Ransomware payments reached record $1.1 billion in 2023

Ransomware payments in 2023 soared above $1.1 billion for the first time, shattering previous records and reversing the decline seen in 2022, marking the year as an exceptionally profitable period for ransomware gangs. [...]

https://www.bleepingcomputer.com/news/security/ransomware-payments-reached-record-11-billion-in-2023/

 Chinese hackers fail to rebuild botnet after FBI takedown

Chinese Volt Typhoon state hackers failed to revive a botnet recently taken down by the FBI, which was previously used in attacks targeting critical infrastructure across the United States. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-fail-to-rebuild-botnet-after-fbi-takedown/

 How to Apply Zero Trust to your Active Directory

With cyberattacks happening everyday, how can we apply zero trust principles towards keeping our Active Directory secure? Learn more from Specops Software on how to apply zero trust principles. [...]

https://www.bleepingcomputer.com/news/security/how-to-apply-zero-trust-to-your-active-directory/

 Critical flaw in Shim bootloader impacts major Linux distros

A critical vulnerability in the Shim Linux bootloader enables attackers to execute code and take control of a target system before the kernel is loaded, bypassing existing security mechanisms. [...]

https://www.bleepingcomputer.com/news/security/critical-flaw-in-shim-bootloader-impacts-major-linux-distros/

 No, 3 million electric toothbrushes were not used in a DDoS attack

A widely reported story that 3 million electric toothbrushes were hacked with malware to conduct distributed denial of service (DDoS) attacks is likely a hypothetical scenario instead of an actual attack. [...]

https://www.bleepingcomputer.com/news/security/no-3-million-electric-toothbrushes-were-not-used-in-a-ddos-attack/

 Critical Cisco bug exposes Expressway gateways to CSRF attacks

Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. [...]

https://www.bleepingcomputer.com/news/security/critical-cisco-bug-exposes-expressway-gateways-to-csrf-attacks/

 Google tests blocking side-loaded Android apps with risky permissions

Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. [...]

https://www.bleepingcomputer.com/news/security/google-tests-blocking-side-loaded-android-apps-with-risky-permissions/

 Chinese hackers hid in US infrastructure network for 5 years

The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. [...]

https://www.bleepingcomputer.com/news/security/chinese-hackers-hid-in-us-infrastructure-network-for-5-years/

 Denmark orders schools to stop sending student data to Google

The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. [...]

https://www.bleepingcomputer.com/news/google/denmark-orders-schools-to-stop-sending-student-data-to-google/

 Facebook ads push new Ov3r_Stealer password-stealing malware

A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. [...]

https://www.bleepingcomputer.com/news/security/facebook-ads-push-new-ov3r-stealer-password-stealing-malware/

 Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure

Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. [...]

https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/

 Google teases a new modern look for sign-in pages, including Gmail

Google is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover. [...]

https://www.bleepingcomputer.com/news/google/google-teases-a-new-modern-look-for-sign-in-pages-including-gmail/

 Data breaches at Viamedis and Almerys impact 33 million in France

Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. [...]

https://www.bleepingcomputer.com/news/security/data-breaches-at-viamedis-and-almerys-impact-33-million-in-france/

 Fake LastPass password manager spotted on Apple’s App Store

LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]

https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/

 US offers $10 million for tips on Hive ransomware leadership

The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-tips-on-hive-ransomware-leadership/

 Android XLoader malware can now auto-execute after installation

A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [...]

https://www.bleepingcomputer.com/news/security/android-xloader-malware-can-now-auto-execute-after-installation/

 Microsoft unveils new 'Sudo for Windows' feature in Windows 11

Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-new-sudo-for-windows-feature-in-windows-11/

 Ivanti: Patch new Connect Secure auth bypass bug immediately

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. [...]

https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/

 Hyundai Motor Europe hit by Black Basta ransomware attack

Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...]

https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/

 Microsoft fixes Copilot issue blocking Windows 11 upgrades

Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-copilot-issue-blocking-windows-11-upgrades/

 New Fortinet RCE flaw in SSL VPN likely exploited in attacks

Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/