Latest news and stories from BleepingComputer.com
CISA warns orgs of WatchGuard bug exploited by Russian state hackers

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances. [...]

Latest news and stories from BleepingComputer.com
Third npm protestware: 'event-source-polyfill' calls Russia out

Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. Most recently, the developer of the 'event-source-polyfill' npm package peacefully protested Russia's "unreasonable invasion" of Ukraine, to Russian consumers. [...]

Latest news and stories from BleepingComputer.com
Sandworm hackers fail to take down Ukrainian energy provider

The Russian state-sponsored hacking group known as Sandworm tried on Friday to take down a large Ukrainian energy provider by disconnecting its electrical substations with a new variant of the Industroyer malware for industrial control systems (ICS) and a new version of the CaddyWiper data destruction malware. [...]

Latest news and stories from BleepingComputer.com
LockBit ransomware gang lurked in a U.S. gov network for months

Threat analysts have found evidence of malicious actors using the LockBit ransomware strain lingering in the network of a regional U.S. government agency for at least five months. [...]

Latest news and stories from BleepingComputer.com
RaidForums hacking forum seized by police, owner arrested

The RaidForums hacker forum, used mainly for trading and selling stolen databases, has been shut down and its domain seized by U.S. law enforcement during Operation TOURNIQUET, an action coordinated by Europol that involved law enforcement agencies in several countries. [...]

Latest news and stories from BleepingComputer.com
Critical HP Teradici PCoIP flaws impact 15 million endpoints

HP is warning of new critical security vulnerabilities in the Teradici PCoIP client and agent for Windows, Linux, and macOS that impact 15 million endpoints. [...]

Latest news and stories from BleepingComputer.com
Microsoft: New malware uses Windows bug to hide scheduled tasks

Microsoft has discovered a new malware used by the Chinese-backed Hafnium hacking group to maintain persistence on compromised Windows systems by creating and hiding scheduled tasks. [...]

Latest news and stories from BleepingComputer.com
Windows 10 KB5012599 and KB5012591 updates released

Microsoft has released Windows 10 KB5012599 and KB5012591 cumulative updates for versions 21H2, version 21H1, version 20H2 and 1909 to fix security vulnerabilities and resolve bugs. [...]

Latest news and stories from BleepingComputer.com
Microsoft April 2022 Patch Tuesday fixes 119 flaws, 2 zero-days

Today is Microsoft's April 2022 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 119 flaws. [...]

Latest news and stories from BleepingComputer.com
Windows 11 KB5012592 update brings default browser improvements

Microsoft has released the Windows 11 KB5012592 cumulative update with security updates, quality improvements, and a fix that makes it easier to switch your default browser. [...]

Latest news and stories from BleepingComputer.com
Ransom DDoS attacks have dropped to record lows this year

Extortion denial-of-service activity, the so-called RDDoS (ransom distributed denial-of-service) attacks have taken a tumble in the first quarter of the year, according to recent statistics from Cloudflare. [...]

Latest news and stories from BleepingComputer.com
Microsoft: Windows Server now supports automatic .NET updates

Microsoft says Windows admins can now opt into automatic updates for .NET (.NET Core) via Microsoft Update (MU) on Windows Server systems. [...]

Latest news and stories from BleepingComputer.com
Ethereum dev imprisoned for helping North Korea evade sanctions

Virgil Griffith, a US cryptocurrency expert, was sentenced on Tuesday to 63 months in prison after pleading guilty to assisting the Democratic People's Republic of Korea (DPRK) with technical info on how to evade sanctions. [...]

Latest news and stories from BleepingComputer.com
Critical Apache Struts RCE vulnerability wasn't fully fixed, patch now

Apache has fixed a critical vulnerability in its vastly popular Struts project that was previously believed to have been resolved but, as it turns out, wasn't fully remedied. As such, CISA is urging users and administrators to upgrade to the latest, patched Struts 2 versions. [...]

Latest news and stories from BleepingComputer.com
Critical flaw in Elementor WordPress plugin may affect 500k sites

The authors of the Elementor Website Builder plugin for WordPress have just released version 3.6.3 to address a critical remote code execution flaw that may impact as many as 500,000 websites. [...]

Latest news and stories from BleepingComputer.com
New EnemyBot DDoS botnet recruits routers and IoTs into its army

A new Mirai-based botnet malware named Enemybot has been observed growing its army of infected devices through vulnerabilities in modems, routers, and IoT devices, with the threat actor operating it known as Keksec. [...]

Latest news and stories from BleepingComputer.com
3 Reasons Connected Devices are More Vulnerable than Ever

We are surrounded by billions of connected devices that contribute round-the-clock to practically every aspect of our lives - from transportation, to entertainment, to health and well-being. Here are the top three reasons why connected-device cybersecurity is more fragile than ever. [...]

Latest news and stories from BleepingComputer.com
Microsoft disrupts Zloader malware in global operation

A months-long global operation led by Microsoft's Digital Crimes Unit (DCU) has taken down dozens of domains used as command-and-control (C2) servers by the notorious ZLoader botnet. [...]

Latest news and stories from BleepingComputer.com
US warns of govt hackers targeting industrial control systems

A joint cybersecurity advisory issued by CISA, NSA, FBI, and the Department of Energy (DOE) warns of government-backed hacking groups being able to hijack multiple industrial devices using a new ICS-focused malware toolkit. [...]

Latest news and stories from BleepingComputer.com
Hackers exploit critical VMware CVE-2022-22954 bug, patch now

Security researchers have published various proof of concepts (PoCs) scripts for exploiting CVE-2022-22954 on social media and other channels, essentially enabling malicious actors to attack unpatched systems. [...]

Latest news and stories from BleepingComputer.com
New Fodcha DDoS botnet targets over 100 victims every day

A rapidly growing botnet is ensnaring routers, DVRs, and servers across the Internet to target more than 100 victims every day in distributed denial-of-service (DDoS) attacks. [...]