Hackers infect random WordPress plugins to steal credit cards

Credit card swipers are being injected into random plugins of e-commerce WordPress sites, hiding from detection while stealing customer payment details. [...]

https://www.bleepingcomputer.com/news/security/hackers-infect-random-wordpress-plugins-to-steal-credit-cards/

Microsoft: Secured-core servers help prevent ransomware attacks

Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-secured-core-servers-help-prevent-ransomware-attacks/

Windows 11 can now install WSL from the Microsoft Store

Microsoft has added the Windows Subsystem for Linux (WSL) as a separate app to the Microsoft Store with the release of Windows 11 Insider Preview Build 22518 to the Dev Channel. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-can-now-install-wsl-from-the-microsoft-store/

New Windows 11 Voice Access lets you control the OS with your voice

Windows 11 is getting a new "Voice Access" feature to control the operating system using your voice and a microphone. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-11-voice-access-lets-you-control-the-os-with-your-voice/

Amazon is shutting down web ranking site Alexa.com

Amazon announced on Wednesday plans to shut down its global website ranking system and competitor analysis tool "Alexa.com", which has been available for 25 years. [...]

https://www.bleepingcomputer.com/news/technology/amazon-is-shutting-down-web-ranking-site-alexacom/

Windows 'InstallerFileTakeOver' zero-day bug gets free micropatch

An unofficial patch is available for a zero-day vulnerability that is actively exploited in the wild to gain administrator privileges. [...]

https://www.bleepingcomputer.com/news/security/windows-installerfiletakeover-zero-day-bug-gets-free-micropatch/

Hundreds of thousands of MikroTik devices still vulnerable to botnets

Approximately 300,000 MikroTik routers are vulnerable to critical vulnerabilities that malware botnets can exploit for cryptomining and DDoS attacks. [...]

https://www.bleepingcomputer.com/news/security/hundreds-of-thousands-of-mikrotik-devices-still-vulnerable-to-botnets/

Fujitsu pins Japanese govt data breach on stolen ProjectWEB accounts

Fujitsu says the attackers behind the May data breach used a vulnerability in the company's ProjectWEB information-sharing tool to steal accounts from legitimate users and access proprietary data belonging to multiple Japanese government agencies. [...]

https://www.bleepingcomputer.com/news/security/fujitsu-pins-japanese-govt-data-breach-on-stolen-projectweb-accounts/

SanDisk SecureAccess bug allows brute forcing vault passwords

Western Digital has fixed a security vulnerability that enabled attackers to brute force SanDisk SecureAccess passwords and access the users' protected files. [...]

https://www.bleepingcomputer.com/news/security/sandisk-secureaccess-bug-allows-brute-forcing-vault-passwords/

Cox discloses data breach after hacker impersonates support agent

Cox Communications has disclosed a data breach after a hacker impersonated a support agent to gain access to customers' personal information. [...]

https://www.bleepingcomputer.com/news/security/cox-discloses-data-breach-after-hacker-impersonates-support-agent/

Microsoft previews new endpoint security solution for SMBs

Microsoft Defender for Business, a new endpoint security solution specially built for small and medium-sized businesses (SMBs), is now rolling out in preview worldwide. [...]

https://www.bleepingcomputer.com/news/security/microsoft-previews-new-endpoint-security-solution-for-smbs/

Microsoft, Google OAuth flaws can be abused in phishing attacks

Researchers have discovered a set of previously unknown methods to launch URL redirection attacks against weak OAuth 2.0 implementations. [...]

https://www.bleepingcomputer.com/news/security/microsoft-google-oauth-flaws-can-be-abused-in-phishing-attacks/

Dark Mirai botnet targeting RCE on popular TP-Link router

The botnet known as Dark Mirai (aka MANGA) has been observed exploiting a new vulnerability on the TP-Link TL-WR840N EU V5, a popular inexpensive home router released in 2017. [...]

https://www.bleepingcomputer.com/news/security/dark-mirai-botnet-targeting-rce-on-popular-tp-link-router/

Malicious Notepad++ installers push StrongPity malware

The sophisticated hacking group known as StrongPity is circulating laced Notepad++ installers that infect targets with malware. [...]

https://www.bleepingcomputer.com/news/security/malicious-notepad-plus-plus-installers-push-strongpity-malware/

ALPHV BlackCat - This year's most sophisticated ransomware

The new ALPHV ransomware operation, aka BlackCat, launched last month and could be the most sophisticated ransomware of the year, with a highly-customizable feature set allowing for attacks on a wide range of corporate environments. [...]

https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware/

Kali Linux 2021.4 released with 9 new tools, further Apple M1 support

​Kali Linux 2021.4 was released today by Offensive Security and includes further Apple M1 support, increased Samba compatibility, nine new tools, and an update for all three main desktop. [...]

https://www.bleepingcomputer.com/news/security/kali-linux-20214-released-with-9-new-tools-further-apple-m1-support/

Massive attack against 1.6 million WordPress sites underway

Wordfence analysts report having detected a massive wave of attacks in the last couple of days, originating from 16,000 IPs and targeting over 1.6 million WordPress sites. [...]

https://www.bleepingcomputer.com/news/security/massive-attack-against-16-million-wordpress-sites-underway/

New zero-day exploit for Log4j Java library is an enterprise nightmare

Proof-of-concept exploits for a critical zero-day vulnerability in the ubiquitous Apache Log4j Java-based logging library are currently being shared online, exposing home users and enterprises alike to remote code execution attacks. [...]

https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/

Data breach impacts 80,000 South Australian govt employees

The South Australian government has admitted that the personal details of tens of thousands of its employees were compromised following a cyber-attack on an external payroll software provider. [...]

https://www.bleepingcomputer.com/news/security/data-breach-impacts-80-000-south-australian-govt-employees/

New 'Karakurt' hacking group focuses on data theft and extortion

A sophisticated cybercrime group known as 'Karakurt' who has been quietly working from the shadows has had its tactics and procedures exposed by researchers who tracked recent cyberattacks conducted by the hackers. [...]

https://www.bleepingcomputer.com/news/security/new-karakurt-hacking-group-focuses-on-data-theft-and-extortion/

Australian govt raises alarm over Conti ransomware attacks

The Australian Cyber Security Centre (ACSC) says Conti ransomware attacks have targeted multiple Australian organizations from various industry verticals since November. [...]

https://www.bleepingcomputer.com/news/security/australian-govt-raises-alarm-over-conti-ransomware-attacks/