CISA warns agencies of fourth flaw used in Triangulation spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-agencies-of-fourth-flaw-used-in-triangulation-spyware-attacks/
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-agencies-of-fourth-flaw-used-in-triangulation-spyware-attacks/
BleepingComputer
CISA warns agencies of fourth flaw used in Triangulation spyware attacks
The U.S. Cybersecurity and Infrastructure Security Agency has added to its to the Known Exploited Vulnerabilities catalog six vulnerabilities that impact products from Adobe, Apache, D-Link, and Joomla.
Windows 10 KB5034122 update released with fix for shut down bug
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034122-update-released-with-fix-for-shut-down-bug/
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034122-update-released-with-fix-for-shut-down-bug/
BleepingComputer
Windows 10 KB5034122 update released with fix for shut down bug
Microsoft has released the KB5034122 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes only a small number of fixes due to the holiday season.
FTC bans data broker from selling Americans’ location data
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. [...]
https://www.bleepingcomputer.com/news/security/ftc-bans-data-broker-from-selling-americans-location-data/
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes. [...]
https://www.bleepingcomputer.com/news/security/ftc-bans-data-broker-from-selling-americans-location-data/
BleepingComputer
FTC bans data broker from selling Americans’ location data
Today, the U.S. Federal Trade Commission (FTC) banned data broker Outlogic, formerly X-Mode Social, from selling Americans' raw location data that could be used for tracking purposes.
Ransomware victims targeted by fake hack-back offers
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. [...]
https://www.bleepingcomputer.com/news/security/ransomware-victims-targeted-by-fake-hack-back-offers/
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data. [...]
https://www.bleepingcomputer.com/news/security/ransomware-victims-targeted-by-fake-hack-back-offers/
BleepingComputer
Ransomware victims targeted by fake hack-back offers
Some organizations victimized by the Royal and Akira ransomware gangs have been targeted by a threat actor posing as a security researcher who promised to hack back the original attacker and delete stolen victim data.
China claims it cracked Apple's AirDrop to find numbers, email addresses
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [...]
https://www.bleepingcomputer.com/news/security/china-claims-it-cracked-apples-airdrop-to-find-numbers-email-addresses/
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. [...]
https://www.bleepingcomputer.com/news/security/china-claims-it-cracked-apples-airdrop-to-find-numbers-email-addresses/
BleepingComputer
China claims it cracked Apple's AirDrop to find numbers, email addresses
A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content.
US SEC’s X account hacked to announce fake Bitcoin ETF approval
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [...]
https://www.bleepingcomputer.com/news/security/us-secs-x-account-hacked-to-announce-fake-bitcoin-etf-approval/
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges. [...]
https://www.bleepingcomputer.com/news/security/us-secs-x-account-hacked-to-announce-fake-bitcoin-etf-approval/
BleepingComputer
US SEC’s X account hacked to announce fake Bitcoin ETF approval
The X account for the U.S. Securities and Exchange Commission was hacked today to issue a fake announcement on the approval of Bitcoin ETFs on security exchanges.
Nigerian gets 10 years for laundering millions stolen from elderly
A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. [...]
https://www.bleepingcomputer.com/news/security/nigerian-gets-10-years-for-laundering-millions-stolen-from-elderly/
A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes. [...]
https://www.bleepingcomputer.com/news/security/nigerian-gets-10-years-for-laundering-millions-stolen-from-elderly/
BleepingComputer
Nigerian gets 10 years for laundering millions stolen from elderly
A Nigerian man was sentenced on Monday to 10 years and one month in prison for conspiring to launder millions stolen from elderly victims in internet fraud schemes.
ShinyHunters member gets 3 years in prison for breaching 60 firms
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. [...]
https://www.bleepingcomputer.com/news/security/shinyhunters-member-gets-3-years-in-prison-for-breaching-60-firms/
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000. [...]
https://www.bleepingcomputer.com/news/security/shinyhunters-member-gets-3-years-in-prison-for-breaching-60-firms/
BleepingComputer
ShinyHunters member gets 3 years in prison for breaching 60 firms
The U.S. District Court in Seattle sentenced ShinyHunters member Sebastien Raoult to three years in prison and ordered a restitution of $5,000,000.
👍1
Microsoft Exchange 2019 has reached end of mainstream support
Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2019-has-reached-end-of-mainstream-support/
Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2019-has-reached-end-of-mainstream-support/
BleepingComputer
Microsoft Exchange 2019 has reached end of mainstream support
Microsoft announced the end of mainstream support for its Exchange Server 2019 on-premises mail server software on January 9, 2023.
Windows 10 KB5034441 security update fails with 0x80070643 errors
Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034441-security-update-fails-with-0x80070643-errors/
Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034441-security-update-fails-with-0x80070643-errors/
BleepingComputer
Windows 10 KB5034441 security update fails with 0x80070643 errors
Windows 10 users worldwide report problems installing Microsoft's January Patch Tuesday updates, getting 0x80070643 errors when attempting to install the KB5034441 security update for BitLocker.
Fake 401K year-end statements used to steal corporate credentials
Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. [...]
https://www.bleepingcomputer.com/news/security/fake-401k-year-end-statements-used-to-steal-corporate-credentials/
Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials. [...]
https://www.bleepingcomputer.com/news/security/fake-401k-year-end-statements-used-to-steal-corporate-credentials/
BleepingComputer
Fake 401K year-end statements used to steal corporate credentials
Threat actors are using communication about personal pension accounts (the 401(k) plans in the U.S.), salary adjustments, and performance reports to steal company employees' credentials.
Ivanti warns of Connect Secure zero-days exploited in attacks
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. [...]
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited in the wild that can let remote attackers execute arbitrary commands on targeted gateways. [...]
https://www.bleepingcomputer.com/news/security/ivanti-warns-of-connect-secure-zero-days-exploited-in-attacks/
BleepingComputer
Ivanti warns of Connect Secure zero-days exploited in attacks
Ivanti has disclosed two Connect Secure (ICS) and Policy Secure zero-days exploited by suspected Chinese hackers in the wild that can let remote attackers execute arbitrary commands on targeted gateways.
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack
A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. [...]
https://www.bleepingcomputer.com/news/security/pro-ukraine-hackers-breach-russian-isp-in-revenge-for-kyivstar-attack/
A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator. [...]
https://www.bleepingcomputer.com/news/security/pro-ukraine-hackers-breach-russian-isp-in-revenge-for-kyivstar-attack/
BleepingComputer
Pro-Ukraine hackers breach Russian ISP in revenge for KyivStar attack
A pro-Ukraine hacktivist group named 'Blackjack' has claimed a cyberattack against Russian provider of internet services M9com as a direct response to the attack against Kyivstar mobile operator.
Fidelity National Financial: Hackers stole data of 1.3 million people
Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. [...]
https://www.bleepingcomputer.com/news/security/fidelity-national-financial-hackers-stole-data-of-13-million-people/
Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers. [...]
https://www.bleepingcomputer.com/news/security/fidelity-national-financial-hackers-stole-data-of-13-million-people/
BleepingComputer
Fidelity National Financial: Hackers stole data of 1.3 million people
Fidelity National Financial (FNF) has confirmed that a November cyberattack (claimed by the BlackCat ransomware gang) has exposed the data of 1.3 million customers.
Cisco says critical Unity Connection bug lets attackers get root
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. [...]
https://www.bleepingcomputer.com/news/security/cisco-says-critical-unity-connection-bug-lets-attackers-get-root/
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices. [...]
https://www.bleepingcomputer.com/news/security/cisco-says-critical-unity-connection-bug-lets-attackers-get-root/
BleepingComputer
Cisco says critical Unity Connection bug lets attackers get root
Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched devices.
Mandiant's X account hacked by crypto Drainer-as-a-Service gang
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [...]
https://www.bleepingcomputer.com/news/security/mandiants-x-account-hacked-by-crypto-drainer-as-a-service-gang/
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack." [...]
https://www.bleepingcomputer.com/news/security/mandiants-x-account-hacked-by-crypto-drainer-as-a-service-gang/
BleepingComputer
Mandiant's X account hacked by crypto Drainer-as-a-Service gang
Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."
Finland warns of Akira ransomware wiping NAS and tape backup devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. [...]
https://www.bleepingcomputer.com/news/security/finland-warns-of-akira-ransomware-wiping-nas-and-tape-backup-devices/
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups. [...]
https://www.bleepingcomputer.com/news/security/finland-warns-of-akira-ransomware-wiping-nas-and-tape-backup-devices/
BleepingComputer
Finland warns of Akira ransomware wiping NAS and tape backup devices
The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.
❤1🔥1
New Balada Injector campaign infects 6,700 WordPress sites
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign. [...]
https://www.bleepingcomputer.com/news/security/new-balada-injector-campaign-infects-6-700-wordpress-sites/
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign. [...]
https://www.bleepingcomputer.com/news/security/new-balada-injector-campaign-infects-6-700-wordpress-sites/
BleepingComputer
New Balada Injector campaign infects 6,700 WordPress sites
A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.
❤1
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/
Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-script-to-update-windows-10-winre-with-bitlocker-fixes/
BleepingComputer
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes
Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.
❤1
Bitwarden adds passkey support to log into web password vaults
The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. [...]
https://www.bleepingcomputer.com/news/security/bitwarden-adds-passkey-support-to-log-into-web-password-vaults/
The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs. [...]
https://www.bleepingcomputer.com/news/security/bitwarden-adds-passkey-support-to-log-into-web-password-vaults/
BleepingComputer
Bitwarden adds passkey support to log into web password vaults
The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs.
❤1
Microsoft testing Windows 11 USB 80Gbps support, Copilot on login
Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-windows-11-usb-80gbps-support-copilot-on-login/
Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-testing-windows-11-usb-80gbps-support-copilot-on-login/
BleepingComputer
Microsoft testing Windows 11 USB 80Gbps support, Copilot on login
Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables.