New CacheWarp AMD CPU attack lets hackers gain root in Linux VMs

A new software-based fault injection attack, CacheWarp, can let threat actors hack into AMD SEV-protected virtual machines by targeting memory writes to escalate privileges and gain remote code execution. [...]

https://www.bleepingcomputer.com/news/security/new-cachewarp-amd-cpu-attack-lets-hackers-gain-root-in-linux-vms/

 VMware discloses critical VCD Appliance auth bypass with no patch

VMware disclosed a critical and unpatched authentication bypass vulnerability affecting Cloud Director appliance deployments. [...]

https://www.bleepingcomputer.com/news/security/vmware-discloses-critical-vcd-appliance-auth-bypass-with-no-patch/

 New Reptar CPU flaw impacts Intel desktop and server systems

Intel has fixed a high-severity CPU vulnerability in its modern desktop, server, mobile, and embedded CPUs, including the latest Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. [...]

https://www.bleepingcomputer.com/news/security/new-reptar-cpu-flaw-impacts-intel-desktop-and-server-systems/

 WP Fastest Cache plugin bug exposes 600K WordPress sites to attacks

The WordPress plugin WP Fastest Cache is vulnerable to an SQL injection vulnerability that could allow unauthenticated attackers to read the contents of the site's database. [...]

https://www.bleepingcomputer.com/news/security/wp-fastest-cache-plugin-bug-exposes-600k-wordpress-sites-to-attacks/

 IPStorm botnet with 23,000 proxies for malicious traffic dismantled

The U.S. Department of Justive announced today that Federal Bureau of Investigation took down the network and infrastructure of a botnet proxy service called IPStorm. [...]

https://www.bleepingcomputer.com/news/security/ipstorm-botnet-with-23-000-proxies-for-malicious-traffic-dismantled/

 The OWASP Top 10: What They Are and How to Test Them

This article takes a deep dive into the OWASP Top 10 and advises on how to test your web applications for susceptibility to these security risks. [...]

https://www.bleepingcomputer.com/news/security/the-owasp-top-10-what-they-are-and-how-to-test-them/

 Fraud researchers impersonated on X to push crypto-stealing sites

Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter). [...]

https://www.bleepingcomputer.com/news/security/fraud-researchers-impersonated-on-x-to-push-crypto-stealing-sites/

 PJ&A says cyberattack exposed data of nearly 9 million patients

PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients. [...]

https://www.bleepingcomputer.com/news/security/pj-and-a-says-cyberattack-exposed-data-of-nearly-9-million-patients/

 FBI and CISA warn of opportunistic Rhysida ransomware attacks

The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors. [...]

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-opportunistic-rhysida-ransomware-attacks/

 Toronto Public Library confirms data stolen in ransomware attack

The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/toronto-public-library-confirms-data-stolen-in-ransomware-attack/

 Citrix Hypervisor gets hotfix for new Reptar Intel CPU flaw

Citrix has released hotfixes for two vulnerabilities impacting Citrix Hypervisor, one of them being the "Reptar" high-severity flaw that affects Intel CPUs for desktop and server systems. [...]

https://www.bleepingcomputer.com/news/security/citrix-hypervisor-gets-hotfix-for-new-reptar-intel-cpu-flaw/

 Microsoft fixes Windows Server VMs broken by October updates

Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/

 Samsung hit by new data breach impacting UK store customers

Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. [...]

https://www.bleepingcomputer.com/news/security/samsung-hit-by-new-data-breach-impacting-uk-store-customers/

 Ransomware gang files SEC complaint over victim’s undisclosed breach

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/

 How DDoS attacks are taking down even the largest tech companies

DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets. [...]

https://www.bleepingcomputer.com/news/security/how-ddos-attacks-are-taking-down-even-the-largest-tech-companies/

 Fortinet warns of critical command injection bug in FortiSIEM

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. [...]

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/

 Microsoft confirms Copilot AI assistant coming to Windows 10

Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-copilot-ai-assistant-coming-to-windows-10/

 Toyota confirms breach after Medusa ransomware threatens to leak data

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. [...]

https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data/

 MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet

MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. [...]

https://www.bleepingcomputer.com/news/security/mysql-servers-targeted-by-ddostf-ddos-as-a-service-botnet/

 FBI shares tactics of notorious Scattered Spider hacker collective

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation.. [...]

https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/

 Long Beach, California turns off IT systems after cyberattack

The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread. [...]

https://www.bleepingcomputer.com/news/security/long-beach-california-turns-off-it-systems-after-cyberattack/