Israel warns of BiBi wiper attacks targeting Linux and Windows

Data-wiping attacks are becoming more frequent on Israeli computers as researchers discovered variants of the BiBi malware family that destroys data on both Linux and Windows systems. [...]

https://www.bleepingcomputer.com/news/security/israel-warns-of-bibi-wiper-attacks-targeting-linux-and-windows/

 CISA warns of actively exploited Juniper pre-auth RCE exploit chain

CISA warned federal agencies today to secure Juniper devices on their networks by Friday against four vulnerabilities now used in remote code execution (RCE) attacks as part of a pre-auth exploit chain. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-juniper-pre-auth-rce-exploit-chain/

 DP World cyberattack blocks thousands of containers in ports

A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports. [...]

https://www.bleepingcomputer.com/news/security/dp-world-cyberattack-blocks-thousands-of-containers-in-ports/

 FBI: Royal ransomware asked 350 victims to pay $275 million

The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022. [...]

https://www.bleepingcomputer.com/news/security/fbi-royal-ransomware-asked-350-victims-to-pay-275-million/

 Ethereum feature abused to steal $60 million from 99K victims

Malicious actors have been abusing Ethereum's 'Create2' function to bypass wallet security alerts and poison cryptocurrency addresses, which led to stealing $60,000,000 worth of cryptocurrency from 99,000 people in six months. [...]

https://www.bleepingcomputer.com/news/security/ethereum-feature-abused-to-steal-60-million-from-99k-victims/

 Meet the Unique New "Hacking" Group: AlphaLock

A Russian hacking group known as AlphaLock is launching a "pentest" marketplace and training platform to empower a new generation of threat actors. Learn more from Flare about the new hacking group. [...]

https://www.bleepingcomputer.com/news/security/meet-the-unique-new-hacking-group-alphalock/

 Pharmacy provider Truepill data breach hits 2.3 million customers

Postmeds, doing business as 'Truepill,' is sending notifications of a data breach informing recipients that threat actors accessed their sensitive personal information. [...]

https://www.bleepingcomputer.com/news/security/pharmacy-provider-truepill-data-breach-hits-23-million-customers/

 Windows 10 KB5032189 update released with 11 improvements

Microsoft has released the KB5032189 cumulative update for Windows 10 21H2 and Windows 10 22H2, which contains eleven fixes for various issues. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5032189-update-released-with-11-improvements/

 Windows 11 KB5032190 update enables Moment 4 features for everyone

Microsoft has released the KB5032190 cumulative update to fix security vulnerabilities in Windows 11. This is the first Patch Tuesday update with access to Windows 11 Moment 4 features, provided you turn on the "Get latest updates" toggle. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5032190-update-enables-moment-4-features-for-everyone/

 Microsoft fixes critical Azure CLI flaw that leaked credentials in logs

Microsoft has fixed a critical security vulnerability that could let attackers steal credentials from GitHub Actions or Azure DevOps logs created using Azure CLI (short for Azure command-line interface). [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-azure-cli-flaw-that-leaked-credentials-in-logs/

 Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws

Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2023-patch-tuesday-fixes-5-zero-days-58-flaws/

 LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed

The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files. [...]

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-exploits-citrix-bleed-in-attacks-10k-servers-exposed/

 New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution. [...]

https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/

 VMware discloses critical VCD Appliance auth bypass with no patch

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. [...]

https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/

 New Reptar CPU flaw impacts Intel desktop and server systems

Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. [...]

https://www.bleepingcomputer.com/news/security/new-reptar-cpu-flaw-impacts-intel-desktop-and-server-systems/

 WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database. [...]

https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/

 IPStorm botnet with 23,000 proxies for malicious traffic dismantled

The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm. [...]

https://www.bleepingcomputer.com/news/security/ipstorm-botnet-with-23-000-proxies-for-malicious-traffic-dismantled/

 The OWASP Top 10: What They Are and How to Test Them

This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks. [...]

https://www.bleepingcomputer.com/news/security/the-owasp-top-10-what-they-are-and-how-to-test-them/

 Fraud researchers impersonated on X to push crypto-stealing sites

Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter). [...]

https://www.bleepingcomputer.com/news/security/fraud-researchers-impersonated-on-x-to-push-crypto-stealing-sites/

 PJ&A says cyberattack exposed data of nearly 9 million patients

PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. [...]

https://www.bleepingcomputer.com/news/security/pj-and-a-says-cyberattack-exposed-data-of-nearly-9-million-patients/

 FBI and CISA warn of opportunistic Rhysida ransomware attacks

The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. [...]

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-opportunistic-rhysida-ransomware-attacks/