Most SS7 exploit service providers on dark web are scammers

The existence of Signaling System 7 (SS7) mobile telephony protocol vulnerabilities is something security researchers warned about in 2016, and it only took a year before the first attacks exploiting them were observed. [...]

https://www.bleepingcomputer.com/news/security/most-ss7-exploit-service-providers-on-dark-web-are-scammers/

RedCurl corporate espionage hackers resume attacks with updated tools

A crew of highly-skilled hackers specialized in corporate espionage has resumed activity, one of their victims this year being a large wholesale company in Russia. [...]

https://www.bleepingcomputer.com/news/security/redcurl-corporate-espionage-hackers-resume-attacks-with-updated-tools/

FBI warns of APT group exploiting FatPipe VPN zero-day since May

The Federal Bureau of Investigation (FBI) warned of an advanced persistent threat (APT) compromising FatPipe router clustering and load balancer products to breach targets' networks. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-apt-group-exploiting-fatpipe-vpn-zero-day-since-may/

North Korean cyberspies target govt officials with custom malware

A state-sponsored North Korean threat actor tracked as TA406 was recently observed deploying custom info-stealing malware in espionage campaigns. [...]

https://www.bleepingcomputer.com/news/security/north-korean-cyberspies-target-govt-officials-with-custom-malware/

Glitch service abused to host short-lived phishing sites

Phishing actors are now actively abusing the Glitch platform to host short-lived credential-stealing URLs for free while evading detection and takedowns. [...]

https://www.bleepingcomputer.com/news/security/glitch-service-abused-to-host-short-lived-phishing-sites/

Microsoft increases Windows 11 rollout pace to Windows 10 devices

Microsoft has started rolling out the Windows 11 upgrade to more eligible Windows 10 devices faster after not detecting update experience issues during the first rollout phases. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-increases-windows-11-rollout-pace-to-windows-10-devices/

New Memento ransomware switches to WinRar after failing at encryption

A new ransomware group called Memento takes the unusual approach of locking files inside password-protected archives after their encryption method kept being detected by security software. [...]

https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/

Microsoft: Iranian state hackers increasingly target IT sector

Microsoft says Iranian-backed hacking groups have increasingly attempted to compromise IT services companies this year to steal credentials they could use to breach the systems of downstream clients. [...]

https://www.bleepingcomputer.com/news/security/microsoft-iranian-state-hackers-increasingly-target-it-sector/

Hackers deploy Linux malware, web skimmer on eCommerce servers

Security researchers discovered that attackers are also deploying a Linux backdoor on compromised e-commerce servers after injecting a credit card skimmer into online shops' websites. [...]

https://www.bleepingcomputer.com/news/security/hackers-deploy-linux-malware-web-skimmer-on-ecommerce-servers/

Winamp prepares a relaunch, new beta version almost ready

Winamp is getting closer to release with a redesigned website, logo, and a new beta signup allowing users to soon test the upcoming version of the media player. [...]

https://www.bleepingcomputer.com/news/software/winamp-prepares-a-relaunch-new-beta-version-almost-ready/

US indicts Iranian hackers for Proud Boys voter intimidation emails

The U.S. Department of State is offering a $10 million reward for information about the activities of two Iranian nationals charged for cyber activity intended to "intimidate and influence" American voters during the 2020 U.S. presidential campaign. [...]

https://www.bleepingcomputer.com/news/security/us-indicts-iranian-hackers-for-proud-boys-voter-intimidation-emails/

Android malware BrazKing returns as a stealthier banking trojan

​The BrazKing Android banking trojan has returned with dynamic banking overlays and a new implementation trick that enables it to operate without requesting risky permissions. [...]

https://www.bleepingcomputer.com/news/security/android-malware-brazking-returns-as-a-stealthier-banking-trojan/

Microsoft: Windows Installer breaks apps after updates, repairs

Microsoft has confirmed a new known issue impacting client and server Windows versions that breaks apps after updating or repairing them using the Windows Installer (previously known as Microsoft Installer). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-installer-breaks-apps-after-updates-repairs/

US regulators order banks to report cyberattacks within 3 days

US federal bank regulatory agencies have approved a new rule requiring banks to notify their primary federal regulators of significant computer-security incidents within 36 hours. [...]

https://www.bleepingcomputer.com/news/security/us-regulators-order-banks-to-report-cyberattacks-within-3-days/

Six million Sky routers exposed to takeover attacks for 17 months

Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers. [...]

https://www.bleepingcomputer.com/news/security/six-million-sky-routers-exposed-to-takeover-attacks-for-17-months/

Utah medical center hit by data breach affecting 582k patients

Utah Imaging Associates (UIA), a Utah-based radiology center, has announced a data breach affecting 582,170 people after their personal information was exposed. [...]

https://www.bleepingcomputer.com/news/security/utah-medical-center-hit-by-data-breach-affecting-582k-patients/

Microsoft Authenticator gets new enterprise security features

Microsoft has added new security features for Microsoft Authenticator users that further secure the app and make it easier to roll out in enterprise environments. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-authenticator-gets-new-enterprise-security-features/

Fake TSA PreCheck sites scam US travelers with fake renewals

There has been a surge in reports of people getting scammed after visiting TSA PreCheck, Global Entry, and NEXUS application service sites, being charged $140 only to get nothing in return. [...]

https://www.bleepingcomputer.com/news/security/fake-tsa-precheck-sites-scam-us-travelers-with-fake-renewals/

New Windows 11 build fixes Microsoft Installer issue breaking apps

Microsoft has fixed a recently confirmed Windows 11 issue in a newly released build for Windows Insiders in the Beta and Release Preview channels. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-11-build-fixes-microsoft-installer-issue-breaking-apps/

Emotet botnet comeback hatched by ex-Ryuk member now part of Conti gang

The Emotet botnet is back by popular demand, resurrected by its former operator convinced by ex-members of the Ryuk ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/emotet-botnet-comeback-hatched-by-ex-ryuk-member-now-part-of-conti-gang/

Some Tesla owners unable to unlock cars due to server errors

Some Tesla owners worldwide are unable to unlock their cars or communicate with it using the app due to problems with the company's servers. [...]

https://www.bleepingcomputer.com/news/technology/some-tesla-owners-unable-to-unlock-cars-due-to-server-errors/