277,000 routers exposed to Eternal Silence attacks via UPnP
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. [...]
https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors. [...]
https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/
BleepingComputer
277,000 routers exposed to Eternal Silence attacks via UPnP
A malicious campaign known as 'Eternal Silence' is abusing Universal Plug and Play (UPnP) turns your router into a proxy server used to launch malicious attacks while hiding the location of the threat actors.
Russian 'Gamaredon' hackers use 8 new malware payloads in attacks
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities. [...]
https://www.bleepingcomputer.com/news/security/russian-gamaredon-hackers-use-8-new-malware-payloads-in-attacks/
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities. [...]
https://www.bleepingcomputer.com/news/security/russian-gamaredon-hackers-use-8-new-malware-payloads-in-attacks/
BleepingComputer
Russian 'Gamaredon' hackers use 8 new malware payloads in attacks
The Russia-linked hackers known as 'Gamaredon' (aka Armageddon or Shuckworm) were spotted deploying eight custom binaries in cyber-espionage operations against Ukrainian entities.
Microsoft Office 365 to add better protection for priority accounts
Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers). [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-to-add-better-protection-for-priority-accounts/
Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often targeted by attackers). [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-365-to-add-better-protection-for-priority-accounts/
BleepingComputer
Microsoft Office 365 to add better protection for priority accounts
Microsoft is working on updating Microsoft Defender for Office 365 with differentiated protection for enterprise accounts tagged as critical for an organization (i.e., accounts of high-profile employees including executive-level managers, the ones most often…
CISA adds 8 vulnerabilities to list of actively exploited bugs
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. [...]
https://www.bleepingcomputer.com/news/security/cisa-adds-8-vulnerabilities-to-list-of-actively-exploited-bugs/
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new. [...]
https://www.bleepingcomputer.com/news/security/cisa-adds-8-vulnerabilities-to-list-of-actively-exploited-bugs/
BleepingComputer
CISA adds 8 vulnerabilities to list of actively exploited bugs
The US Cybersecurity & Infrastructure Security Agency (CISA) has added eight more flaws to its catalog of exploited vulnerabilities that are known to be used in attacks, and they're a mix of old and new.
👍1
QNAP: DeadBolt ransomware exploits a bug patched in December
Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks. [...]
https://www.bleepingcomputer.com/news/security/qnap-deadbolt-ransomware-exploits-a-bug-patched-in-december/
Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks. [...]
https://www.bleepingcomputer.com/news/security/qnap-deadbolt-ransomware-exploits-a-bug-patched-in-december/
BleepingComputer
QNAP: DeadBolt ransomware exploits a bug patched in December
Taiwan-based network-attached storage (NAS) maker QNAP urges customers to enable firmware auto-updating on their devices to defend against active attacks.
600K WordPress sites impacted by critical plugin RCE vulnerability
Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. [...]
https://www.bleepingcomputer.com/news/security/600k-wordpress-sites-impacted-by-critical-plugin-rce-vulnerability/
Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older. [...]
https://www.bleepingcomputer.com/news/security/600k-wordpress-sites-impacted-by-critical-plugin-rce-vulnerability/
BleepingComputer
600K WordPress sites impacted by critical plugin RCE vulnerability
Essential Addons for Elementor, a popular WordPress plugin used in over a million sites, has been found to have a critical remote code execution (RCE) vulnerability in version 5.0.4 and older.
Samba bug can let remote attackers execute code as root
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. [...]
https://www.bleepingcomputer.com/news/security/samba-bug-can-let-remote-attackers-execute-code-as-root/
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software. [...]
https://www.bleepingcomputer.com/news/security/samba-bug-can-let-remote-attackers-execute-code-as-root/
BleepingComputer
Samba bug can let remote attackers execute code as root
Samba has addressed a critical severity vulnerability that can let attackers gain remote code execution with root privileges on servers running vulnerable software.
Microsoft PowerToys adds Mouse and File Explorer utilities
Microsoft has updated PowerToys with three new utilities, including a new mouse crosshair tool to quickly find the pointer on the screen and two new File Explorer add-ons. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-powertoys-adds-mouse-and-file-explorer-utilities/
Microsoft has updated PowerToys with three new utilities, including a new mouse crosshair tool to quickly find the pointer on the screen and two new File Explorer add-ons. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-powertoys-adds-mouse-and-file-explorer-utilities/
BleepingComputer
Microsoft PowerToys adds Mouse and File Explorer utilities
Microsoft has updated PowerToys with three new utilities, including a new mouse crosshair tool to quickly find the pointer on the screen and two new File Explorer add-ons.
👍2
FBI warns of 2022 Beijing Olympics cyberattack, privacy risks
The Federal Bureau of Investigation (FBI) warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. However, evidence of such attacks being planned is yet to be uncovered. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-2022-beijing-olympics-cyberattack-privacy-risks/
The Federal Bureau of Investigation (FBI) warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. However, evidence of such attacks being planned is yet to be uncovered. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-2022-beijing-olympics-cyberattack-privacy-risks/
BleepingComputer
FBI warns of 2022 Beijing Olympics cyberattack, privacy risks
The Federal Bureau of Investigation (FBI) warned today that threat actors could potentially target the February 2022 Beijing Winter Olympics and March 2022 Paralympics. However, evidence of such attacks being planned is yet to be uncovered.
MuddyWater hacking group targets Turkey in new campaign
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions. [...]
https://www.bleepingcomputer.com/news/security/muddywater-hacking-group-targets-turkey-in-new-campaign/
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions. [...]
https://www.bleepingcomputer.com/news/security/muddywater-hacking-group-targets-turkey-in-new-campaign/
BleepingComputer
MuddyWater hacking group targets Turkey in new campaign
The Iranian-backed MuddyWater hacking group is conducting a new malicious campaign targeting private Turkish organizations and governmental institutions.
Telco fined €9 million for hiding cyberattack impact to customers
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures. [...]
https://www.bleepingcomputer.com/news/security/telco-fined-9-million-for-hiding-cyberattack-impact-to-customers/
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures. [...]
https://www.bleepingcomputer.com/news/security/telco-fined-9-million-for-hiding-cyberattack-impact-to-customers/
BleepingComputer
Telco fined €9 million for hiding cyberattack impact from customers
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures.
German petrol supply firm Oiltanking paralyzed by cyber attack
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. [...]
https://www.bleepingcomputer.com/news/security/german-petrol-supply-firm-oiltanking-paralyzed-by-cyber-attack/
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations. [...]
https://www.bleepingcomputer.com/news/security/german-petrol-supply-firm-oiltanking-paralyzed-by-cyber-attack/
BleepingComputer
German petrol supply firm Oiltanking paralyzed by cyber attack
Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.
British Council exposed more than 100,000 files with student records
More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob found on the internet by cybersecurity firm revealed student IDs, names, usernames and email addresses, and other personal information. [...]
https://www.bleepingcomputer.com/news/security/british-council-exposed-more-than-100-000-files-with-student-records/
More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob found on the internet by cybersecurity firm revealed student IDs, names, usernames and email addresses, and other personal information. [...]
https://www.bleepingcomputer.com/news/security/british-council-exposed-more-than-100-000-files-with-student-records/
BleepingComputer
British Council exposed more than 100,000 files with student records
More than 100,000 files with student records belonging to British Council were found exposed online. An unsecured Microsoft Azure blob found on the internet by cybersecurity firm revealed student IDs, names, usernames and email addresses, and other personal…
Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. [...]
https://www.bleepingcomputer.com/news/security/powerful-new-oski-variant-mars-stealer-grabbing-2fas-and-crypto/
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020. [...]
https://www.bleepingcomputer.com/news/security/powerful-new-oski-variant-mars-stealer-grabbing-2fas-and-crypto/
BleepingComputer
Powerful new Oski variant ‘Mars Stealer’ grabbing 2FAs and crypto
A new and powerful malware named 'Mars Stealer' has appeared in the wild, and appears to be a redesign of the Oski malware that shut down development abruptly in the summer of 2020.
Cyberspies linked to Memento ransomware use new PowerShell malware
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...]
https://www.bleepingcomputer.com/news/security/cyberspies-linked-to-memento-ransomware-use-new-powershell-malware/
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell. [...]
https://www.bleepingcomputer.com/news/security/cyberspies-linked-to-memento-ransomware-use-new-powershell-malware/
BleepingComputer
Cyberspies linked to Memento ransomware use new PowerShell malware
An Iranian state-backed hacking group tracked as APT35 (aka Phosphorus or Charming Kitten) is now deploying a new backdoor called PowerLess and developed using PowerShell.
Microsoft Defender now detects Android and iOS vulnerabilities
Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-now-detects-android-and-ios-vulnerabilities/
Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-now-detects-android-and-ios-vulnerabilities/
BleepingComputer
Microsoft Defender now detects Android and iOS vulnerabilities
Microsoft says threat and vulnerability management support for Android and iOS has reached general availability in Microsoft Defender for Endpoint, the company's enterprise endpoint security platform.
Telco fined €9 million for hiding cyberattack impact to customers
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures. [...]
https://www.bleepingcomputer.com/news/security/telco-fined-9-million-for-hiding-cyberattack-impact-to-customers/
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures. [...]
https://www.bleepingcomputer.com/news/security/telco-fined-9-million-for-hiding-cyberattack-impact-to-customers/
BleepingComputer
Telco fined €9 million for hiding cyberattack impact from customers
The Greek data protection supervisory authority has imposed fines of 5,850,000 EUR ($6.55 million) to COSMOTE and 3,250,000 EUR ($3.65 million) to OTE, for leaking sensitive customer communication data due to insufficient security measures.
Cloudflare launches a paid public bug bounty program
[...]
https://www.bleepingcomputer.com/news/technology/cloudflare-launches-a-paid-public-bug-bounty-program/
[...]
https://www.bleepingcomputer.com/news/technology/cloudflare-launches-a-paid-public-bug-bounty-program/
BleepingComputer
Cloudflare launches a paid public bug bounty program
Cloudflare, an American company focused on web infrastructure and website security, has announced the launch of a new public bug bounty program.
Malicious CSV text files used to install BazarBackdoor malware
A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware. [...]
https://www.bleepingcomputer.com/news/security/malicious-csv-text-files-used-to-install-bazarbackdoor-malware/
A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware. [...]
https://www.bleepingcomputer.com/news/security/malicious-csv-text-files-used-to-install-bazarbackdoor-malware/
BleepingComputer
Malicious CSV text files used to install BazarBackdoor malware
A new phishing campaign is using specially crafted CSV text files to infect users' devices with the BazarBackdoor malware.
🤯1
FBI warns of fake job postings used to steal money, personal info
Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-job-postings-used-to-steal-money-personal-info/
Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-job-postings-used-to-steal-money-personal-info/
BleepingComputer
FBI warns of fake job postings used to steal money, personal info
Scammers are trying to steal job seekers' money and personal information through phishing campaigns using fake advertisements posted on recruitment platforms.
UEFI firmware vulnerabilities affect at least 25 computer vendors
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [...]
https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer. [...]
https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors/
BleepingComputer
UEFI firmware vulnerabilities affect at least 25 computer vendors
Researchers from firmware protection company Binarly have discovered critical vulnerabilities in the UEFI firmware from InsydeH2O used by multiple computer vendors such as Fujitsu, Intel, AMD, Lenovo, Dell, ASUS, HP, Siemens, Microsoft, and Acer.