Microsoft fixes Windows Server VMs broken by October updates

Microsoft fixed a known issue causing blue screens and boot failures in Windows Server 2022 virtual machines (VMs) deployed on VMware ESXi hosts. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-vms-broken-by-october-updates/

 Samsung hit by new data breach impacting UK store customers

Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual. [...]

https://www.bleepingcomputer.com/news/security/samsung-hit-by-new-data-breach-impacting-uk-store-customers/

 Ransomware gang files SEC complaint over victim’s undisclosed breach

The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/

 How DDoS attacks are taking down even the largest tech companies

DDoS attacks are increasingly taking down even the largest tech companies. Learn more Specops Software on these types of attacks and how you can protect your devices from being recruited into botnets. [...]

https://www.bleepingcomputer.com/news/security/how-ddos-attacks-are-taking-down-even-the-largest-tech-companies/

 Fortinet warns of critical command injection bug in FortiSIEM

Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests. [...]

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-command-injection-bug-in-fortisiem/

 Microsoft confirms Copilot AI assistant coming to Windows 10

Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-copilot-ai-assistant-coming-to-windows-10/

 Toyota confirms breach after Medusa ransomware threatens to leak data

Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company. [...]

https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-medusa-ransomware-threatens-to-leak-data/

 MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet

MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. [...]

https://www.bleepingcomputer.com/news/security/mysql-servers-targeted-by-ddostf-ddos-as-a-service-botnet/

 FBI shares tactics of notorious Scattered Spider hacker collective

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation.. [...]

https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/

 Long Beach, California turns off IT systems after cyberattack

The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread. [...]

https://www.bleepingcomputer.com/news/security/long-beach-california-turns-off-it-systems-after-cyberattack/

 British Library: Ongoing outage caused by ransomware attack

The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. [...]

https://www.bleepingcomputer.com/news/security/british-library-ongoing-outage-caused-by-ransomware-attack/

 CISA warns of actively exploited Windows, Sophos, and Oracle bugs

The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-windows-sophos-and-oracle-bugs/

 Google: Hackers exploited Zimbra zero-day in attacks on govt orgs

Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25. [...]

https://www.bleepingcomputer.com/news/security/google-hackers-exploited-zimbra-zero-day-in-attacks-on-govt-orgs/

 Yamaha Motor confirms ransomware attack on Philippines subsidiary

Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information. [...]

https://www.bleepingcomputer.com/news/security/yamaha-motor-confirms-ransomware-attack-on-philippines-subsidiary/

 Bloomberg Crypto X account snafu leads to Discord phishing attack

The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack. [...]

https://www.bleepingcomputer.com/news/security/bloomberg-crypto-x-account-snafu-leads-to-discord-phishing-attack/

 The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs

Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-17th-2023-citrix-in-the-crosshairs/

 Google shares plans for blocking third-party cookies in Chrome

Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative. [...]

https://www.bleepingcomputer.com/news/google/google-shares-plans-for-blocking-third-party-cookies-in-chrome/

 Exploit for CrushFTP RCE chain released, patch now

A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords. [...]

https://www.bleepingcomputer.com/news/security/exploit-for-crushftp-rce-chain-released-patch-now/

 FCC adopts new rules to protect consumers from SIM-swapping attacks

The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud. [...]

https://www.bleepingcomputer.com/news/security/fcc-adopts-new-rules-to-protect-consumers-from-sim-swapping-attacks/

 Windows 10 to let admins control how optional updates are deployed

Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-to-let-admins-control-how-optional-updates-are-deployed/

 Researchers extract RSA keys from SSH server signing errors

A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH (secure shell) connection attempts. [...]

https://www.bleepingcomputer.com/news/security/researchers-extract-rsa-keys-from-ssh-server-signing-errors/