Fake F5 BIG-IP zero-day warning emails push data wipers

The Israel National Cyber Directorate warns of phishing emails pretending to be F5 BIG-IP zero-day security updates that deploy Windows and Linux data wipers. [...]

https://www.bleepingcomputer.com/news/security/fake-f5-big-ip-zero-day-warning-emails-push-data-wipers/

 Android malware Chameleon disables Fingerprint Unlock to steal PINs

The Chameleon Android banking trojan has re-emerged with a new version that uses a tricky technique to take over devices — disable fingerprint and face unlock to steal device PINs. [...]

https://www.bleepingcomputer.com/news/security/android-malware-chameleon-disables-fingerprint-unlock-to-steal-pins/

 BidenCash darkweb market gives 1.9 million credit cards for free

The BidenCash stolen credit card marketplace is giving away 1.9 million credit cards for free via its store to promote itself among cybercriminals. [...]

https://www.bleepingcomputer.com/news/security/bidencash-darkweb-market-gives-19-million-credit-cards-for-free/

 OpenAI rolls out imperfect fix for ChatGPT data leak flaw

OpenAI has mitigated a data exfiltration bug in ChatGPT that could potentially leak conversation details to an external URL. [...]

https://www.bleepingcomputer.com/news/security/openai-rolls-out-imperfect-fix-for-chatgpt-data-leak-flaw/

 Microsoft deprecates Defender Application Guard for some Edge users

Microsoft is deprecating Defender Application Guard (including the Windows Isolated App Launcher APIs) for Edge for Business users. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-defender-application-guard-for-some-edge-users/

 Title insurance giant First American offline after cyberattack

First American Financial Corporation, the second-largest title insurance company in the United States, took some of its systems offline today to contain the impact of a cyberattack. [...]

https://www.bleepingcomputer.com/news/security/title-insurance-giant-first-american-offline-after-cyberattack/

 Microsoft: Hackers target defense firms with new FalseFont malware

Microsoft says the APT33 Iranian cyber-espionage group is using recently discovered FalseFont backdoor malware to attack defense contractors worldwide. [...]

https://www.bleepingcomputer.com/news/security/microsoft-hackers-target-defense-firms-with-new-falsefont-malware/

 Lapsus$ hacker behind GTA 6 leak gets indefinite hospital sentence

Lapsus$ cybercrime and extortion group member, Arion Kurtaj has been sentenced indefinitely in a 'secure hospital' by a UK judge. Kurtaj who is 18 years of age and autistic is among the primary Lapsus$ threat actors, and was involved in the leak of assets associated with the video game, Grand Theft Auto VI. [...]

https://www.bleepingcomputer.com/news/security/lapsus-hacker-behind-gta-6-leak-gets-indefinite-hospital-sentence/

 Crypto drainer steals $59 million from 63k people in Twitter ad push

Google and Twitter ads are promoting sites containing a cryptocurrency drainer named 'MS Drainer' that has already stolen $59 million from 63,210 victims over the past nine months. [...]

https://www.bleepingcomputer.com/news/security/crypto-drainer-steals-59-million-from-63k-people-in-twitter-ad-push/

 Fake VPN Chrome extensions force-installed 1.5 million times

Three malicious Chrome extensions posing as VPN (Virtual Private Networks) infected were downloaded 1.5 million times, acting as browser hijackers, cashback hack tools, and data stealers. [...]

https://www.bleepingcomputer.com/news/security/fake-vpn-chrome-extensions-force-installed-15-million-times/

 Europol warns 443 online shops infected with credit card stealers

Europol has notified over 400 websites that their online shops have been hacked with malicious scripts that steal debit and credit cards from customers making purchases. [...]

https://www.bleepingcomputer.com/news/security/europol-warns-443-online-shops-infected-with-credit-card-stealers/

 Nissan Australia cyberattack claimed by Akira ransomware gang

Today, the Akira ransomware gang claimed that it breached the network of Nissan Australia, the Australian division of Japanese car maker Nissan. [...]

https://www.bleepingcomputer.com/news/security/nissan-australia-cyberattack-claimed-by-akira-ransomware-gang/

 Ubisoft says it's investigating reports of a new security breach

Ubisoft is investigating whether it suffered a breach after images of the company's internal software and developer tools were leaked online. [...]

https://www.bleepingcomputer.com/news/security/ubisoft-says-its-investigating-reports-of-a-new-security-breach/

 The Week in Ransomware - December 22nd 2023 - BlackCat hacked

Earlier this month, the BlackCat/ALPHV ransomware operation suffered a five-day disruption to their Tor data leak and negotiation sites, rumored to be caused by a law enforcement action. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-december-22nd-2023-blackcat-hacked/

 Mint Mobile discloses new data breach exposing customer data

Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. [...]

https://www.bleepingcomputer.com/news/security/mint-mobile-discloses-new-data-breach-exposing-customer-data/

 ‘Wall of Flippers’ detects Flipper Zero Bluetooth spam attacks

A new Python project called 'Wall of Flippers' detects Bluetooth spam attacks launched by Flipper Zero and Android devices. [...]

https://www.bleepingcomputer.com/news/security/wall-of-flippers-detects-flipper-zero-bluetooth-spam-attacks/

 Google Chrome now scans for compromised passwords in the background

Google says the Chrome Safety Check feature will work in the background to check if passwords saved in the web browser have been compromised. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-now-scans-for-compromised-passwords-in-the-background/

 GTA 5 source code reportedly leaked online a year after RockStar hack

​The source code for Grand Theft Auto 5 was reportedly leaked on Christmas Eve, a little over a year after the Lapsus$ threat actors hacked Rockstar games and stole corporate data. [...]

https://www.bleepingcomputer.com/news/security/gta-5-source-code-reportedly-leaked-online-a-year-after-rockstar-hack/

 Integris Health patients get extortion emails after cyberattack

Integris Health patients in Oklahoma are receiving blackmail emails stating that their data was stolen in a cyberattack on the healthcare network, and if they did not pay an extortion demand, the data would be sold to other threat actors. [...]

https://www.bleepingcomputer.com/news/security/integris-health-patients-get-extortion-emails-after-cyberattack/

 GitHub warns users to enable 2FA before upcoming deadline

GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts. [...]

https://www.bleepingcomputer.com/news/software/github-warns-users-to-enable-2fa-before-upcoming-deadline/

 Yakult Australia confirms 'cyber incident' after 95 GB data leak

Yakult Australia, manufacturer of a probiotic milk drink, has confirmed experiencing a "cyber incident" in a statement to BleepingComputer. Both the company's Australian and New Zealand IT systems have been affected. Cybercrime actor DragonForce which claimed responsibility for the attack has also leaked 95 GB of data. [...]

https://www.bleepingcomputer.com/news/security/yakult-australia-confirms-cyber-incident-after-95-gb-data-leak/