Hackers now use ‘sock puppets’ for more realistic phishing attacks

An Iranian-aligned hacking group uses a new, elaborate phishing technique involving multiple personas and email accounts to lure targets into opening malicious documents. [...]

https://www.bleepingcomputer.com/news/security/hackers-now-use-sock-puppets-for-more-realistic-phishing-attacks/

Latest news and stories from BleepingComputer.com
Hackers now use ‘sock puppets’ for more realistic phishing attacks

An Iranian-aligned hacking group uses a new, elaborate phishing technique involving multiple personas and email accounts to lure targets into opening malicious documents. [...]

Latest news and stories from BleepingComputer.com
Windows Terminal gets support for creating custom themes

Microsoft released a new Windows Terminal version today that adds a long-awaited feature, making it possible to create and use custom themes. [...]

Latest news and stories from BleepingComputer.com
Windows 10 KB5017308 and KB5017315 updates released

Microsoft has released the Windows 10 KB5017308 and KB5017315 cumulative updates for versions 21H2, version 21H1, version 20H2, and 1809 to fix security vulnerabilities and resolves twenty bugs and performance issues. [...]

Latest news and stories from BleepingComputer.com
Microsoft September 2022 Patch Tuesday fixes zero-day used in attacks, 63 flaws

Today is Microsoft's September 2022 Patch Tuesday, and with it comes fixes for an actively exploited Windows vulnerability and a total of 63 flaws. [...]

Latest news and stories from BleepingComputer.com
Tax fraud ring leader jailed for selling children’s stolen identities

The owner of a fraudulent tax preparation business, Ariel Jimenez, was sentenced to 12 years in prison for selling the stolen identities of children on welfare and helping "customers" to falsely claim tax credits, causing tens of millions of dollars in tax loss. [...]

Latest news and stories from BleepingComputer.com
Police arrest man for laundering tens of millions in stolen crypto

The Dutch police arrested a 39-year-old man on suspicions of laundering tens of millions of euros worth of cryptocurrency stolen in phishing attacks. [...]

Latest news and stories from BleepingComputer.com
Cyberspies drop new infostealer malware on govt networks in Asia

Security researchers have identified new cyber-espionage activity focusing on government entities in Asia, as well as state-owned aerospace and defense firms, telecom companies, and IT organizations. [...]

Latest news and stories from BleepingComputer.com
Chinese state hackers create Linux variant for SideWalk backdoor

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. [...]

 Chinese hackers create Linux version of the SideWalk Windows malware

State-backed Chinese hackers have developed a Linux variant for the SideWalk backdoor used against Windows systems belonging to targets in the academic sector. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-create-linux-version-of-the-sidewalk-windows-malware/

 Securing your IoT devices against cyber attacks in 5 steps

How is IoT being used in the enterprise, and how can it be secured? We will demonstrate important security best practices and how a secure password policy is paramount to the security of devices. [...]

https://www.bleepingcomputer.com/news/security/securing-your-iot-devices-against-cyber-attacks-in-5-steps/

 Phishing page embeds keylogger to steal passwords as you type

A novel phishing campaign is underway, targeting Greeks with phishing sites that mimic the state's official tax refund platform and steal credentials as they type them. [...]

https://www.bleepingcomputer.com/news/security/phishing-page-embeds-keylogger-to-steal-passwords-as-you-type/

 Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. [...]

https://www.bleepingcomputer.com/news/security/microsoft-teams-stores-auth-tokens-as-cleartext-in-windows-linux-macs/

 US govt sanctions ten Iranians linked to ransomware attacks

The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks. [...]

https://www.bleepingcomputer.com/news/security/us-govt-sanctions-ten-iranians-linked-to-ransomware-attacks/

Latest news and stories from BleepingComputer.com
CISA orders agencies to patch Windows, iOS bugs used in attacks

CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs. [...]

Latest news and stories from BleepingComputer.com
US govt sanctions ten Iranians linked to ransomware attacks

The Treasury Department's Office of Foreign Assets Control (OFAC) announced sanctions today against ten individuals and two entities affiliated with Iran's Islamic Revolutionary Guard Corps (IRGC) for their involvement in ransomware attacks. [...]

 CISA orders agencies to patch Windows, iOS bugs used in attacks

CISA added two new vulnerabilities to its list of security bugs exploited in the wild today, including a Windows privilege escalation vulnerability and an arbitrary code execution flaw affecting iPhones and Macs. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-windows-ios-bugs-used-in-attacks/

 New Lenovo BIOS updates fix security bugs in hundreds of models

Chinese computer manufacturer Lenovo has issued a security advisory to warn its clients about several high-severity vulnerabilities impacting a wide range of products in the Desktop, All in One, Notebook, ThinkPad, ThinkServer, and ThinkStation lines. [...]

https://www.bleepingcomputer.com/news/security/new-lenovo-bios-updates-fix-security-bugs-in-hundreds-of-models/

 Death of Queen Elizabeth II exploited to steal Microsoft credentials

Threat actors are exploiting the death of Queen Elizabeth II in phishing attacks to lure their targets to malicious sites designed to steal their Microsoft account credentials. [...]

https://www.bleepingcomputer.com/news/security/death-of-queen-elizabeth-ii-exploited-to-steal-microsoft-credentials/

 Gay hookup site typosquatted by 50 domains to push dodgy Chrome extensions

Gay hookup and cruising web app Sniffies is being impersonated by opportunistic threat actors hoping to target the website's users with many typosquatting domains that push scams and dubious Google Chrome extensions. In some cases, these illicit domains launch the Apple Music app prompting users to buy a subscription. [...]

https://www.bleepingcomputer.com/news/security/gay-hookup-site-typosquatted-by-50-domains-to-push-dodgy-chrome-extensions/

 Microsoft 365 now auto-updates apps on locked or idle devices

Microsoft says customers will see fewer Microsoft 365 update notifications because Office apps will update automatically while their computers are locked or idle. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-365-now-auto-updates-apps-on-locked-or-idle-devices/