Microsoft: Windows Autopatch now available for public preview

Microsoft has announced this week that Windows Autopatch, a service to automatically keep Windows and Microsoft 365 software up to date in enterprise environments, has now reached public preview. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-autopatch-now-available-for-public-preview/

Evasive phishing mixes reverse tunnels and URL shortening services

Security researchers are seeing an uptick in the use of reverse tunnel services along with URL shorteners​​​​​​​ for large-scale phishing campaigns, making the malicious activity more difficult to stop. [...]

https://www.bleepingcomputer.com/news/security/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/

Exploit released for Atlassian Confluence RCE bug, patch now

Proof-of-concept exploits for the actively exploited critical CVE-2022-26134 vulnerability impacting Atlassian Confluence and Data Center servers have been widely released this weekend. [...]

https://www.bleepingcomputer.com/news/security/exploit-released-for-atlassian-confluence-rce-bug-patch-now/

Italian city of Palermo shuts down all systems to fend off cyberattack

The municipality of Palermo in Southern Italy suffered a cyberattack on Friday, which appears to have had a massive impact on a broad range of operations and services to both citizens and visiting tourists. [...]

https://www.bleepingcomputer.com/news/security/italian-city-of-palermo-shuts-down-all-systems-to-fend-off-cyberattack/

Windows zero-day exploited in US local govt phishing attacks

European governments and US local governments were the targets of a phishing campaign using malicious Rich Text Format (RTF) documents designed to exploit a critical Windows zero-day vulnerability known as Follina. [...]

https://www.bleepingcomputer.com/news/security/windows-zero-day-exploited-in-us-local-govt-phishing-attacks/

Ransomware gangs now give victims time to save their reputation

Threat analysts have observed an unusual trend in ransomware group tactics, reporting that initial phases of victim extortion are becoming less open to the public as the actors tend to use hidden or anonymous entries. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-give-victims-time-to-save-their-reputation/

Microsoft bug banned Rewards accounts when redeeming points

Microsoft has fixed a bug where the Microsoft Rewards accounts of customers who redeemed points would get suspended without warning. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-bug-banned-rewards-accounts-when-redeeming-points/

Mandiant: “No evidence” we were hacked by LockBit ransomware

American cybersecurity firm Mandiant is investigating LockBit ransomware gang's claims that they hacked the company's network and stole data. [...]

https://www.bleepingcomputer.com/news/security/mandiant-no-evidence-we-were-hacked-by-lockbit-ransomware/

QBot now pushes Black Basta ransomware in bot-powered attacks

The Black Basta ransomware gang has partnered with the QBot malware operation to spread laterally through hacked corporate environments. [...]

https://www.bleepingcomputer.com/news/security/qbot-now-pushes-black-basta-ransomware-in-bot-powered-attacks/

Latest news and stories from BleepingComputer.com
Android June 2022 updates bring fix for critical RCE vulnerability

Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. [...]

Android June 2022 updates bring fix for critical RCE vulnerability

Google has released the June 2022 security updates for Android devices running OS versions 10, 11, and 12, fixing 41 vulnerabilities, five rated critical. [...]

https://www.bleepingcomputer.com/news/security/android-june-2022-updates-bring-fix-for-critical-rce-vulnerability/

Why Netflix isn't the Only One Bummed About Password Sharing

Carnegie Mellen found that as much as 28% of end-users willingly share passwords with others, and a Specops study found that of those who share passwords 21% of people don't know who else their password has been shared with. That's a lot of sharing going on. [...]

https://www.bleepingcomputer.com/news/security/why-netflix-isnt-the-only-one-bummed-about-password-sharing/

Shields Health Care Group data breach affects 2 million patients

Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data. [...]

https://www.bleepingcomputer.com/news/security/shields-health-care-group-data-breach-affects-2-million-patients/

Latest news and stories from BleepingComputer.com
Why Netflix isn't the Only One Bummed About Password Sharing

Carnegie Mellen found that as much as 28% of end-users willingly share passwords with others, and a Specops study found that of those who share passwords 21% of people don't know who else their password has been shared with. That's a lot of sharing going on. [...]

Latest news and stories from BleepingComputer.com
Shields Health Care Group data breach affects 2 million patients

Shields Health Care Group (Shields) suffered a data breach that exposed the data of approximately 2,000,000 people in the United States after hackers breached their network and stole data. [...]

Latest news and stories from BleepingComputer.com
Online gun shops in the US hacked to steal credit cards

Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [...]

Latest news and stories from BleepingComputer.com
Two-year-old Windows DIAGCAB zero-day gets unofficial patches

Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform.  [...]

Online gun shops in the US hacked to steal credit cards

Rainier Arms and Numrich Gun Parts, two American gun shops that operate e-commerce sites on rainierarms.com and gunpartscorp.com, have disclosed data breach incidents resulting from card skimmer infections on their sites. [...]

https://www.bleepingcomputer.com/news/security/online-gun-shops-in-the-us-hacked-to-steal-credit-cards/

Two-year-old Windows DIAGCAB zero-day gets unofficial patches

Free unofficial patches for a new Windows zero-day vulnerability in the Microsoft Support Diagnostic Tool (MSDT) have been released today through the 0patch platform.  [...]

https://www.bleepingcomputer.com/news/security/two-year-old-windows-diagcab-zero-day-gets-unofficial-patches/

Windows 11 22H2 closer to release, lands in the Release channel

Microsoft has moved Windows 11, version 22H2, to the Windows Insider Release channel, indicating that it is in its final round of testing before it's likely released this fall. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-22h2-closer-to-release-lands-in-the-release-channel/

Linux version of Black Basta ransomware targets VMware ESXi servers

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. [...]

https://www.bleepingcomputer.com/news/security/linux-version-of-black-basta-ransomware-targets-vmware-esxi-servers/