Malicious web redirect scripts stealth up to hide on hacked sites
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. [...]
https://www.bleepingcomputer.com/news/security/malicious-web-redirect-scripts-stealth-up-to-hide-on-hacked-sites/
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms. [...]
https://www.bleepingcomputer.com/news/security/malicious-web-redirect-scripts-stealth-up-to-hide-on-hacked-sites/
BleepingComputer
Malicious web redirect scripts stealth up to hide on hacked sites
Security researchers looking at more than 10,000 scripts used by the Parrot traffic direction system (TDS) noticed an evolution marked by optimizations that make malicious code stealthier against security mechanisms.
FTC orders Intuit to stop pushing "free" software that isn't really free
Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as "free" unless they're actually free for all consumers. [...]
https://www.bleepingcomputer.com/news/technology/ftc-orders-intuit-to-stop-pushing-free-software-that-isnt-really-free/
Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as "free" unless they're actually free for all consumers. [...]
https://www.bleepingcomputer.com/news/technology/ftc-orders-intuit-to-stop-pushing-free-software-that-isnt-really-free/
BleepingComputer
FTC orders Intuit to stop pushing "free" software that isn't really free
Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as "free" unless they're actually free for all consumers.
Cracked macOS apps drain wallets using scripts fetched from DNS records
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. [...]
https://www.bleepingcomputer.com/news/security/cracked-macos-apps-drain-wallets-using-scripts-fetched-from-dns-records/
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts. [...]
https://www.bleepingcomputer.com/news/security/cracked-macos-apps-drain-wallets-using-scripts-fetched-from-dns-records/
BleepingComputer
Cracked macOS apps drain wallets using scripts fetched from DNS records
Hackers are using a stealthy method to deliver to macOS users information-stealing malware through DNS records that hide malicious scripts.
SEC confirms X account was hacked in SIM swapping attack
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. [...]
https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account. [...]
https://www.bleepingcomputer.com/news/security/sec-confirms-x-account-was-hacked-in-sim-swapping-attack/
BleepingComputer
SEC confirms X account was hacked in SIM swapping attack
The U.S. Securities and Exchange Commission confirmed today that its X account was hacked through a SIM-swapping attack on the cell phone number associated with the account.
😱2
Australia sanctions REvil hacker behind Medibank data breach
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...]
https://www.bleepingcomputer.com/news/security/australia-sanctions-revil-hacker-behind-medibank-data-breach/
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group. [...]
https://www.bleepingcomputer.com/news/security/australia-sanctions-revil-hacker-behind-medibank-data-breach/
BleepingComputer
US, UK, Australia sanction REvil hacker behind Medibank data breach
The Australian government has announced sanctions for Aleksandr Gennadievich Ermakov, a Russian national considered responsible for the 2022 Medibank hack and a member of the REvil ransomware group.
❤1
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. [...]
https://www.bleepingcomputer.com/news/security/fortra-warns-of-new-critical-goanywhere-mft-auth-bypass-patch-now/
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user. [...]
https://www.bleepingcomputer.com/news/security/fortra-warns-of-new-critical-goanywhere-mft-auth-bypass-patch-now/
BleepingComputer
Fortra warns of new critical GoAnywhere MFT auth bypass, patch now
Fortra is warning of a new authentication bypass vulnerability impacting GoAnywhere MFT (Managed File Transfer) versions before 7.4.1 that allows an attacker to create a new admin user.
Jason’s Deli says customer data exposed in credential stuffing attack
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. [...]
https://www.bleepingcomputer.com/news/security/jasons-deli-says-customer-data-exposed-in-credential-stuffing-attack/
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks. [...]
https://www.bleepingcomputer.com/news/security/jasons-deli-says-customer-data-exposed-in-credential-stuffing-attack/
BleepingComputer
Jason’s Deli says customer data exposed in credential stuffing attack
Jason's Deli is warning of a data breach in notifications sent to customers of its online platform stating that their personal data was exposed in credential stuffing attacks.
👍1
Windows 10 KB5034203 preview update adds EU DMA compliance
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034203-preview-update-adds-eu-dma-compliance/
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034203-preview-update-adds-eu-dma-compliance/
BleepingComputer
Windows 10 KB5034203 preview update adds EU DMA compliance
Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance in the European Economic Area (EEA) to allow European users to uninstall all apps in Windows by March 6.
Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. [...]
https://www.bleepingcomputer.com/news/security/kasseika-ransomware-uses-antivirus-driver-to-kill-other-antiviruses/
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files. [...]
https://www.bleepingcomputer.com/news/security/kasseika-ransomware-uses-antivirus-driver-to-kill-other-antiviruses/
BleepingComputer
Kasseika ransomware uses antivirus driver to kill other antiviruses
A recently uncovered ransomware operation named 'Kasseika' has joined the club of threat actors that employs Bring Your Own Vulnerable Driver (BYOVD) tactics to disable antivirus software before encrypting files.
X adds passkeys support for iOS users in the United States
X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys. [...]
https://www.bleepingcomputer.com/news/security/x-adds-passkeys-support-for-ios-users-in-the-united-states/
X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys. [...]
https://www.bleepingcomputer.com/news/security/x-adds-passkeys-support-for-ios-users-in-the-united-states/
BleepingComputer
X adds passkeys support for iOS users in the United States
X, formerly Twitter, announced today that iOS users in the United States can now log into their accounts using passkeys.
Trello API abused to link email addresses to 15 million accounts
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. [...]
https://www.bleepingcomputer.com/news/security/trello-api-abused-to-link-email-addresses-to-15-million-accounts/
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information. [...]
https://www.bleepingcomputer.com/news/security/trello-api-abused-to-link-email-addresses-to-15-million-accounts/
BleepingComputer
Trello API abused to link email addresses to 15 million accounts
An exposed Trello API allows linking private email addresses with Trello accounts, enabling the creation of millions of data profiles containing both public and private information.
Water services giant Veolia North America hit by ransomware attack
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. [...]
https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems. [...]
https://www.bleepingcomputer.com/news/security/water-services-giant-veolia-north-america-hit-by-ransomware-attack/
BleepingComputer
Water services giant Veolia North America hit by ransomware attack
Veolia North America, a subsidiary of transnational conglomerate Veolia, disclosed a ransomware attack that impacted systems part of its Municipal Water division and disrupted its bill payment systems.
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. [...]
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortra-goanywhere-mft-auth-bypass-bug/
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. [...]
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortra-goanywhere-mft-auth-bypass-bug/
BleepingComputer
Exploit released for Fortra GoAnywhere MFT auth bypass bug
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal.
👍1
Microsoft: Recent updates cause Sysprep Windows validation errors
Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-updates-cause-sysprep-windows-validation-errors/
Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-recent-updates-cause-sysprep-windows-validation-errors/
BleepingComputer
Microsoft: Recent updates cause Sysprep Windows validation errors
Microsoft says admins are seeing 0x80073cf2 errors when using the System Preparation (Sysprep) tool to validate Windows installations for deployment after installing recent Windows 10 updates.
Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugs
Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5034204-update-fixes-bluetooth-audio-issues-24-bugs/
Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5034204-update-fixes-bluetooth-audio-issues-24-bugs/
BleepingComputer
Windows 11 KB5034204 update fixes Bluetooth audio issues, 24 bugs
Microsoft released the January 2024 preview update for Windows 11 versions 22H2 and 23H2, which comes with Bluetooth audio bug fixes and addresses 24 known issues.
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. [...]
https://www.bleepingcomputer.com/news/security/tesla-hacked-24-zero-days-demoed-at-pwn2own-automotive-2024/
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits. [...]
https://www.bleepingcomputer.com/news/security/tesla-hacked-24-zero-days-demoed-at-pwn2own-automotive-2024/
BleepingComputer
Tesla hacked, 24 zero-days demoed at Pwn2Own Automotive 2024
Security researchers hacked a Tesla Modem and collected awards of $722,500 on the first day of Pwn2Own Automotive 2024 for three bug collisions and 24 unique zero-day exploits.
How to secure AD passwords without sacrificing end-user experience
To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. Learn more from Specops Software on an alternative approach that supports security and end-user experience at the same time. [...]
https://www.bleepingcomputer.com/news/security/how-to-secure-ad-passwords-without-sacrificing-end-user-experience/
To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. Learn more from Specops Software on an alternative approach that supports security and end-user experience at the same time. [...]
https://www.bleepingcomputer.com/news/security/how-to-secure-ad-passwords-without-sacrificing-end-user-experience/
BleepingComputer
How to secure AD passwords without sacrificing end-user experience
To increase password security, regulatory bodies recommend longer and unique passwords. Despite this, many still stick to using the same easy-to-guess passwords for the sake of convenience. Learn more from Specops Software on an alternative approach that…
Google Pixel phones unusable after January 2024 system update
Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps. [...]
https://www.bleepingcomputer.com/news/google/google-pixel-phones-unusable-after-january-2024-system-update/
Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps. [...]
https://www.bleepingcomputer.com/news/google/google-pixel-phones-unusable-after-january-2024-system-update/
BleepingComputer
Google Pixel phones unusable after January 2024 system update
Google Pixel smartphone owners report problems after installing the January 2024 Google Play system update, being unable to access their devices internal storage, open the camera, take screenshots, or even open apps.
🤔1
Global fintech firm EquiLend offline after recent cyberattack
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack. [...]
https://www.bleepingcomputer.com/news/security/global-fintech-firm-equilend-offline-after-recent-cyberattack/
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack. [...]
https://www.bleepingcomputer.com/news/security/global-fintech-firm-equilend-offline-after-recent-cyberattack/
BleepingComputer
Global fintech firm EquiLend offline after recent cyberattack
New York-based global financial technology firm EquiLend says its operations have been disrupted after some systems were taken offline in a Monday cyberattack.
UK says AI will empower ransomware over the next two years
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...]
https://www.bleepingcomputer.com/news/security/uk-says-ai-will-empower-ransomware-over-the-next-two-years/
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware. [...]
https://www.bleepingcomputer.com/news/security/uk-says-ai-will-empower-ransomware-over-the-next-two-years/
BleepingComputer
UK says AI will empower ransomware over the next two years
The United Kingdom's National Cyber Security Centre (NCSC) warns that artificial intelligence (AI) tools will have an adverse near-term impact on cybersecurity, helping escalate the threat of ransomware.
❤2
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. [...]
https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. [...]
https://www.bleepingcomputer.com/news/security/over-5-300-gitlab-servers-exposed-to-zero-click-account-takeover-attacks/
BleepingComputer
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.