Russian TrickBot malware dev sentenced to 64 months in prison

Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the Trickbot malware used in attacks against hospitals, companies, and individuals worldwide. [...]

https://www.bleepingcomputer.com/news/security/russian-trickbot-malware-dev-sentenced-to-64-months-in-prison/

 Blackwood hackers hijack WPS Office update to install malware

A previously unknown advanced threat actor tracked  as 'Blackwood' is using sophisticated malware called NSPX30 in cyberespionage attacks against companies and individuals. [...]

https://www.bleepingcomputer.com/news/security/blackwood-hackers-hijack-wps-office-update-to-install-malware/

 23andMe data breach: Hackers stole raw genotype data, health reports

Genetic testing provider 23andMe confirmed that hackers stole health reports and raw genotype data of customers affected by a credential stuffing attack that went unnoticed for five months, from April 29 to September 27. [...]

https://www.bleepingcomputer.com/news/security/23andme-data-breach-hackers-stole-raw-genotype-data-health-reports/

 Pwn2Own Automotive: $1.3M for 49 zero-days, Tesla hacked twice

The first edition of Pwn2Own Automotive has ended with competitors earning $1,323,750 for hacking Tesla twice and demoing 49 zero-day bugs in multiple electric car systems between January 24 and January 26. [...]

https://www.bleepingcomputer.com/news/security/pwn2own-automotive-13m-for-49-zero-days-tesla-hacked-twice/

 Role of Wazuh in building a robust cybersecurity architecture

Leveraging open source solutions and tools to build a cybersecurity architecture offers organizations several benefits. Learn more from Wazuh about the benefits of open source solutions. [...]

https://www.bleepingcomputer.com/news/security/role-of-wazuh-in-building-a-robust-cybersecurity-architecture/

 Microsoft reveals how hackers breached its Exchange Online accounts

Microsoft confirmed that the Russian Foreign Intelligence Service hacking group, which hacked into its executives' email accounts in November 2023, also breached other organizations as part of this malicious campaign. [...]

https://www.bleepingcomputer.com/news/security/microsoft-reveals-how-hackers-breached-its-exchange-online-accounts/

 Ukraine: Hack wiped 2 petabytes of data from Russian research center

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that pro-Ukrainian hacktivists breached the Russian Center for Space Hydrometeorology, aka "planeta" (планета), and wiped 2 petabytes of data. [...]

https://www.bleepingcomputer.com/news/security/ukraine-hack-wiped-2-petabytes-of-data-from-russian-research-center/

 Microsoft Teams outage causes connection issues, message delays

Microsoft is investigating an ongoing and widespread outage impacting the users of its Teams communication platform and causing connectivity issues, login problems, and message delays. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-outage-causes-connection-issues-message-delays/

 Microsoft introduces flighting for Windows Server insiders

Microsoft has launched flighting for Windows Server systems enrolled in its Windows Insider open software testing program. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-introduces-flighting-for-windows-server-insiders/

 Microsoft releases first Windows Server 2025 preview build

Microsoft has released Windows Server Insider Preview 26040, the first Windows Server 2025 build for admins enrolled in its Windows Insider program. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-first-windows-server-2025-preview-build/

 Kansas public transportation authority hit by ransomware

The Kansas City Area Transportation Authority (KCATA) announced it was targeted by a ransomware attack on Tuesday, January 23. [...]

https://www.bleepingcomputer.com/news/security/kansas-public-transportation-authority-hit-by-ransomware/

 The Week in Ransomware - January 26th 2024 - Govts strike back

Governments struck back this week against members of ransomware operations, imposing sanctions on one threat actor and sentencing another to prison. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-january-26th-2024-govts-strike-back/

 Exploits released for critical Jenkins RCE flaw, patch now

Multiple proof-of-concept (PoC) exploits for a critical Jenkins vulnerability allowing unauthenticated attackers to read arbitrary files have been made publicly available, with some researchers reporting attackers actively exploiting the flaws in attacks. [...]

https://www.bleepingcomputer.com/news/security/exploits-released-for-critical-jenkins-rce-flaw-patch-now/

 Microsoft Teams hit by second outage in three days

Microsoft is investigating a second outage affecting Microsoft Teams users across North and South America in the last three days. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-teams-hit-by-second-outage-in-three-days/

 DHS employees jailed for stealing data of 200K U.S. govt workers

Three former Department of Homeland Security (DHS) employees were sentenced to prison for stealing proprietary U.S. government software and databases containing the personal data of 200,000 federal employees. [...]

https://www.bleepingcomputer.com/news/security/dhs-employees-jailed-for-stealing-data-of-200k-us-govt-workers/

 Ransomware payments drop to record low as victims refuse to pay

The number of ransomware victims paying ransom demands has dropped to a record low of 29% in the final quarter of 2023, according to ransomware negotiation firm Coveware. [...]

https://www.bleepingcomputer.com/news/security/ransomware-payments-drop-to-record-low-as-victims-refuse-to-pay/

 FBI: Tech support scams now use couriers to collect victims' money

​Today, the FBI warned about courier services being used to collect money and valuables from victims of tech support and government impersonation scams. [...]

https://www.bleepingcomputer.com/news/security/fbi-tech-support-scams-now-use-couriers-to-collect-victims-money/

 Microsoft says Outlook apps can’t connect to Outlook.com

Microsoft is investigating an issue that prevents Outlook and other email clients from connecting when using an Outlook.com account. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-outlook-apps-cant-connect-to-outlookcom/

 Energy giant Schneider Electric hit by Cactus ransomware attack

Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. [...]

https://www.bleepingcomputer.com/news/security/energy-giant-schneider-electric-hit-by-cactus-ransomware-attack/

 45k Jenkins servers exposed to RCE attacks using public exploits

Researchers found roughly 45,000 Jenkins instances exposed online that are vulnerable to CVE-2023-23897, a critical remote code execution (RCE) flaw for which multiple public proof-of-concept (PoC) exploits are in circulation. [...]

https://www.bleepingcomputer.com/news/security/45k-jenkins-servers-exposed-to-rce-attacks-using-public-exploits/

 Keenan warns 1.5 million people of data breach after summer cyberattack

Keenan & Associates is sending notices of a data breach to 1.5 million customers, warning that hackers accessed their personal information in a recent cyberattack. [...]

https://www.bleepingcomputer.com/news/security/keenan-warns-15-million-people-of-data-breach-after-summer-cyberattack/