 to make telemetry collection optional and announced an upgrade to Android 12.1. [...]
May 20, 2022
Backdoor baked into premium school management plugin for WordPress
Security researchers have discovered a backdoor in a premium WordPress plugin built as a complete management solution for schools. The malicious code enables a threat actor to execute PHP code without authenticating. [...]
May 20, 2022
Emergency Windows 10 updates fix Microsoft Store app issues
Microsoft has released out-of-band (OOB) updates on Thursday evening to address a newly acknowledged issue impacting Microsoft Store apps. [...]
May 20, 2022
Windows 11 hacked again at Pwn2Own, Telsa Model 3 also falls
During the second day of the Pwn2Own Vancouver 2022 hacking competition, contestants hacked Microsoft's Windows 11 OS again and demoed zero-days in Tesla Model 3's infotainment system. [...]
May 20, 2022
Russian Sberbank says it’s facing massive waves of DDoS attacks
Sberbank's vice president and director of cybersecurity, Sergei Lebed, has told participants of the Positive Hack Days forum that the company is going through a period of unprecedented targeting by hackers. [...]
May 20, 2022
Canada bans Huawei and ZTE from 5G networks over security concerns
The Government of Canada announced its intention to ban the use of Huawei and ZTE telecommunications equipment and services across the country's 5G and 4G networks. [...]
May 19, 2022
Conti ransomware shuts down operation, rebrands into smaller units
The notorious Conti ransomware gang has officially shut down their operation, with infrastructure taken offline and team leaders told that the brand is no more. [...]
May 19, 2022
Netgear fixes bad Orbi firmware update that locked admin console
Netgear is pushing out fixes for a bad Orbi firmware update released earlier this month that prevents users from accessing the device's admin console. [...]
May 19, 2022
Microsoft emergency updates fix Windows AD authentication issues
Microsoft has released emergency out-of-band (OOB) updates to address Active Directory (AD) authentication issues after installing Windows Updates issued during the May 2022 Patch Tuesday on domain controllers. [...]
May 19, 2022
Media giant Nikkei’s Asian unit hit by ransomware attack
Publishing giant Nikkei disclosed that the group's headquarters in Singapore was hit by a ransomware attack almost one week ago, on May 13th. [...]
May 19, 2022
Microsoft detects massive surge in Linux XorDDoS malware activity
A stealthy and modular malware used to hack into Linux devices and build a DDoS botnet has seen a massive 254% increase in activity during the last six months, as Microsoft revealed today. [...]
May 19, 2022
U.S. DOJ will no longer prosecute ethical hackers under CFAA
The U.S. Department of Justice (DOJ) has announced a revision of its policy on how federal prosecutors should charge violations of the Computer Fraud and Abuse Act (CFAA), carving out "good-fath" security research from being prosecuted. [...]
May 19, 2022
Lazarus hackers target VMware servers with Log4Shell exploits
The North Korean hacking group known as Lazarus is exploiting the Log4J remote code execution vulnerability to inject backdoors that fetch information-stealing payloads on VMware Horizon servers. [...]
May 19, 2022
Phishing websites now use chatbots to steal your credentials
Phishing attacks are now using automated chatbots to guide visitors through the process of handing over their login credentials to threat actors. [...]
May 19, 2022
Microsoft Teams, Windows 11 hacked on first day of Pwn2Own
During the first day of Pwn2Own Vancouver 2022, contestants won $800,000 after successfully exploiting 16 zero-day bugs to hack multiple products, including Microsoft's Windows 11 operating system and the Teams communication platform. [...]
May 19, 2022
QNAP alerts NAS customers of new DeadBolt ransomware attacks
Taiwan-based network-attached storage (NAS) maker QNAP warned customers on Thursday to secure their devices against attacks pushing DeadBolt ransomware payloads. [...]
May 19, 2022
Ransomware gangs rely more on weaponizing vulnerabilities
Security researchers are warning that external remote access services continue to be the main vector for ransomware gangs to breach company networks. [...]
May 18, 2022
Microsoft releases first ISO image for new Windows 11 Dev builds
Microsoft has released the first ISO image for the new Windows 11 Preview builds in the Dev channel, allowing Windows Insiders to perform clean installs of the operating system. [...]
May 18, 2022
Spanish police dismantle phishing gang that emptied bank accounts
The Spanish police have announced the arrest of 13 people and the launch of investigations on another 7 for their participation in a phishing ring that defrauded at least 146 people. [...]
May 18, 2022
Critical Jupiter WordPress plugin flaws let hackers take over sites
WordPress security analysts have discovered a set of vulnerabilities impacting the Jupiter Theme and JupiterX Core plugins for WordPress, one of which is a critical privilege escalation flaw. [...]
May 18, 2022
National bank hit by ransomware trolls hackers with dick pics
After suffering a ransomware attack by the Hive operation, the Bank of Zambia made it clear that they were not going to pay by posting a picture of male genitalia and telling the hackers to s… (well, you can use your imagination). [...]
May 18, 2022
US recovers $15 million from global Kovter ad fraud operation
The US government has recovered over $15 million from Swiss bank accounts belonging to operators behind the '3ve' online advertising fraud scheme. [...]
May 18, 2022
DHS orders federal agencies to patch VMware bugs within 5 days
The Department of Homeland Security's cybersecurity unit ordered Federal Civilian Executive Branch (FCEB) agencies today to urgently update or remove VMware products from their networks by Monday due to an increased risk of attacks. [...]
May 18, 2022
Chinese ‘Space Pirates’ are hacking Russian aerospace firms
A previously unknown Chinese hacking group known as 'Space Pirates' targets enterprises in the Russian aerospace industry with phishing emails to install novel malware on their systems. [...]
May 18, 2022
VMware patches critical auth bypass flaw in multiple products
VMware warned customers today to immediately patch a critical authentication bypass vulnerability "affecting local domain users" in multiple products that can be exploited to obtain admin privileges. [...]
May 18, 2022
CISA shares guidance to block ongoing F5 BIG-IP attacks
In a joint advisory issued today, CISA and the Multi-State Information Sharing and Analysis Center (MS-ISAC) warned admins of active attacks targeting a critical F5 BIG-IP network security vulnerability (CVE-2022-1388). [...]
May 18, 2022
Fake crypto sites lure wannabe thieves by spamming login credentials
Threat actors are luring potential thieves by spamming login credentials for other people account's on fake crypto trading sites, illustrating once again, that there is no honor among thieves. [...]
May 18, 2022
Microsoft warns of brute-force attacks targeting MSSQL servers
Microsoft warned of brute-forcing attacks targeting Internet-exposed and poorly secured Microsoft SQL Server (MSSQL) database servers using weak passwords. [...]
May 17, 2022
North Korean devs pose as US freelancers and aid DRPK govt hackers
The U.S. government is warning that the Democratic People's Republic of Korea (DPRK) is dispatching its IT workers to get freelance jobs at companies across the world to obtain privileged access that is sometimes used to facilitate cyber intrusions. [...]
May 17, 2022
Microsoft: Windows Server 20H2 reaches end of service in August
Microsoft has reminded customers today that Windows Server, version 20H2 will be reaching the end of service (EOS) on August 9, 2022. [...]
May 17, 2022
NVIDIA fixes ten vulnerabilities in Windows GPU display drivers
NVIDIA has released a security update for a wide range of graphics card models, addressing four high-severity and six medium-severity vulnerabilities in its GPU drivers. [...]
May 17, 2022
Microsoft Defender for Endpoint gets new troubleshooting mode
Microsoft says Defender for Endpoint now comes with a new 'troubleshooting mode' that will help Windows admins test Defender Antivirus performance and run compatibility scenarios without getting blocked by tamper protection. [...]
May 17, 2022
Cybersecurity agencies reveal top initial access attack vectors
A joint security advisory issued by multiple national cybersecurity authorities revealed today the top 10 attack vectors most exploited by threat actors for breaching networks. [...]
May 17, 2022
Hackers can steal your Tesla Model 3, Y using new Bluetooth attack
Security researchers at the NCC Group have developed a tool to carry out a Bluetooth Low Energy (BLE) relay attack that bypasses all existing protections to authenticate on target devices. [...]
May 17, 2022
What is ISO 27001 and Why it Matters for Compliance Standards
ISO 27001 may seem like a big undertaking, but the certification can pay off in more ways than one—including overlap with compliance regulations. Read about the benefits of ISO 27001 and how to get started. [...]
May 17, 2022
CISA warns admins to patch actively exploited Spring, Zyxel bugs
The Cybersecurity and Infrastructure Security Agency (CISA) has added two more vulnerabilities to its list of actively exploited bugs, a code injection bug in the Spring Cloud Gateway library and a command injection flaw in Zyxel firmware for business firewalls and VPN devices. [...]
May 17, 2022
Hackers target Tatsu WordPress plugin in millions of attacks
Hackers are massively exploiting a remote code execution vulnerability, CVE-2021-25094, in the Tatsu Builder plugin for WordPress, which is installed on about 100,000 websites. [...]
May 16, 2022
HTML attachments remain popular among phishing actors in 2022
HTML files remain one of the most popular attachments used in phishing attacks for the first four months of 2022, showing that the technique remains effective against antispam engines and works well on the victims themselves. [...]
May 16, 2022
Third-party web trackers log what you type before submitting
An extensive study looking into the top 100k ranking websites has revealed that many are leaking information you enter in the site forms to third-party trackers before you even press submit. [...]
May 16, 2022
US links Thanos and Jigsaw ransomware to 55-year-old doctor
The US Department of Justice today said that Moises Luis Zagala Gonzalez (Zagala), a 55-year-old cardiologist with French and Venezuelan citizenship residing in Ciudad Bolivar, Venezuela, created and rented Jigsaw and Thanos ransomware to cybercriminals. [...]
May 16, 2022
Apple emergency update fixes zero-day used to hack Macs, Watches
Apple has released security updates to address a zero-day vulnerability that threat actors can exploit in attacks targeting Macs and Apple Watch devices. [...]
May 16, 2022
Ukraine supporters in Germany targeted with PowerShell RAT malware
An unknown threat actor is targeting German users interested in the Ukraine crisis, infecting them with a custom PowerShell RAT (remote access trojan) and stealing their data. [...]
May 16, 2022
CISA warns not to install May Windows updates on domain controllers
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has removed a Windows security flaw from its catalog of known exploited vulnerabilities due to Active Directory (AD) authentication issues caused by the May 2022 updates that patch it. [...]
May 16, 2022
Kali Linux 2022.2 released with 10 new tools, WSL improvements, and more
Offensive Security has released ​Kali Linux 2022.2, the second version in 2022, with desktop enhancements, a fun April Fools screensaver, WSL GUI improvements, terminal tweaks, and best of all, new tools to play with! [...]
May 16, 2022
Sophos antivirus driver caused BSODs after Windows KB5013943 update
Sophos has released a fix for a known issue triggering blue screens of death (aka BSODs) on Windows 11 systems running Sophos Home antivirus software after installing the KB5013943 upda [...]
May 16, 2022
Engineering firm Parker discloses data breach after ransomware attack
The Parker-Hannifin Corporation announced a data breach exposing employees' personal information after the Conti ransomware gang began publishing allegedly stolen data last month. [...]
May 15, 2022
What's new and improved in Windows 11 22H2, coming soon
Windows 11 version 22H2 aka Sun Valley 2 is set to launch later this year. Unlike the original Windows 11 release, it won't be a massive update with radical design changes. Instead, Sun Valley 2 will be similar to Windows 10 Anniversary Update, so you can expect minor improvements and a few new features. [...]
May 15, 2022
Hackers are exploiting critical bug in Zyxel firewalls and VPNs
Hackers have started to exploit a recently patched critical vulnerability, tracked as CVE-2022-30525, that affects Zyxel firewall and VPN devices for businesses. [...]
May 15, 2022
Fake Pixelmon NFT site infects you with password-stealing malware
A fake Pixelmon NFT site entices fans with free tokens and collectibles while infecting them with malware that steals their cryptocurrency wallets. [...]
May 15, 2022
Windows admins frustrated by Quick Assist moving to Microsoft Store
Windows admins have been expressing their dismay at Microsoft's decision to move the Quick Assist remote assistance tool to the Microsoft Store. [...]
May 14, 2022
Microsoft fixes new PetitPotam Windows NTLM Relay attack vector
A recent security update for a Windows NTLM Relay Attack has been confirmed to be a previously unfixed vector for the PetitPotam attack. [...]
May 14, 2022
Angry IT admin wipes employer’s databases, gets 7 years in prison
Han Bing, a former database administrator for Lianjia, a Chinese real-estate brokerage giant, has been sentenced to 7 years in prison for logging into corporate systems and deleting the company's data. [...]
May 14, 2022
Crypto thief threatened to cut man's fingers 'one by one,' stole £34K
Online crypto scams and ponzi schemes leveraging social media platforms are hardly anything new. But, this gruesome case of a London-based crypto robber transcends the virtual realm and tells a shocking tale of real-life victims from whom the perpetrator successfully stole £34,000. [...]
May 13, 2022
The Week in Ransomware - May 13th 2022 - A National Emergency
While ransomware attacks have slowed during Russia's invasion of Ukraine and the subsequent sanctions, the malware threat continues to affect organizations worldwide. [...]
May 13, 2022
Italian CERT: Hacktivists hit govt sites in ‘Slow HTTP’ DDoS attacks
Italy's Computer Security Incident Response Team (CSIRT) has published an announcement about the recent DDoS attacks that key sites in the country suffered in the last couple of days. [...]
May 13, 2022
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits
Microsoft says the Sysrv botnet is now exploiting vulnerabilities in the Spring Framework and WordPress to ensnare and deploy cryptomining malware on vulnerable Windows and Linux servers. [...]
May 13, 2022
Fake Binance NFT Mystery Box bots steal victim's crypto wallets
A new RedLine malware distribution campaign promotes fake Binance NFT mystery box bots on YouTube to lure people into infecting themselves with the information-stealing malware from GitHub repositories. [...]
May 13, 2022
SonicWall ‘strongly urges’ admins to patch SSLVPN SMA1000 bugs
SonicWall "strongly urges" customers to patch several high-risk security flaws impacting its Secure Mobile Access (SMA) 1000 Series line of products that can let attackers bypass authorization and, potentially, compromise unpatched appliances. [...]
May 13, 2022
Google Chrome updates failing on Android devices in Russia
A growing number of Russian Chrome users on Android report getting errors when attempting to install the latest available update of the popular web browser. [...]
May 12, 2022
Iranian hackers exposed in a highly targeted espionage campaign
Threat analysts have spotted a novel attack attributed to the Iranian hacking group known as APT34 group or Oilrig, who targeted a Jordanian diplomat with custom-crafted tools. [...]
May 12, 2022
Ukrainian imprisoned for selling access to thousands of PCs
Glib Oleksandr Ivanov-Tolpintsev, a 28-year-old from Ukraine, was sentenced today to 4 years in prison for stealing thousands of login credentials per week and selling them on a dark web marketplace. [...]
May 12, 2022
Eternity malware kit offers stealer, miner, worm, ransomware tools
Threat actors have launched the 'Eternity Project,' a new malware-as-a-service where threat actors can purchase a malware toolkit that can be customized with different modules depending on the attack being conducted. [...]
May 12, 2022
Zyxel silently fixes critical RCE vulnerability in firewall products
Threat analysts who discovered a vulnerability affecting multiple Zyxel products report that the network equipment company fixed it via a silent update pushed out two weeks ago. [...]
May 12, 2022
BPFdoor: Stealthy Linux malware bypasses firewalls for remote access
A recently discovered backdoor malware called BPFdoor has been stealthily targeting Linux and Solaris systems without being noticed for more than five years. [...]
May 12, 2022
NVIDIA has open-sourced its Linux GPU kernel drivers
NVIDIA has published the source code of its kernel modules for the R515 driver, using a dual licensing model that combines the GPL and MIT licenses, making the modules legally re-distributable. [...]
May 12, 2022
Historic Hotel Stay, Complementary Emotet Exposure included
Historic Hotel of America serving up modern malware to their guests. Why securing your inbox with more than just anti-malware engines is needed to prevent cybercrime attacks. [...]
May 12, 2022
Microsoft: May Windows updates cause AD authentication failures
Microsoft is investigating a known issue causing authentication failures for some Windows services after installing updates released during the May 2022 Patch Tuesday. [...]
May 11, 2022
Windows 11 to show suggested actions when copying data to the clipboard
Microsoft is testing a new 'Suggested Actions' feature in Windows 11 Dev builds where the operating system suggests actions you can take with data you copy into the clipboard. [...]
May 11, 2022
Windows 11 KB5013943 update causes 0xc0000135 application errors
Windows 11 users are receiving 0xc0000135 errors when attempting to launch applications after installing the recent Windows 11 KB5013943 cumulative update. [...]
May 11, 2022
US charges hacker for breaching brokerage accounts, securities fraud
The U.S. Department of Justice (DoJ) has charged Idris Dayo Mustapha for a range of cybercrime activities that took place between 2011 and 2018, resulting in financial losses estimated to over $5,000,000. [...]
May 11, 2022
Microsoft: Windows 10 20H2 has reached end of service
Microsoft says multiple editions of Windows 10 20H2 and Windows 10 1909 have reached their end of service (EOS) on this month's Patch Tuesday, on May 10, 2022. [...]
May 11, 2022
HP fixes bug letting attackers overwrite firmware in over 200 models
HP has released BIOS updates today to fix two high-severity vulnerabilities affecting a wide range of PC and notebook products, which might allow arbitrary code execution. [...]
May 11, 2022
New stealthy Nerbian RAT malware spotted in ongoing attacks
A new remote access trojan called Nerbian RAT has been discovered that includes a rich set of features, including the ability to evade detection and analysis by researchers. [...]
May 11, 2022
CISA tells federal agencies to fix actively exploited F5 BIG-IP bug
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a new security vulnerability to its list of actively exploited bugs, the critical severity CVE-2022-1388 affecting BIG-IP network devices. [...]
May 11, 2022
Our Medical Devices' Open Source Problem - What Are the Risks?
There is no doubt that open source powers our development processes, enabling software developers to build high quality, innovative products faster than ever before. But OSS also comes with its own set of risks that device manufacturers must address while leveraging its many advantages. [...]
May 11, 2022
FBI, CISA, and NSA warn of hackers increasingly targeting MSPs
Members of the Five Eyes (FVEY) intelligence alliance today warned managed service providers (MSPs) and their customers that they're increasingly targeted by supply chain attacks. [...]
May 11, 2022
Bitter cyberspies target South Asian govts with new malware
New activity has been observed from Bitter, an APT group focused on cyberespionage, targeting the government of Bangladesh with new malware with remote file execution capabilities. [...]
May 11, 2022
Microsoft fixes Windows Direct3D issue behind app crashes
May 11, 2022
New IceApple exploit toolset deployed on Microsoft Exchange servers
Security researchers have found a new post-exploitation framework that they dubbed IceApple, deployed mainly on Microsoft Exchange servers across a wide geography. [...]
May 10, 2022
Critical F5 BIG-IP vulnerability targeted by destructive attacks
A recently disclosed F5 BIG-IP vulnerability has been used in destructive attacks, attempting to erase a device's file system and make the server unusable. [...]
May 10, 2022
UK cybersecurity center sent 33 million alerts to companies
The NCSC (National Cyber Security Centre) in the UK reports having served 33 million alerts to organizations signed up for its "Early Warning" service. Additionally, the government agency has dealt with a record number of online scams in 2021, removing more than 2.7 million from the internet. [...]
May 10, 2022
Apple discontinues the revolutionary iPod music player
​Apple has decided to pull the plug on the production of the iPod Touch (7th gen), discontinuing the revolutionary iOS-based music player introduced 15 years ago. [...]
May 10, 2022
GitHub announces enhanced 2FA experience for npm accounts
Today, GitHub has launched a new public beta to notably improve the two-factor authentication (2FA) experience for all npm user accounts. [...]
May 10, 2022
Microsoft fixes new NTLM relay zero-day in all Windows versions
May 10, 2022
Windows 11 KB5013943 update fixes screen flickers and .NET app issues
Microsoft has released the Windows 11 KB5013943 cumulative update with security updates, improvements, and fixes for screen flickers in Safe Mode and a bug causing some NET 3.5 apps not to open. [...]
May 10, 2022
Microsoft May 2022 Patch Tuesday fixes 3 zero-days, 75 flaws
May 10, 2022
Windows 10 KB5013942 and KB5013945 updates released
May 10, 2022
FluBot Android malware targets Finland in new SMS campaigns
May 10, 2022
UK govt releases free tool to check for email cybersecurity risks
May 10, 2022
German automakers targeted in year-long malware campaign
A years-long phishing campaign has targeted German companies in the automotive industry, attempting to infect their systems with password-stealing malware. [...]
May 10, 2022
US, EU blame Russia for cyberattack on satellite modems in Ukraine
May 9, 2022
Lincoln College to close after 157 years due ransomware attack
May 9, 2022
Hackers display "blood is on your hands" on Russian TV, take down RuTube
​Hackers continue to target Russia with cyberattacks, defacing Russian TV to show pro-Ukrainian messages and taking down the RuTube video streaming site. [...]
May 9, 2022
Dell, Apple, Netflix face lawsuits for pulling services out of Russia
May 9, 2022
Microsoft releases fixes for Azure flaw allowing RCE attacks
May 9, 2022
Ukraine warns of "chemical attack" phishing pushing stealer malware
May 9, 2022
Hackers exploiting critical F5 BIG-IP flaw to drop backdoors
Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads. [...]
May 9, 2022
Hackers are now hiding malware in Windows Event Logs
Security researchers have noticed a malicious campaign that used Windows event logs to store malware, a technique that has not been previously documented publicly for attacks in the wild. [...]
May 9, 2022
Costa Rica declares national emergency after Conti ransomware attacks
May 8, 2022
Check your gems: RubyGems fixes unauthorized package takeover bug
May 8, 2022
Exploits created for critical F5 BIG-IP flaw, install patch immediately
Security researchers are warning F5 BIG-IP admins to immediately install the latest security updates after creating exploits for a recently disclosed critical CVE-2022-1388 remote code execution vulnerability. [...]
May 8, 2022
Caramel credit card stealing service is growing in popularity
A credit card stealing service is growing in popularity, allowing any low-skilled threat actors an easy and automated way to get started in the world of financial fraud. [...]
May 8, 2022
Google Play now blocks paid app downloads, updates in Russia
May 7, 2022
Fake crypto giveaways steal millions using Elon Musk Ark Invest video
Fake cryptocurrency giveaways are stealing millions of dollars simply by replaying old Elon Musk and Jack Dorsey Ark Invest videos on YouTube. [...]
May 7, 2022
UK sanctions Russian microprocessor makers, banning them from ARM
The UK government added 63 Russian entities to its sanction list on Wednesday. Among them are Baikal Electronics and MCST (Moscow Center of SPARC Technologies), the two most important chip makers in Russia. [...]
May 7, 2022
Trend Micro antivirus modified Windows registry by mistake - How to fix
May 7, 2022
US offers $15 million reward for info on the Conti ransomware gang
The US Department of State is offering up to $15 million for information that helps identify and locate leadership and co-conspirators of the infamous Conti ransomware gang. [...]
May 6, 2022
The Week in Ransomware - May 6th 2022 - An evolving landscape
Ransomware operations continue to evolve, with new groups appearing and others quietly shutting down their operations or rebranding as new groups. [...]
May 6, 2022
Xbox is down worldwide with users unable to play games
May 6, 2022
Ferrari subdomain hijacked to push fake Ferrari NFT collection
May 6, 2022
US agricultural machinery maker AGCO hit by ransomware attack
AGCO, a leading US-based agricultural machinery producer, has announced it was hit by a ransomware attack impacting some of its production facilities. [...]
May 6, 2022
QNAP fixes critical QVR remote command execution vulnerability
QNAP has released several security advisories today to alert its customers about various fixes for flaws affecting its products. The one that stands out is a critical RCE (remote code execution) in QVR. [...]
May 6, 2022
US sanctions Bitcoin laundering service used by North Korean hackers
May 6, 2022
NVIDIA fined for failure to disclose cryptomining sales boost
May 6, 2022
SheetJS ditches npm registry over 2FA requirement and 'legal matters'
May 6, 2022
Google Docs crashes on seeing "And. And. And. And. And."
A bug in Google Docs is causing it to crash when a series of words are typed into a document opened with the online word processor. BleepingComputer was able to reproduce the issue last night and reached out to Google. [...]
May 5, 2022
New Raspberry Robin worm uses Windows Installer to drop malware
Red Canary intelligence analysts have discovered a new Windows malware with worm capabilities that spreads using external USB drives. [...]
May 5, 2022
White House: Prepare for cryptography-cracking quantum computers
May 5, 2022
Ukraine's IT Army is disrupting Russia's alcohol distribution
Hacktivists operating on the side of Ukraine have focused their DDoS attacks on a portal that is considered crucial for the distribution of alcoholic beverages in Russia. [...]
May 5, 2022
NIST updates guidance for defending against supply-chain attacks
The National Institute of Standards and Technology (NIST) has released updated guidance on securing the supply chain against cyberattacks. [...]
May 5, 2022
FTC to force ISP to deploy fiber for 60K users to match speed claims
The Federal Trade Commission (FTC) today proposed an order requiring Connecticut-based internet service provider Frontier Communications to stop "lying" to its customers and support its high-speed internet claims. [...]
May 5, 2022
Microsoft, Apple, and Google to support FIDO passwordless logins
May 5, 2022
Google fixes actively exploited Android kernel vulnerability
Google has released the second part of the May security patch for Android, including a fix for an actively exploited Linux kernel vulnerability. [...]
May 5, 2022
New NetDooka malware spreads via poisoned search results
A new malware framework known as NetDooka has been discovered being distributed through the PrivateLoader pay-per-install (PPI) malware distribution service, allowing threat actors full access to an infected device. [...]
May 5, 2022
Tor project upgrades network speed performance with new system
The Tor Project has published details about a newly introduced system called Congestion Control that promises to eliminate speed limits on the network. [...]
May 5, 2022
Heroku admits that customer credentials were stolen in cyberattack
May 4, 2022
F5 warns of critical BIG-IP RCE bug allowing device takeover
F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. [...]
May 4, 2022
Cisco fixes NFVIS bugs that help gain root and hijack hosts
May 4, 2022
Pixiv, DeviantArt artists hit by NFT job offers pushing malware
Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the "Cyberpunk Ape Executives" NFT project, with the main goal to infect artists' devices with information-stealing malware. [...]
May 4, 2022
Attackers hijack UK NHS email accounts to steal Microsoft logins
For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. [...]
May 4, 2022
Heroku forces user password resets but fails to explain why
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts. [...]
May 4, 2022
FBI says business email compromise is a $43 billion scam
The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. [...]
May 4, 2022
Hackers stole data undetected from US, European orgs since 2019
Cybersecurity analysts have exposed a lengthy operation attributed to the group of Chinese hackers known as "Winnti" and tracked as APT41, which focused on stealing intellectual property assets like patents, copyrights, trademarks, and other types of valuable data. [...]
May 4, 2022
GitHub to require 2FA from active developers by the end of 2023
May 4, 2022
Microsoft: Windows 11 KB5012643 update will break some apps
May 4, 2022
Using PowerShell to manage password resets in Windows domains
With breaches running rampant, it's common to force password resets on your Windows domain. This article shows how admins can use PowerShell to manage password resets and introduce software that makes it even easier. [...]
May 4, 2022
Pro-Ukraine hackers use Docker images to DDoS Russian sites
May 4, 2022
Mitsubishi Electric faked safety and quality control tests for decades
Mitsubishi Electric, one of the world's leading providers of large-scale electrical and HVAC systems has admitted to fraudulently conducting quality assurance tests on its transformers—for decades. [...]
May 4, 2022
Microsoft warns Exchange Online basic auth will be disabled
Microsoft warned customers today that it will start disabling Basic Authentication in random tenants worldwide on October 1, 2022. [...]
May 3, 2022
New ransomware strains linked to North Korean govt hackers
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. [...]
May 3, 2022
Conti, REvil, LockBit ransomware bugs exploited to block encryption
Hackers commonly exploit vulnerabilities in corporate networks to gain access, but a researcher has turned the table by finding exploits in the most common ransomware and malware being distributed today. [...]
May 3, 2022
New phishing warns: Your verified Twitter account may be at risk
Phishing emails increasingly target verified Twitter accounts with emails designed to steal their account credentials, as shown by numerous ongoing campaigns conducted by threat actors. [...]
May 3, 2022
SEC ramps up fight on cryptocurrency fraud by doubling cyber unit
May 3, 2022
Google: Chinese state hackers keep targeting Russian govt agencies
May 3, 2022
Microsoft PowerShell lets you track Windows Registry changes
​A handy tip was shared online this week, showing how you can use PowerShell to monitor changes to the Windows Registry over time. [...]
May 3, 2022
Unpatched DNS bug affects millions of routers and IoT devices
May 3, 2022
Aruba and Avaya network switches are vulnerable to RCE attacks
Security researchers have discovered five vulnerabilities in network equipment from Aruba (owned by HP) and Avaya (owned by ExtremeNetworks), that could allow malicious actors to execute code remotely on the devices. [...]
May 2, 2022
Chinese cyber-espionage group Moshen Dragon targets Asian telcos
Researchers have identified a new cluster of malicious cyber activity tracked as Moshen Dragon, targeting telecommunication service providers in Central Asia. [...]
May 2, 2022
New PyScript project lets you run Python programs in the browser
May 2, 2022
Microsoft Defender for Business stand-alone now generally available
May 2, 2022
Google SMTP relay service abused for sending phishing emails
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users. [...]
May 2, 2022
Cyberspies breach networks via IP cameras to steal Exchange emails
A newly discovered and uncommonly stealthy Advanced Persistent Threat (APT) group is breaching corporate networks to steal Exchange (on-premise and online) emails from employees involved in corporate transactions such as mergers and acquisitions. [...]
May 2, 2022
Car rental giant Sixt facing disruptions due to a cyberattack
​Car rental giant Sixt was hit by a weekend cyberattack causing business disruptions at customer care centers and select branch [...]
May 2, 2022
Microsoft fixes Windows 11 bug causing flickers in safe mode
Microsoft has addressed a newly acknowledged known issue that caused flickering screen problems and made some Windows apps (e.g., File Explorer, Start Menu, and Taskbar) seem unstable in Safe Mode without Networking. [...]
May 2, 2022
U.S. DoD tricked into paying $23.5 million to phishing actor
The U.S. Department of Justice (DoJ) has announced the conviction of Sercan Oyuntur, 40, resident of California, for multiple counts relating to a phishing operation that caused $23.5 million in damages to the U.S. Department of Defense (DoD). [...]
May 1, 2022
REvil ransomware returns: New malware sample confirms gang is back
The notorious REvil ransomware operation has returned amidst rising tensions between Russia and the USA, with new infrastructure and a modified encryptor allowing for more targeted attacks. [...]
May 1, 2022
Open source 'Package Analysis' tool finds malicious npm, PyPI packages
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. the open source tool released on GitHub was able to identify over 200 malicious npm and PyPI packages. [...]
May 1, 2022
Russian hackers compromise embassy emails to target governments
May 1, 2022
A YouTuber is promoting DDoS attacks on Russia — how legal is this?
A YouTube influencer with hundreds of thousands of subscribers is encouraging everyone to conduct cyber warfare against Russia. How risky is it and can you get in trouble? [...]
May 1, 2022
Google fights doxxing with updated personal info removal policy
Google has expanded its policies to allow doxxing victims to remove more of their personally identifiable information (PII) from search engine results starting earlier this week. [...]
April 30, 2022
Fake Windows 10 updates infect you with Magniber ransomware
Fake Windows 10 updates on crack sites are being used to distribute the Magniber ransomware in a massive campaign that started earlier this month. [...]
April 30, 2022
Atlassian doubles the number of orgs affected by two week outage
April 29, 2022
The Week in Ransomware - April 29th 2022 - New operations emerge
April 29, 2022
Windows 11 gets new group policies to tweak the Start Menu
Microsoft has released a new Windows 11 build to the Dev and Beta Channels that introduces multiple group policies that IT administrators can use to tweak the Start menu, the taskbar, and the system tray. [...]
April 29, 2022
Online library app Onleihe faces issues after cyberattack on provider
April 29, 2022
Google gives 50% bonus to Android 13 Beta bug bounty hunters
April 29, 2022
India to require cybersecurity incident reporting within six hours
April 29, 2022
Russian hacktivists launch DDoS attacks on Romanian govt sites
The Romanian national cyber security and incident response team, DNSC, has issued a statement about a series of distributed denial-of-service (DDoS) attacks targeting several public websites managed by the state entities. [...]
April 28, 2022
Hands on with Microsoft Edge's new built-in VPN feature
April 28, 2022
WhatsApp is currently down with users reporting connection issues
WhatsApp is down according to user reports mentioning issues connecting to the messaging platform and the inability to send messages although still connected. [...]
April 28, 2022
EmoCheck now detects new 64-bit versions of Emotet malware
The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet malware that began infecting users this month. [...]
April 28, 2022
Synology warns of critical Netatalk bugs in multiple products
April 28, 2022
Microsoft fixes ExtraReplica Azure bugs that exposed user databases
April 28, 2022

April 28, 2022
Ukraine targeted by DDoS attacks from compromised WordPress sites
Ukraine's computer emergency response team (CERT-UA) has published an announcement warning of ongoing DDoS (distributed denial of service) attacks targeting pro-Ukraine sites and the government web portal. [...]
April 28, 2022
How to Attack Your Own Company's Service Desk to spot risks
Specops Secure Service Desk is an excellent tool for keeping a help desk safe from social engineering attacks. Although Specops Secure Service Desk offers numerous features, there are three capabilities that are especially useful for thwarting social engineering attacks. [...]
April 28, 2022
New Bumblebee malware takes over BazarLoader's ransomware delivery
A newly discovered malware loader called Bumblebee is likely the latest development of the Conti syndicate, designed to replace the BazarLoader backdoor used to deliver ransomware payloads. [...]
April 28, 2022
NPM flaw let attackers add anyone as maintainer to malicious packages
April 28, 2022
Ransom payment is roughly 15% of the total cost of ransomware attacks
Researchers analyzing the collateral consequences of a ransomware attack include costs that are roughly seven times higher than the ransom demanded by the threat actors. [...]
April 28, 2022
Austin Peay State University resumes after ransomware cyber attack
April 27, 2022
PSA: Onyx ransomware destroys large files instead of encrypting them
A new Onyx ransomware operation is destroying large files instead of encrypting them, preventing those files from being decrypted even if a ransom is paid. [...]
April 27, 2022
New Black Basta ransomware springs into action with a dozen breaches
A new ransomware gang known as Black Basta has quickly catapulted into operation this month, claiming to have breached over twelve companies in just a few weeks. [...]
April 27, 2022
GitHub: How stolen OAuth tokens helped breach dozens of orgs
April 27, 2022
QNAP warns users to disable AFP until it fixes critical bugs
Taiwanese corporation QNAP has asked customers this week to disable the AFP file service protocol on their network-attached storage (NAS) appliances until it fixes multiple critical Netatalk vulnerabilities. [...]
April 27, 2022
Microsoft says Russia hit Ukraine with hundreds of cyberattacks
Microsoft has revealed the true scale of Russian-backed cyberattacks against Ukraine since the invasion, with hundreds of attempts from multiple Russian hacking groups targeting the country's infrastructure and Ukrainian citizens. [...]
April 27, 2022
Russian govt impersonators target telcos in phishing attacks
April 27, 2022
Cybersecurity agencies reveal top exploited vulnerabilities of 2021
In partnership with the NSA and the FBI, cybersecurity authorities worldwide have released today a list of the top 15 vulnerabilities routinely exploited by threat actors during 2021. [...]
April 27, 2022
RIG Exploit Kit drops RedLine malware via Internet Explorer bug
Threat analysts have uncovered yet another large-scale campaign delivering the RedLine stealer malware onto worldwide targets. [...]
April 27, 2022
Chinese state-backed hackers now target Russian state officers
April 27, 2022
Number of publicly exposed database instances hits new record
April 27, 2022
New Nimbuspwn Linux vulnerability gives hackers root privileges
A new set of vulnerabilities collectively tracked as Nimbuspwn could let local attackers escalate privileges on Linux systems to deploy malware ranging from backdoors to ransomware. [...]
April 26, 2022
US offers $10 million reward for tips on Russian Sandworm hackers
The U.S. is offering up to $10 million to identify or locate six Russian GRU hackers who are part of the notorious Sandworm hacking group. [...]
April 26, 2022
Emotet malware now installs via PowerShell in Windows shortcut files
The Emotet botnet is now using Windows shortcut files (.LNK) containing PowerShell commands to infect victims computers, moving away from Microsoft Office macros that are now disabled by default. [...]
April 26, 2022
American Dental Association hit by cyberattack, operations disrupted
The American Dental Association (ADA) was hit by a weekend cyberattack causing them to shut down portions of their network while investigating the attack. [...]
April 26, 2022
Coca-Cola investigates hackers' claims of breach and data theft
Coca-Cola, the world's largest soft drinks maker, has confirmed in a statement to BleepingComputer that it is aware of the reports about a cyberattack on its network and is currently investigating the claims. [...]
April 26, 2022
Google Play Store now forces apps to disclose what data is collected
Google is rolling out a new Data Safety section on the Play Store, Android's official app repository, where developers must declare what data their software collects from users of their apps. [...]
April 26, 2022
Public interest in Log4Shell fades but attack surface remains
It's been four months since Log4Shell, a critical zero-day vulnerability in the ubiquitous Apache Log4j library, was discovered, and threat analysts warn that the application of the available fixes is still way behind. [...]
April 26, 2022
David Colombo on Tesla Hacks and Growing into Hacking
Cybellum interviewed David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to Our Own Devices. Not yet 20 years old, the prolific cyber researcher already has to his credit the exposure of numerous critical vulnerabilities, including the honor of hacking his way into Tesla vehicles. [...]
April 26, 2022
Hackers exploit critical VMware RCE flaw to install backdoors
April 25, 2022
Windows 10 KB5011831 update released with 26 bug fixes, improvements
Microsoft has released the optional KB5011831 Preview cumulative update for Windows 10 20H2, Windows 10 21H1, and Windows 10 21H2 that fixes 26 bugs. [...]
April 25, 2022
CISA adds 7 vulnerabilities to list of bugs exploited in attacks
April 25, 2022
Emotet malware infects users again after fixing broken installer
The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments. [...]
April 25, 2022
North Korean hackers targeting journalists with novel malware
North Korean state-sponsored hackers known as APT37 have been discovered targeting journalists specializing in the DPRK with a novel malware strain. [...]
April 25, 2022
French hospital group disconnects Internet after hackers steal data
The GHT Coeur Grand Est. Hospitals and Health Care group comprising nine establishments with 3,370 beds across Northeast France has disclosed a cyberattack that resulted in the theft of sensitive administrative and patient data. [...]
April 25, 2022
New powerful Prynt Stealer malware sells for just $100 per month
Threat analysts have spotted yet another addition to the growing space of info-stealer malware infections, named Prynt Stealer, which offers powerful capabilities and extra keylogger and clipper modules. [...]
April 25, 2022
Quantum ransomware seen deployed in rapid network attacks
The Quantum ransomware, a strain first discovered in August 2021, were seen carrying out speedy attacks that escalate quickly, leaving defenders little time to react. [...]
April 24, 2022
Enable Windows 11's God Mode to access all settings in one screen
April 23, 2022
Animated QR codes: how do they work, and how to create your own?
April 22, 2022
'Hack DHS' bug hunters find 122 security flaws in DHS systems
The Department of Homeland Security (DHS) today revealed that bug bounty hunters enrolled in its 'Hack DHS' bug bounty program have found 122 security vulnerabilities in external DHS systems, 27 of them rated critical severity. [...]
April 22, 2022
Russian hackers are seeking alternative money-laundering options
April 22, 2022
US govt grants academics $12M to develop cyberattack defense tools
April 22, 2022
T-Mobile confirms Lapsus$ hackers breached internal systems
April 22, 2022
Chinese hackers behind most zero-day exploits during 2021
Threat analysts report that zero-day vulnerability exploitation is on the rise with Chinese hackers using most of them in attacks last year. [...]
April 22, 2022
Atlassian fixes critical Jira authentication bypass vulnerability
April 22, 2022
Ubuntu 22.04 LTS released with performance and security improvements
April 22, 2022
Windows 10 KB5012636 cumulative update fixes freezing issues
Microsoft has released the optional KB5012636 cumulative update preview for Windows 10 1809 and Windows Server 2019, with fixes for system freezing issues affecting client and server systems. [...]
April 21, 2022
Docker servers hacked in ongoing cryptomining malware campaign
Docker APIs on Linux servers are being targeted by a large-scale Monero crypto-mining campaign from the operators of the Lemon_Duck botnet. [...]
April 21, 2022
Hackers earn $400K for zero-day ICS exploits demoed at Pwn2Own
Pwn2Own Miami 2022 has ended with competitors earning $400,000 for 26 zero-day exploits (and several bug collisions) targeting ICS and SCADA products demoed during the contest between April 19 and April 21. [...]
April 21, 2022
QNAP asks users to mitigate critical Apache HTTP Server bugs
QNAP has asked customers to apply mitigation measures to block attempts to exploit Apache HTTP Server security vulnerabilities impacting their network-attached storage (NAS) devices. [...]
April 21, 2022
U.S. Treasury sanctions Russian cryptocurrency mining companies
The U.S. Department of the Treasury has announced a new package of sanctions targeting parties that facilitate evasion of previous measures imposed on Russia. [...]
April 21, 2022
Critical bug in Android could allow access to users' media files
Security analysts have found that Android devices running on Qualcomm and MediaTek chipsets were vulnerable to remote code execution due to a flaw in the implementation of the Apple Lossless Audio Codec (ALAC). [...]
April 21, 2022
GitHub restores popular Python repo hit by bogus DMCA takedown
April 21, 2022

April 21, 2022
Cisco Umbrella default SSH key allows theft of admin credentials
Cisco has released security updates to address a high severity vulnerability in the Cisco Umbrella Virtual Appliance (VA), allowing unauthenticated attackers to steal admin credentials remotely. [...]
April 21, 2022
FBI: BlackCat ransomware breached at least 60 entities worldwide
April 20, 2022
REvil's TOR sites come alive to redirect to new ransomware operation
REvil ransomware's servers in the TOR network are back up after months of inactivity and redirect to a new operation that appears to have started since at least mid-December last year. [...]
April 20, 2022
Microsoft Exchange servers hacked to deploy Hive ransomware
April 20, 2022
FBI warns of ransomware attacks targeting US agriculture sector
April 20, 2022
US and allies warn of Russian hacking threat to critical infrastructure
Today, Five Eyes cybersecurity authorities warned critical infrastructure network defenders of an increased risk that Russia-backed hacking groups could target organizations within and outside Ukraine's borders. [...]
April 20, 2022
Okta: Lapsus$ breach lasted only 25 minutes, hit 2 customers
Identity and access management firm Okta says an investigation into the January Lapsus$ breach concluded the incident's impact was significantly smaller than expected. [...]
April 20, 2022
Microsoft Defender flags Google Chrome updates as suspicious
April 20, 2022
Brave adds Discussions to enrich its search results
April 20, 2022
Russian state hackers hit Ukraine with new malware variants
Threat analysts report the activity of the Russian state-sponsored threat group known as Gamaredon (Armageddon, Shuckworm), is still notably active in Ukrainian computer networks. [...]
April 20, 2022
Amazon Web Services fixes container escape in Log4Shell hotfix
April 19, 2022
CISA warns of attackers now exploiting Windows Print Spooler bug
April 19, 2022
Emotet botnet switches to 64-bit modules, increases activity
The Emotet malware is having a burst in distribution and is likely to soon switch to new payloads that are currently detected by fewer antivirus engines. [...]
April 19, 2022
QNAP urges customers to disable UPnP port forwarding on routers
April 19, 2022
Microsoft disables SMB1 by default for Windows 11 Home Insiders
Microsoft announced today that the 30-year-old SMBv1 file-sharing protocol is now disabled by default on Windows systems running the latest Windows 11 Home Dev channel builds, the last editions of Windows or Windows Server that still came with SMBv1 enabled. [...]
April 19, 2022
Real-time voice concealment algorithm blocks microphone spying
Columbia University researchers have developed a novel algorithm that can block rogue audio eavesdropping via microphones in smartphones, voice assistants, and IoTs in general. [...]
April 19, 2022
GitHub notifies owners of private repos stolen using OAuth tokens
April 19, 2022
How to protect your ADFS from password spraying attacks
Microsoft recommends a multi-tiered approach for securing your ADFS environment from password attacks. Learn how Specops can fill in the gaps to add further protection against password sprays and other password attacks. [...]
April 19, 2022
New stealthy BotenaGo malware variant targets DVR devices
Threat analysts have spotted a new variant of the BotenaGo botnet malware, and it's the stealthiest seen so far, running undetected by any anti-virus engine. [...]
April 19, 2022
Lenovo UEFI firmware driver bugs affect over 100 laptop models
Lenovo has published a security advisory on vulnerabilities that impact its Unified Extensible Firmware Interface (UEFI) loaded on at least 100 of its laptop models. [...]
April 19, 2022
LinkedIn brand takes lead as most impersonated in phishing attacks
Security researchers are warning that LinkedIn has become the most spoofed brand in phishing attacks, accounting for more than 52% of all such incidents at a global level. [...]
April 18, 2022
US warns of Lazarus hackers using malicious cryptocurrency apps
April 18, 2022
Free decryptor released for Yanluowang ransomware victims
Kaspersky today revealed it found a vulnerability in Yanluowang ransomware's encryption algorithm, which makes it possible to recover files it encrypts. [...]
April 18, 2022
Newly found zero-click iPhone exploit used in NSO spyware attacks
Digital threat researchers at Citizen Lab have discovered a new zero-click iMessage exploit used to install NSO Group spyware on devices belonging to Catalan politicians, journalists, and activists. [...]
April 18, 2022
Hackers steal $655K after picking MetaMask seed from iCloud backup
April 18, 2022
Unofficial Windows 11 upgrade installs info-stealing malware
Hackers are luring unsuspecting users with a fake Windows 11 upgrade that comes with malware that steals browser data and cryptocurrency wallets. [...]
April 18, 2022
Windows 10 21H2 now in broad deployment, available to everyone
Microsoft says Windows 10, version 21H2 (aka the November 2021 Update) is now designated for broad deployment, making it available to everyone via Windows Update. [...]
April 18, 2022
Beanstalk DeFi platform loses $182 million in flash-load attack
April 17, 2022
Customize Windows 11 experience with these apps
Windows 11 is now available with a long list of limitations and missing features. The big feature update is currently available for download as an optional update and if you've already upgraded to the new operating system, you can try the third-party programs highlighted below. [...]
April 17, 2022
Microsoft: Office 2013 will reach end of support in April 2023
April 16, 2022
New Industrial Spy stolen data market promoted through cracks, adware
Threat actors have launched a new marketplace called Industrial Spy that sells stolen data from breached companies, promoting the site through adware and software cracks. [...]
April 16, 2022
GitHub suspends accounts of Russian devs at sanctioned companies
Russian software developers are reporting that their GitHub accounts are being suspended without warning if they work for or previously worked for companies under US sanctions. [...]
April 15, 2022
GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
April 15, 2022
The Week in Ransomware - April 15th 2022 - Encrypting Russia
While countries worldwide have been the frequent target of ransomware attacks, Russia and CIS countries have been avoided by threat actors. The tables have turned with the NB65 hacking group modifying the leaked Conti ransomware to use in attacks on Russian entities. [...]
April 15, 2022
T-Mobile customers warned of unblockable SMS phishing attacks
An ongoing phishing campaign targets T-Mobile customers with malicious links using unblockable texts sent via SMS (Short Message Service) group messages. [...]
April 15, 2022
Cisco vulnerability lets hackers craft their own login credentials
April 15, 2022
CISA orders agencies to fix actively exploited VMware, Chrome bugs
The Cybersecurity and Infrastructure Security Agency (CISA) has added nine more security flaws to its list of actively exploited bugs, including a VMware privilege escalation flaw and a Google Chrome zero-day that could be used for remote code execution. [...]
April 15, 2022
Cryptocurrency DeFi platforms are now more targeted than ever
Hackers are increasingly targeting DeFi (Decentralized Finance) cryptocurrency platforms, with Q1 2022 data showing that more platforms are being targeted than ever before. [...]
April 15, 2022
'Mute' button in conferencing apps may not actually mute your mic
A new study shows that pressing the mute button on popular video conferencing apps (VCA) may not actually work like you think it should, with apps still listening in on your microphone. [...]
April 15, 2022
Karakurt revealed as data extortion arm of Conti cybercrime syndicate
April 14, 2022
Wind turbine firm Nordex hit by Conti ransomware attack
The Conti ransomware operation has claimed responsibility for a cyberattack on wind turbine giant Nordex, which was forced to shut down IT systems and remote access to the managed turbines earlier this month. [...]
April 14, 2022
Critical Windows RPC CVE-2022-26809 flaw raises concerns - Patch now
Microsoft has fixed a new Windows RPC CVE-2022-26809 vulnerability that is raising concerns among security researchers due to its potential for widespread, significant cyberattacks once an exploit is developed. Therefore, all organization needs to apply Windows security updates as soon as possible. [...]
April 14, 2022
FBI: Payment app users targeted in social engineering attacks
April 14, 2022
Google Chrome emergency update fixes zero-day used in attacks
Google has released Chrome 100.0.4896.127 for Windows, Mac, and Linux, to fix a high-severity zero-day vulnerability actively used by threat actors in attacks. [...]
April 14, 2022
Windows 11 tool to add Google Play secretly installed malware
A popular Windows 11 ToolBox script used to add the Google Play Store to the Android Subsystem has secretly infected users with malicious scripts, Chrome extensions, and potentially other malware. [...]
April 14, 2022
Microsoft increases awards for high-impact Microsoft 365 bugs
Microsoft has increased the maximum awards for high-impact security flaws reported through the Microsoft 365 and the Dynamics 365 / Power Platform bug bounty programs. [...]
April 14, 2022
New ZingoStealer infostealer drops more malware, cryptominers
A new information-stealing malware called ZingoStealer has been discovered with powerful data-stealing features and the ability to load additional payloads or mine Monero. [...]
April 14, 2022
FBI links largest crypto hack ever to Lazarus state hackers
April 14, 2022
Atlassian finally explains the cause of ongoing cloud outage
Atlassian has finally revealed the exact cause of an ongoing cloud services outage the company estimates could impact some of its customers for up to two more weeks. [...]
April 14, 2022
Hackers target Ukrainian govt with IcedID malware, Zimbra exploits
Hackers are targeting Ukrainian government agencies with new attacks exploiting Zimbra exploits and phishing attacks pushing the IcedID malware. [...]
April 14, 2022

Hetzner Online GmbH, a German cloud services provider, told some customers this week that their data had been irreversibly lost and were provided a 20€ compensation in online credit. [...]
April 14, 2022
The top 10 password attacks and how to stop them
To better understand how to protect passwords in your environment from attacks, let's look at the top 10 password attacks and see what your organization can do to prevent them. [...]
April 14, 2022
Instagram beyond pics: Sexual harassers, crypto crooks, ID thieves
April 14, 2022
Flaw in Rarible NFT market allowed tricky crypto asset transfers
A security flaw in the Rarible NFT (non-fungible token) marketplace allowed threat actors to use a relatively simple attack vector to steal digital assets from the target's accounts and transfer them directly to their wallets. [...]
April 14, 2022
OldGremlin ransomware deploys new malware on Russian mining org
OldGremlin, a little-known threat actor that uses its particularly advanced skills to run carefully prepared, sporadic campaigns, has made a comeback last month after a gap of more than one year. [...]
April 13, 2022
CISA warns orgs to patch actively exploited Windows LPE bug
April 13, 2022
African banks heavily targeted in RemcosRAT malware campaigns
African banks are increasingly targeted by malware distribution campaigns that employ HTML smuggling tricks and typo-squatted domains to drop remote access trojans (RATs). [...]
April 13, 2022
New Fodcha DDoS botnet targets over 100 victims every day
April 13, 2022
Hackers exploit critical VMware CVE-2022-22954 bug, patch now
Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...]
April 13, 2022
US warns of govt hackers targeting industrial control systems
April 13, 2022
Microsoft disrupts Zloader malware in global operation
April 13, 2022
3 Reasons Connected Devices are More Vulnerable than Ever
We are surrounded by billions of connected devices that contribute round-the-clock to practically every aspect of our lives - from transportation, to entertainment, to health and well-being. Here are the top three reasons why connected-device cybersecurity is more fragile than ever. [...]
April 13, 2022
New EnemyBot DDoS botnet recruits routers and IoTs into its army
A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec. [...]
April 13, 2022
Critical flaw in Elementor WordPress plugin may affect 500k sites
The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites. [...]
April 13, 2022
Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now
April 12, 2022
Ethereum dev imprisoned for helping North Korea evade sanctions
Virgil Griffith, a US cryptocurrency expert, was sentenced on Tuesday to 63 months in prison after pleading guilty to assisting the Democratic People's Republic of Korea (DPRK) with technical info on how to evade sanctions. [...]
April 12, 2022
Microsoft: Windows Server now supports automatic .NET updates
Home >>>







Place Service Call

(Request Support Desk Call Back)










Contact Us


Western Networks Inc.

8351 Melburn Court
Mission, British Columbia
CANADA V2V 7B3

Telephone:

604.590.2590









Latest Security Alerts


Feb
28th

Anycubic 3D printers hacked worldwide to expose security flaw

According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks.

Feb
28th

Malicious AI models on Hugging Face backdoor users’ machines

At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor.

Feb
28th

New executive order bans mass sale of personal data to China, Russia

U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela.

Feb
28th

Rhysida ransomware wants $3.6 million for children’s stolen data

The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month.

Feb
28th

Kali Linux 2024.1 released with 4 new tools, UI refresh

Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes.










Latest Company News


JUL
11th

Western Networks Supports Animals in Need with LAPS

Western Networks is proud to sponsor the photo booth at the upcoming LAPS (Langley Animal Protection Society) 10th Annual Furry Tail Endings Gala, An Enchanted Ball on Saturday, November 4, 2017 at the Coast Hotel & Convention Centre in Langley. It will be a formal-dress evening of dining, dancing, and entertainment, with a silent and live auction. Proceeds go to helping protect and promote the physical, emotional, and psychological well being of companion animals in Langley. This will be a great event for a great cause!

More information and tickets are available through LAPS by phone or in person. Purchase information is here.

The results of the LAPS Dream Vacation Lottery will be announced at the Gala, as well. Tickets for the LAPS $5000 Dream Vacation Lottery are available in advance. Purchase information is here.

Come out and support our furry friends while having a "ball" doing it! We'll see you there!

FEB
3rd

Western Networks Offers In-House Hosting and Spam Protection

Seeing a need for better web, e-mail, and FTP hosting solutions, as well as superior spam-filtering solutions, Western Networks has begun offering in-house answers.

Using a group of servers to offer redundant, fail-safe hosting, Western Networks servers are high performance machines that provide reliable hosting for customer websites and e-mail. Scalability has been achieved through server virtualization, with quick and monitored fail-over in the event of an unresponsive server.

In addition, Western Networks has begun offering spam-filtering solutions via SonicWALL's outstanding Email Security appliance products. SonicWALL's Email Security products offer the best spam and virus protection available, and Western Networks is proud to be able to offer that protection to it's clients at a low cost.

Between the two new service offerings, Western Networks is able to offer an end-to-end e-mail and hosting solution that provides maximum security, excellent spam and virus filtering, and complete control over e-mail flow and hosting for easy diagnostics of any issues that may present themselves.










RingCentral Americas Status


 
Calling - Inbound
 
Calling - Outbound
 
Calling - Call Queue
 
Phones - Deskphone
 
Phones - Softphone
 
Meetings - RingCentral Meetings
 
Meetings - RingCentral Video
 
Webinar
 
RingCentral Events
 
Contact Center
 
Messaging
 
SMS - Inbound
 
SMS - Outbound
 
Fax - Inbound
 
Fax - Outbound
 
Connect Platform
 
Service Portal
 
Developer Sandbox
 
RingCX
 
Engage Digital - Digital AWS
 
Engage Digital - Digital Claranet
 
Analytics - Live Reports
 
Analytics - Analytics Portal
 
Other
 
RingSense
 
Last updated: March 29, 2024 4:13:59am PDT






 Networks · Telephones · Cabling · Consulting · Hardware · Software · Training · On-Going Support