Microsoft Exchange Autodiscover bugs leak 100K Windows credentials

Bugs in the implementation of Microsoft Exchange's Autodiscover feature have leaked approximately 100,000 login names and passwords for Windows domains worldwide. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-autodiscover-bugs-leak-100k-windows-credentials/

Phishing-as-a-service operation uses double theft to boost profits

Microsoft says BulletProofLink, a large-scale phishing-as-a-service operation it spotted while investigating recent phishing attacks, is the driving force behind many phishing campaigns that have targeted many corporate organizations lately. [...]

https://www.bleepingcomputer.com/news/microsoft/phishing-as-a-service-operation-uses-double-theft-to-boost-profits/

Modern cyber protection: The digital must-have for home users

Digital advances have reinvented how most of us work, organize our lives, and communicate with friends. As individuals, we're more dependent on data than at any time in history, which means protecting the data, applications, and systems we rely on is a serious concern. [...]

https://www.bleepingcomputer.com/news/security/modern-cyber-protection-the-digital-must-have-for-home-users/

Second farming cooperative shut down by ransomware this week

Minnesota farming supply cooperative Crystal Valley has suffered a ransomware attack, making it the second farming cooperative attacked this weekend. [...]

https://www.bleepingcomputer.com/news/security/second-farming-cooperative-shut-down-by-ransomware-this-week/

Apple will disable insecure TLS in future iOS, macOS releases

Apple has deprecated the insecure Transport Layer Security (TLS) 1.0 and 1.1 protocols in recently launched iOS and macOS versions and plans to remove support in future releases altogether. [...]

https://www.bleepingcomputer.com/news/apple/apple-will-disable-insecure-tls-in-future-ios-macos-releases/

FBI, CISA, and NSA warn of escalating Conti ransomware attacks

CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) warned today of an increased number of Conti ransomware attacks targeting US organizations. [...]

https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-warn-of-escalating-conti-ransomware-attacks/

Hackers are scanning for VMware CVE-2021-22005 targets, patch now!

Threat actors have already started targeting Internet-exposed VMware vCenter servers unpatched against a critical arbitrary file upload vulnerability patched yesterday that could lead to remote code execution. [...]

https://www.bleepingcomputer.com/news/security/hackers-are-scanning-for-vmware-cve-2021-22005-targets-patch-now/

Microsoft announces new Windows 11-powered Surface devices

At its Surface event, Microsoft announced four new devices - Surface Duo 2, Surface Go 3, Surface Laptop Studio, and Surface Pro 8. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-windows-11-powered-surface-devices/

REVil ransomware devs added a backdoor to cheat affiliates

Cybercriminals are slowly realizing that the REvil ransomware operators have been hijacking ransom negotiations, to cut affiliates out of payments. [...]

https://www.bleepingcomputer.com/news/security/revil-ransomware-devs-added-a-backdoor-to-cheat-affiliates/

Google tests if 'Chrome/100.0' user agent breaks websites

Google is testing whether changing the Chrome user agent to three-digit 'Chrome/100' will cause loss of functionality on websites that are expecting a two digit version number. [...]

https://www.bleepingcomputer.com/news/google/google-tests-if-chrome-1000-user-agent-breaks-websites/

Malware devs trick Windows validation with malformed certs

Google researchers spotted malware developers creating malformed code signatures seen as valid in Windows to bypass security software. [...]

https://www.bleepingcomputer.com/news/security/malware-devs-trick-windows-validation-with-malformed-certs/

Apple fixes another zero-day used to deploy NSO iPhone spyware

Apple has released security updates to fix three zero-day vulnerabilities exploited in the wild by attackers to hack into iPhones and Macs running older iOS and macOS versions. [...]

https://www.bleepingcomputer.com/news/apple/apple-fixes-another-zero-day-used-to-deploy-nso-iphone-spyware/

Hacking group used ProxyLogon exploits to breach hotels worldwide

A newly discovered cyberespionage group has been targeting hotels worldwide around the world since at least 2019, as well as higher-profile targets such as governments, international organizations, law firms, and engineering companies. [...]

https://www.bleepingcomputer.com/news/security/hacking-group-used-proxylogon-exploits-to-breach-hotels-worldwide/

Windows 11 is now available in the Insider 'Release' channel

Microsoft has moved Windows 11 to the Windows Insider 'Release' channel in anticipation of its upcoming launch on October 5th. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-is-now-available-in-the-insider-release-channel/

Google: Manifest V2 Chrome extensions to stop working in 2023

Google has shared the phase-out timeline for Manifest V2 Chrome extensions and its plans to bring Manifest V3 to full feature parity. [...]

https://www.bleepingcomputer.com/news/google/google-manifest-v2-chrome-extensions-to-stop-working-in-2023/

SonicWall fixes critical bug allowing SMA 100 device takeover

SonicWall has patched a critical security flaw impacting several Secure Mobile Access (SMA) 100 series products that can let unauthenticated attackers remotely gain admin access on targeted devices. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-fixes-critical-bug-allowing-sma-100-device-takeover/

Cisco fixes highly critical vulnerabilities in IOS XE Software

Cisco has patched three critical vulnerabilities affecting components in its IOS XE internetworking operating system powering routers and wireless controllers, or products running with a specific configuration. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-highly-critical-vulnerabilities-in-ios-xe-software/

Exploit code released for three iOS 0-days that Apple failed to patch

Proof-of-concept exploit code for three iOS zero-day vulnerabilities (and a fourth one patched in July) was published on GitHub after Apple delayed patching and failed to credit the researcher. [...]

https://www.bleepingcomputer.com/news/security/exploit-code-released-for-three-ios-0-days-that-apple-failed-to-patch/

EU officially blames Russia for 'Ghostwriter' hacking activities

The European Union has officially linked Russia to a hacking operation known as Ghostwriter that targets high-profile EU officials, journalists, and the general public. [...]

https://www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/

Microsoft rushes to register Autodiscover domains leaking credentials

Microsoft is rushing to register Internet domains used to steal Windows credentials sent from faulty implementations of the Microsoft Exchange Autodiscover protocol. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-rushes-to-register-autodiscover-domains-leaking-credentials/

Emergency Google Chrome update fixes zero-day exploited in the wild

Google has released Chrome 94.0.4606.61 for Windows, Mac, and Linux, an emergency update addressing a high-severity zero-day vulnerability exploited in the wild. [...]

https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-exploited-in-the-wild/