Critical Cisco bug exposes Expressway gateways to CSRF attacks
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. [...]
https://www.bleepingcomputer.com/news/security/critical-cisco-bug-exposes-expressway-gateways-to-csrf-attacks/
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks. [...]
https://www.bleepingcomputer.com/news/security/critical-cisco-bug-exposes-expressway-gateways-to-csrf-attacks/
BleepingComputer
Critical Cisco bug exposes Expressway gateways to CSRF attacks
Cisco has patched several vulnerabilities affecting its Expressway Series collaboration gateways, two of them rated as critical severity and exposing vulnerable devices to cross-site request forgery (CSRF) attacks.
Google tests blocking side-loaded Android apps with risky permissions
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. [...]
https://www.bleepingcomputer.com/news/security/google-tests-blocking-side-loaded-android-apps-with-risky-permissions/
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions. [...]
https://www.bleepingcomputer.com/news/security/google-tests-blocking-side-loaded-android-apps-with-risky-permissions/
BleepingComputer
Google tests blocking side-loaded Android apps with risky permissions
Google has launched a new pilot program to fight financial fraud by blocking the sideloading of Android APK files that request access to risky permissions.
Chinese hackers hid in US infrastructure network for 5 years
The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-hid-in-us-infrastructure-network-for-5-years/
The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner Five Eyes agencies. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-hid-in-us-infrastructure-network-for-5-years/
BleepingComputer
Chinese hackers hid in US infrastructure network for 5 years
The Chinese Volt Typhoon cyber-espionage group infiltrated a critical infrastructure network in the United States and remained undetected for at least five years before being discovered, according to a joint advisory from CISA, the NSA, the FBI, and partner…
Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. [...]
https://www.bleepingcomputer.com/news/google/denmark-orders-schools-to-stop-sending-student-data-to-google/
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools. [...]
https://www.bleepingcomputer.com/news/google/denmark-orders-schools-to-stop-sending-student-data-to-google/
BleepingComputer
Denmark orders schools to stop sending student data to Google
The Danish data protection authority (Datatilsynet) has issued an injunction regarding student data being funneled to Google through the use of Chromebooks and Google Workspace services in the country's schools.
👏1
Facebook ads push new Ov3r_Stealer password-stealing malware
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. [...]
https://www.bleepingcomputer.com/news/security/facebook-ads-push-new-ov3r-stealer-password-stealing-malware/
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency. [...]
https://www.bleepingcomputer.com/news/security/facebook-ads-push-new-ov3r-stealer-password-stealing-malware/
BleepingComputer
Facebook ads push new Ov3r_Stealer password-stealing malware
A new password-stealing malware named Ov3r_Stealer is spreading through fake job advertisements on Facebook, aiming to steal account credentials and cryptocurrency.
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. [...]
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution. [...]
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-new-fortisiem-rce-bugs-in-confusing-disclosure/
BleepingComputer
Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure
Fortinet is warning of two new unpatched patch bypasses for a critical remote code execution vulnerability in FortiSIEM, Fortinet's SIEM solution.
Google teases a new modern look for sign-in pages, including Gmail
Google is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover. [...]
https://www.bleepingcomputer.com/news/google/google-teases-a-new-modern-look-for-sign-in-pages-including-gmail/
Google is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover. [...]
https://www.bleepingcomputer.com/news/google/google-teases-a-new-modern-look-for-sign-in-pages-including-gmail/
BleepingComputer
Google teases a new modern look for sign-in pages, including Gmail
Google is on the brink of refreshing its sign-in pages, including Gmail, with a sleek, modern makeover.
❤2
Data breaches at Viamedis and Almerys impact 33 million in France
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. [...]
https://www.bleepingcomputer.com/news/security/data-breaches-at-viamedis-and-almerys-impact-33-million-in-france/
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. [...]
https://www.bleepingcomputer.com/news/security/data-breaches-at-viamedis-and-almerys-impact-33-million-in-france/
BleepingComputer
Data breaches at Viamedis and Almerys impact 33 million in France
Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country.
Fake LastPass password manager spotted on Apple’s App Store
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]
https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials. [...]
https://www.bleepingcomputer.com/news/security/fake-lastpass-password-manager-spotted-on-apples-app-store/
BleepingComputer
Fake LastPass password manager spotted on Apple’s App Store
LastPass is warning that a fake copy of its app is being distributed on the Apple App Store, likely used as a phishing app to steal users' credentials.
US offers $10 million for tips on Hive ransomware leadership
The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. [...]
https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-tips-on-hive-ransomware-leadership/
The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang. [...]
https://www.bleepingcomputer.com/news/security/us-offers-10-million-for-tips-on-hive-ransomware-leadership/
BleepingComputer
US offers $10 million for tips on Hive ransomware leadership
The U.S. State Department offers rewards of up to $10 million for information that could help locate, identify, or arrest members of the Hive ransomware gang.
Android XLoader malware can now auto-execute after installation
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [...]
https://www.bleepingcomputer.com/news/security/android-xloader-malware-can-now-auto-execute-after-installation/
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch. [...]
https://www.bleepingcomputer.com/news/security/android-xloader-malware-can-now-auto-execute-after-installation/
BleepingComputer
Android XLoader malware can now auto-execute after installation
A new version of the XLoader Android malware was discovered that automatically executes on devices it infects, requiring no user interaction to launch.
Microsoft unveils new 'Sudo for Windows' feature in Windows 11
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-new-sudo-for-windows-feature-in-windows-11/
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-unveils-new-sudo-for-windows-feature-in-windows-11/
BleepingComputer
Microsoft unveils new 'Sudo for Windows' feature in Windows 11
Microsoft introduced 'Sudo for Windows' today, a new Windows 11 feature allowing users to execute commands with elevated privileges from unelevated terminals.
👍2🤡1
Ivanti: Patch new Connect Secure auth bypass bug immediately
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. [...]
https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. [...]
https://www.bleepingcomputer.com/news/security/ivanti-patch-new-connect-secure-auth-bypass-bug-immediately/
BleepingComputer
Ivanti: Patch new Connect Secure auth bypass bug immediately
Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately.
Hyundai Motor Europe hit by Black Basta ransomware attack
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...]
https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data. [...]
https://www.bleepingcomputer.com/news/security/hyundai-motor-europe-hit-by-black-basta-ransomware-attack/
BleepingComputer
Hyundai Motor Europe hit by Black Basta ransomware attack
Car maker Hyundai Motor Europe suffered a Black Basta ransomware attack, with the threat actors claiming to have stolen three terabytes of corporate data.
Microsoft fixes Copilot issue blocking Windows 11 upgrades
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-copilot-issue-blocking-windows-11-upgrades/
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-copilot-issue-blocking-windows-11-upgrades/
BleepingComputer
Microsoft fixes Copilot issue blocking Windows 11 upgrades
Microsoft has lifted a compatibility hold that blocked upgrades to Windows 11 23H2 after resolving an issue that caused desktop icons to move erratically when using Windows Copilot on multi-monitor systems.
New Fortinet RCE flaw in SSL VPN likely exploited in attacks
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-flaw-in-ssl-vpn-likely-exploited-in-attacks/
BleepingComputer
New Fortinet RCE flaw in SSL VPN likely exploited in attacks
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.
Americans lost record $10 billion to fraud in 2023, FTC warns
The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. [...]
https://www.bleepingcomputer.com/news/security/americans-lost-record-10-billion-to-fraud-in-2023-ftc-warns/
The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year. [...]
https://www.bleepingcomputer.com/news/security/americans-lost-record-10-billion-to-fraud-in-2023-ftc-warns/
BleepingComputer
Americans lost record $10 billion to fraud in 2023, FTC warns
The U.S. Federal Trade Commission (FTC) says Americans lost over $10 billion to scammers in 2023, marking a 14% increase in reported losses compared to the previous year.
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. [...]
https://www.bleepingcomputer.com/news/security/new-rustdoor-macos-malware-impersonates-visual-studio-update/
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang. [...]
https://www.bleepingcomputer.com/news/security/new-rustdoor-macos-malware-impersonates-visual-studio-update/
BleepingComputer
New RustDoor macOS malware impersonates Visual Studio update
A new Rust-based macOS malware spreading as a Visual Studio update to provide backdoor access to compromised systems uses infrastructure linked to the infamous ALPHV/BlackCat ransomware gang.
❤1
Microsoft: Outlook clients not syncing over Exchange ActiveSync
Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-clients-not-syncing-over-exchange-activesync/
Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-clients-not-syncing-over-exchange-activesync/
BleepingComputer
Microsoft: Outlook clients not syncing over Exchange ActiveSync
Microsoft warned Outlook for Microsoft 365 users that clients might have issues connecting to email servers via Exchange ActiveSync after a January update.
Canada to ban the Flipper Zero to stop surge in car thefts
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. [...]
https://www.bleepingcomputer.com/news/security/canada-to-ban-the-flipper-zero-to-stop-surge-in-car-thefts/
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars. [...]
https://www.bleepingcomputer.com/news/security/canada-to-ban-the-flipper-zero-to-stop-surge-in-car-thefts/
BleepingComputer
Canada to ban the Flipper Zero to stop surge in car thefts
The Canadian government plans to ban the Flipper Zero and similar devices after tagging them as tools thieves can use to steal cars.
😁4👏2💩1
New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. [...]
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday. [...]
https://www.bleepingcomputer.com/news/security/new-fortinet-rce-bug-is-actively-exploited-cisa-confirms/
BleepingComputer
New Fortinet RCE bug is actively exploited, CISA confirms
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.