Microsoft asks admins to patch PowerShell to fix WDAC bypass
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/
BleepingComputer
Microsoft asks admins to patch PowerShell to fix WDAC bypass
Microsoft has asked system administrators to patch PowerShell 7 against two vulnerabilities allowing attackers to bypass Windows Defender Application Control (WDAC) enforcements and gain access to plain text credentials.
Microsoft: Windows 11 bug may only allow admins to print
Microsoft is working on a fix for a known issue impacting Windows 11 customers and causing a prompt for admin credentials before every attempt to print. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-bug-may-only-allow-admins-to-print/
Microsoft is working on a fix for a known issue impacting Windows 11 customers and causing a prompt for admin credentials before every attempt to print. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-bug-may-only-allow-admins-to-print/
BleepingComputer
Microsoft: Windows 11 bug may only allow admins to print
Microsoft is working on a fix for a known issue impacting Windows 11 customers and causing a prompt for admin credentials before every attempt to print.
Suspected Chinese hackers behind attacks on ten Israeli hospitals
A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country. [...]
https://www.bleepingcomputer.com/news/security/suspected-chinese-hackers-behind-attacks-on-ten-israeli-hospitals/
A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country. [...]
https://www.bleepingcomputer.com/news/security/suspected-chinese-hackers-behind-attacks-on-ten-israeli-hospitals/
BleepingComputer
Suspected Chinese hackers behind attacks on ten Israeli hospitals
A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country.
State-backed hackers breach telcos with custom malware
A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. [...]
https://www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/
A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia. [...]
https://www.bleepingcomputer.com/news/security/state-backed-hackers-breach-telcos-with-custom-malware/
BleepingComputer
State-backed hackers breach telcos with custom malware
A previously unknown state-sponsored actor is deploying a novel toolset in attacks targeting telecommunication providers and IT firms in South Asia.
FBI, CISA, NSA share defense tips for BlackMatter ransomware attacks
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates. [...]
https://www.bleepingcomputer.com/news/security/fbi-cisa-nsa-share-defense-tips-for-blackmatter-ransomware-attacks/
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates. [...]
https://www.bleepingcomputer.com/news/security/fbi-cisa-nsa-share-defense-tips-for-blackmatter-ransomware-attacks/
BleepingComputer
FBI, CISA, NSA share defense tips for BlackMatter ransomware attacks
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) published today an advisory with details about how the BlackMatter ransomware gang operates.
ACE takes down Electro TV Sat pirate streaming service
ACE (Alliance for Creativity) has forced Electro TV Sat offline following a crackdown operation in Morocco, where the pirate streaming platform was based. [...]
https://www.bleepingcomputer.com/news/technology/ace-takes-down-electro-tv-sat-pirate-streaming-service/
ACE (Alliance for Creativity) has forced Electro TV Sat offline following a crackdown operation in Morocco, where the pirate streaming platform was based. [...]
https://www.bleepingcomputer.com/news/technology/ace-takes-down-electro-tv-sat-pirate-streaming-service/
BleepingComputer
ACE takes down Electro TV Sat pirate streaming service
ACE (Alliance for Creativity) has forced Electro TV Sat offline following a crackdown operation in Morocco, where the pirate streaming platform was based.
Microsoft fixes Surface Pro 3 TPM bypass with public exploit code
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-surface-pro-3-tpm-bypass-with-public-exploit-code/
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-surface-pro-3-tpm-bypass-with-public-exploit-code/
BleepingComputer
Microsoft fixes Surface Pro 3 TPM bypass with public exploit code
Microsoft has patched a security feature bypass vulnerability impacting Surface Pro 3 tablets that enables threat actors to introduce malicious devices within enterprise environments.
New Karma ransomware group likely a Nemty rebrand
Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang. [...]
https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/
Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang. [...]
https://www.bleepingcomputer.com/news/security/new-karma-ransomware-group-likely-a-nemty-rebrand/
BleepingComputer
New Karma ransomware group likely a Nemty rebrand
Threat analysts at Sentinel Labs have found evidence of the Karma ransomware being just another evolutionary step in the strain that started as JSWorm, became Nemty, then Nefilim, Fusion, Milihpen, and most recently, Gangbang.
FBI warns of fake govt sites used to steal financial, personal data
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/
BleepingComputer
FBI warns of fake govt sites used to steal financial, personal data
The FBI warned the US public that threat actors actively use fake and spoofed unemployment benefit websites to harvest sensitive financial and personal information from unsuspecting victims.
Man gets 7 years in prison for hacking 65K health care employees
Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC). [...]
https://www.bleepingcomputer.com/news/security/man-gets-7-years-in-prison-for-hacking-65k-health-care-employees/
Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seen years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC). [...]
https://www.bleepingcomputer.com/news/security/man-gets-7-years-in-prison-for-hacking-65k-health-care-employees/
BleepingComputer
Man gets 7 years in prison for hacking 65K health care employees
Justin Sean Johnson, also known as TheDearthStar and Dearthy Star, was sentenced this week to seven years in prison for the 2014 hack of the health care provider and insurer University of Pittsburgh Medical Center (UPMC).
China's VPN market now open to foreign investment
The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country. [...]
https://www.bleepingcomputer.com/news/government/chinas-vpn-market-now-open-to-foreign-investment/
The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country. [...]
https://www.bleepingcomputer.com/news/government/chinas-vpn-market-now-open-to-foreign-investment/
BleepingComputer
China's VPN market now open to foreign investment
The central government of China in Beijing has announced a decision to allow foreign entities to invest in the ownership of VPN (virtual private network) services in the country.
LightBasin hacking group breaches 13 global telecoms in two years
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. [...]
https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years. [...]
https://www.bleepingcomputer.com/news/security/lightbasin-hacking-group-breaches-13-global-telecoms-in-two-years/
BleepingComputer
LightBasin hacking group breaches 13 global telecoms in two years
A group of hackers that security researchers call LightBasin has been compromising mobile telecommunication systems across the world for the past five years.
BlackByte ransomware decryptor released to recover files for free
A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free. [...]
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-decryptor-released-to-recover-files-for-free/
A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free. [...]
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-decryptor-released-to-recover-files-for-free/
BleepingComputer
BlackByte ransomware decryptor released to recover files for free
A free decryptor for the BlackByte ransomware has been released, allowing past victims to recover their files for free.
About 26% of all malicious JavaScript threats are obfuscated
A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis. [...]
https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/
A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis. [...]
https://www.bleepingcomputer.com/news/security/about-26-percent-of-all-malicious-javascript-threats-are-obfuscated/
BleepingComputer
About 26% of all malicious JavaScript threats are obfuscated
A research that analyzed over 10,000 samples of diverse malicious software written in JavaScript concluded that roughly 26% of it is obfuscated to evade detection and analysis.
Acer hacked twice in a week by the same threat actor
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. [...]
https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable. [...]
https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/
BleepingComputer
Acer hacked twice in a week by the same threat actor
Acer has suffered a second cyberattack in just a week by the same hacking group that says other regions are vulnerable.
Brave ditches Google for its own privacy-centric search engine
Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions. [...]
https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/
Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions. [...]
https://www.bleepingcomputer.com/news/software/brave-ditches-google-for-its-own-privacy-centric-search-engine/
BleepingComputer
Brave ditches Google for its own privacy-centric search engine
Brave Browser has replaced Google with its own no-tracking privacy-centric Brave Search as the default search engine for new users in five regions.
Zerodium wants zero-day exploits for Windows VPN clients
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. [...]
https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market. [...]
https://www.bleepingcomputer.com/news/security/zerodium-wants-zero-day-exploits-for-windows-vpn-clients/
BleepingComputer
Zerodium wants zero-day exploits for Windows VPN clients
In a short tweet today, exploit broker Zerodium said that it is looking to acquire zero-day exploits for vulnerabilities in three popular virtual private network (VPN) service providers on the market.
Newer PurpleFox botnet variants leverage WebSockets for coms
The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. [...]
https://www.bleepingcomputer.com/news/security/newer-purplefox-botnet-variants-leverage-websockets-for-coms/
The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication. [...]
https://www.bleepingcomputer.com/news/security/newer-purplefox-botnet-variants-leverage-websockets-for-coms/
BleepingComputer
Newer PurpleFox botnet variants leverage WebSockets for coms
The PurpleFox botnet has refreshed its arsenal with new vulnerability exploits and dropped payloads, now also leveraging WebSockets for C2 bidirectional communication.
Microsoft 365 will get enhanced insider risk management tools
Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-enhanced-insider-risk-management-tools/
Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-enhanced-insider-risk-management-tools/
BleepingComputer
Microsoft 365 will get enhanced insider risk management tools
Microsoft is updating Microsoft 365 to allow admins to better manage insider security threats in their environments with improvements to risky activity detection and visibility.
New Gummy Browser attack lets hackers spoof tracking profiles
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have. [...]
https://www.bleepingcomputer.com/news/security/new-gummy-browser-attack-lets-hackers-spoof-tracking-profiles/
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have. [...]
https://www.bleepingcomputer.com/news/security/new-gummy-browser-attack-lets-hackers-spoof-tracking-profiles/
BleepingComputer
New Gummy Browsers attack lets hackers spoof tracking profiles
University researchers in the US have developed a new fingerprint capturing and browser spoofing attack called Gummy Browsers. They warn how easy the attack is to carry out and the severe implications it can have.
Google: YouTubersβ accounts hijacked with cookie-stealing malware
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019. [...]
https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019. [...]
https://www.bleepingcomputer.com/news/security/google-youtubers-accounts-hijacked-with-cookie-stealing-malware/
BleepingComputer
Google: YouTubersβ accounts hijacked with cookie-stealing malware
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors since at least late 2019.