Credit card PINs can be guessed even when covering the ATM pad

Researchers have proven it's possible to train a special-purpose deep-learning algorithm that can guess 4-digit card PINs 41% of the time, even if the victim is covering the pad with their hands.  [...]

https://www.bleepingcomputer.com/news/security/credit-card-pins-can-be-guessed-even-when-covering-the-atm-pad/

Microsoft fixes Windows 10 auth issue impacting Remote Desktop

Microsoft has fixed a known Windows 10 issue causing smartcard authentication to fail when trying to connect using Remote Desktop after installing the cumulative updates released during the September 2021 Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-auth-issue-impacting-remote-desktop/

Microsoft asks admins to patch PowerShell to fix WDAC bypass

Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/

Microsoft: Windows 11 bug may only allow admins to print

Microsoft is working on a fix for a known issue impacting Windows 11 customers and causing a prompt for admin credentials before every attempt to print. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-bug-may-only-allow-admins-to-print/

Suspected Chinese hackers behind attacks on ten Israeli hospitals

A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country. [...]

https://www.bleepingcomputer.com/news/security/suspected-chinese-hackers-behind-attacks-on-ten-israeli-hospitals/

State-backed hackers breach telcos with custom malware

A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. [...]

https://www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/

FBI, CISA, NSA share defense tips for BlackMatter ransomware attacks

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates. [...]

https://www.bleepingcomputer.com/news/security/fbi-cisa-nsa-share-defense-tips-for-blackmatter-ransomware-attacks/

ACE takes down Electro TV Sat pirate streaming service

ACE (Alliance for Creativity) has forced Electro TV Sat offline following a crackdown operation in Morocco, where the pirate streaming platform was based. [...]

https://www.bleepingcomputer.com/news/technology/ace-takes-down-electro-tv-sat-pirate-streaming-service/

Microsoft fixes Surface Pro 3 TPM bypass with public exploit code

Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-surface-pro-3-tpm-bypass-with-public-exploit-code/

New Karma ransomware group likely a Nemty rebrand

Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang. [...]

https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/

FBI warns of fake govt sites used to steal financial, personal data

The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/

Man gets 7 years in prison for hacking 65K health care employees

Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC). [...]

https://www.bleepingcomputer.com/news/security/man-gets-7-years-in-prison-for-hacking-65k-health-care-employees/

China's VPN market now open to foreign investment

The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country. [...]

https://www.bleepingcomputer.com/news/government/chinas-vpn-market-now-open-to-foreign-investment/

LightBasin hacking group breaches 13 global telecoms in two years

A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. [...]

https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/

BlackByte ransomware decryptor released to recover files for free

A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-decryptor-released-to-recover-files-for-free/

About 26% of all malicious JavaScript threats are obfuscated

A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis.  [...]

https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/

Acer hacked twice in a week by the same threat actor

Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. [...]

https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/

Brave ditches Google for its own privacy-centric search engine

Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions. [...]

https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/

Zerodium wants zero-day exploits for Windows VPN clients

In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. [...]

https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/

Newer PurpleFox botnet variants leverage WebSockets for coms

The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. [...]

https://www.bleepingcomputer.com/news/security/newer-purplefox-botnet-variants-leverage-websockets-for-coms/

Microsoft 365 will get enhanced insider risk management tools

Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-enhanced-insider-risk-management-tools/