Hackers exploit Ivanti SSRF flaw to deploy new DSLog backdoor

Hackers are exploiting a server-side request forgery (SSRF) vulnerability in Ivanti Connect Secure, Policy Secure, and ZTA gateways to deploy the new DSLog backdoor on vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-ivanti-ssrf-flaw-to-deploy-new-dslog-backdoor/

 CISA: Roundcube email server bug now exploited in attacks

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting (XSS) attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-roundcube-email-server-bug-now-exploited-in-attacks/

 Ongoing Microsoft Azure account hijacking campaign targets executives

A phishing campaign detected in late November 2023 has compromised hundreds of user accounts in dozens of Microsoft Azure environments, including those of senior executives. [...]

https://www.bleepingcomputer.com/news/security/ongoing-microsoft-azure-account-hijacking-campaign-targets-executives/

 Microsoft tests Windows 11 ‘Super Resolution’ AI-upscaling for gamers

Microsoft is testing a new "Automatic Super Resolution" AI-assisted upscaling feature that increases the video and image quality of supported games while also making them run more smoothly. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-windows-11-super-resolution-ai-upscaling-for-gamers/

 FCC orders telecom carriers to report PII data breaches within 30 days

Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. [...]

https://www.bleepingcomputer.com/news/security/fcc-orders-telecom-carriers-to-report-pii-data-breaches-within-30-days/

 FBI seizes Warzone RAT infrastructure, arrests malware vendor

The FBI dismantled the Warzone RAT malware operation, seizing infrastructure and arresting two individuals associated with the cybercrime operation. [...]

https://www.bleepingcomputer.com/news/security/fbi-seizes-warzone-rat-infrastructure-arrests-malware-vendor/

 Bank of America warns customers of data breach after vendor hack

Bank of America is warning customers of a data breach exposing their personal information after one of its service providers was hacked last year. [...]

https://www.bleepingcomputer.com/news/security/bank-of-america-warns-customers-of-data-breach-after-vendor-hack/

 5 Steps to Improve Your Security Posture in Microsoft Teams

Microsoft Teams is susceptible to a growing number of cybersecurity threats as its massive user base is an attractive target for cybercriminals. Learn more from Adaptive Shield on how to increase your Microsoft Teams security posture. [...]

https://www.bleepingcomputer.com/news/security/5-steps-to-improve-your-security-posture-in-microsoft-teams/

 Bumblebee malware attacks are back after 4-month break

The Bumblebee malware has returned after a four-month vacation, targeting thousands of organizations in the United States in phishing campaigns. [...]

https://www.bleepingcomputer.com/news/security/bumblebee-malware-attacks-are-back-after-4-month-break/

 Hackers steal $290 million in crypto from PlayDapp gaming platform

Hackers are believed to have used a stolen private key to mint and steal over $290 million in PLA tokens, a cryptocurrency used within the PlayDapp ecosystem. [...]

https://www.bleepingcomputer.com/news/security/hackers-steal-290-million-in-crypto-from-playdapp-gaming-platform/

 Windows 11 KB5034765 update released with Start Menu fixes

Microsoft has released the KB5034765 cumulative update for Windows versions 23H2 and 22H2 to fix several bugs in the OS, including an issue that causes problems with the Start menu. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5034765-update-released-with-start-menu-fixes/

 Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws

Today is Microsoft's February 2024 Patch Tuesday, which includes security updates for 73 flaws and two actively exploited zero-days. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-february-2024-patch-tuesday-fixes-2-zero-days-73-flaws/

 Integris Health says data breach impacts 2.4 million patients

Integris Health has reported to U.S. authorities that the data breach it suffered last November exposed personal information belonging to almost 2.4 million people. [...]

https://www.bleepingcomputer.com/news/security/integris-health-says-data-breach-impacts-24-million-patients/

 200,000 Facebook Marketplace user records leaked on hacking forum

A threat actor leaked 200,000 records on a hacker forum, claiming they contained the mobile phone numbers, email addresses, and other personal information of Facebook Marketplace users. [...]

https://www.bleepingcomputer.com/news/security/200-000-facebook-marketplace-user-records-leaked-on-hacking-forum/

 Windows 10 KB5034763 update released with new fixes, changes

Microsoft has released the KB5034763 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes a small number of changes, including the continued rollout of changes to comply with Europe's Digital Markets Act (DMA). [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034763-update-released-with-new-fixes-changes/

 Hackers used new Windows Defender zero-day to drop DarkMe malware

Microsoft has patched today a Windows Defender SmartScreen zero-day exploited in the wild by a financially motivated threat group to deploy the DarkMe remote access trojan (RAT). [...]

https://www.bleepingcomputer.com/news/security/hackers-used-new-windows-defender-zero-day-to-drop-darkme-malware/

 Prudential Financial breached in data theft cyberattack

Prudential Financial has disclosed that its network was breached last week, with the attackers stealing employee and contractor data before being blocked from compromised systems one day later. [...]

https://www.bleepingcomputer.com/news/security/prudential-financial-breached-in-data-theft-cyberattack/

 DuckDuckGo browser gets end-to-end encrypted sync feature

The DuckDuckGo browser has unveiled a new end-to-end encrypted Sync & Backup feature that lets users privately and securely synchronize their bookmarks, passwords, and Email Protection settings across multiple devices. [...]

https://www.bleepingcomputer.com/news/security/duckduckgo-browser-gets-end-to-end-encrypted-sync-feature/

 Trans-Northern Pipelines investigating ALPHV ransomware attack claims

Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it's now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/trans-northern-pipelines-investigating-alphv-ransomware-attack-claims/

 Ubuntu 'command-not-found' tool can be abused to spread malware

A logic flaw between Ubuntu's 'command-not-found' package suggestion system and the snap package repository could enable attackers to promote malicious Linux packages to unsuspecting users. [...]

https://www.bleepingcomputer.com/news/security/ubuntu-command-not-found-tool-can-be-abused-to-spread-malware/

 German battery maker Varta halts production after cyberattack

Battery maker VARTA AG announced yesterday that it was targeted by a cyberattack that forced it to shut down IT systems, causing production to stop at its plants. [...]

https://www.bleepingcomputer.com/news/security/german-battery-maker-varta-halts-production-after-cyberattack/