Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million

Two Chinese nationals face 20 years in prison after being caught and convicted of submitting over 5,000 fake iPhones worth more than $3 million to Apple with the goal of having them replaced with genuine devices. [...]

https://www.bleepingcomputer.com/news/security/fraudsters-tried-to-scam-apple-out-of-5-000-iphones-worth-over-3-million/

 Hackers abuse Google Cloud Run in massive banking trojan campaign

Security researchers are warning of hackers abusing the Google Cloud Run service to distribute massive volumes of banking trojans like Astaroth, Mekotio, and Ousaban. [...]

https://www.bleepingcomputer.com/news/security/hackers-abuse-google-cloud-run-in-massive-banking-trojan-campaign/

 Microsoft finally expands free logging—but only for govt agencies

Microsoft has expanded free Purview Audit logging capabilities for all U.S. federal agencies six months after disclosing that Chinese hackers stole U.S. government emails undetected in an Exchange Online breach between May and June 2023. [...]

https://www.bleepingcomputer.com/news/security/microsoft-finally-expands-free-logging-but-only-for-govt-agencies/

 Joomla fixes XSS flaws that could expose sites to RCE attacks

Five vulnerabilities have been discovered in the Joomla content management system that could be leveraged to execute arbitrary code on vulnerable websites. [...]

https://www.bleepingcomputer.com/news/security/joomla-fixes-xss-flaws-that-could-expose-sites-to-rce-attacks/

 LockBit ransomware secretly building next-gen encryptor before takedown

LockBit ransomware developers were secretly building a new version of their file encrypting malware, dubbed LockBit-NG-Dev - likely a future LockBit 4.0, when law enforcement took down the cybercriminal's infrastructure earlier this week. [...]

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-secretly-building-next-gen-encryptor-before-takedown/

 Massive AT&T outage impacts US mobile subscribers

Tens of thousands of U.S. customers from Verizon, T-Mobile, and AT&T have been complaining about lack of wireless service or interruptions on Thursday morning. [...]

https://www.bleepingcomputer.com/news/mobile/massive-atandt-outage-impacts-us-mobile-subscribers/

 FTC to ban Avast from selling browsing data for advertising purposes

The U.S. Federal Trade Commission (FTC) will order Avast to pay $16.5 million and ban the company from selling the users' web browsing data or licensing it for advertising purposes. [...]

https://www.bleepingcomputer.com/news/security/ftc-to-ban-avast-from-selling-browsing-data-for-advertising-purposes/

 ScreenConnect servers hacked in LockBit ransomware attacks

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. [...]

https://www.bleepingcomputer.com/news/security/screenconnect-servers-hacked-in-lockbit-ransomware-attacks/

 Bitwarden’s new auto-fill option adds phishing resistance

The Bitwarden open-source password management service has introduced a new inline auto-fill menu that addresses the risk of user credentials being stolen through malicious form fields. [...]

https://www.bleepingcomputer.com/news/security/bitwardens-new-auto-fill-option-adds-phishing-resistance/

 Microsoft now force installing Windows 11 23H2 on eligible PCs

Microsoft has started force installing Windows 11 23H2 on eligible devices that have reached or are close to their end-of-servicing date. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-force-installing-windows-11-23h2-on-eligible-pcs/

 Microsoft has started testing Wi-Fi 7 support in Windows 11

Microsoft is testing support for Wi-Fi 7 in Windows 11, which offers multi-gigabit speeds and improved throughput, latency, and reliability compared to previous Wi-Fi generations. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-has-started-testing-wi-fi-7-support-in-windows-11/

 UnitedHealth confirms Optum hack behind US healthcare billing outage

Healthcare giant UnitedHealth Group confirmed that its subsidiary Optum was forced to shut down IT systems and various services after a cyberattack by "nation-state" hackers on the Change Healthcare platform. [...]

https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-optum-hack-behind-us-healthcare-billing-outage/

 Windows Photos gets AI magic eraser on Windows 10 and later

Microsoft's Windows Photos app now has its own generative erase tool that enables users to replace unwanted objects with AI-generated content. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-photos-gets-ai-magic-eraser-on-windows-10-and-later/

 U-Haul says hacker accessed customer records using stolen creds

U-Haul has started informing customers that a hacker used stolen account credentials to access an internal system for dealers and team members to track customer reservations. [...]

https://www.bleepingcomputer.com/news/security/u-haul-says-hacker-accessed-customer-records-using-stolen-creds/

 LockBit ransomware gang has over $110 million in unspent bitcoin

The LockBit ransomware gang received more than $125 million in ransom payments over the past 18 months, according to the analysis of hundreds of cryptocurrency wallets associated with the operation. [...]

https://www.bleepingcomputer.com/news/security/lockbit-ransomware-gang-has-over-110-million-in-unspent-bitcoin/

 Google Pay app shutting down in US, users have till June to move funds

Google is retiring the standalone Pay app in the United States. Users have until June 4 to transfer the balance to bank accounts. [...]

https://www.bleepingcomputer.com/news/software/google-pay-app-shutting-down-in-us-users-have-till-june-to-move-funds/

 Insomniac Games alerts employees hit by ransomware data breach

Sony subsidiary Insomniac Games is sending data breach notification letters to employees whose personal information was stolen and leaked online following a Rhysida ransomware attack in November. [...]

https://www.bleepingcomputer.com/news/security/insomniac-games-alerts-employees-hit-by-ransomware-data-breach/

 FTC sues H&R Block over deceptive 'free' online filing ads

The U.S. Federal Trade Commission (FTC) sued tax preparation giant H&R Block over the company's deceptive "free" online filing advertising and for pressuring people into overpaying for its services. [...]

https://www.bleepingcomputer.com/news/technology/ftc-sues-handr-block-over-deceptive-free-online-filing-ads/

 Apple adds PQ3 quantum-resistant encryption to iMessage

Apple is adding to the iMessage instant messaging service a new post-quantum cryptographic protocol named PQ3, designed to defend encryption from quantum attacks. [...]

https://www.bleepingcomputer.com/news/security/apple-adds-pq3-quantum-resistant-encryption-to-imessage/

 RCMP investigating cyber attack as its website remains down

The Royal Canadian Mounted Police (RCMP), Canada's national police force has disclosed that it recently faced a cyber attack targeting its networks. The federal body has started its criminal investigation into the matter as it works to determine the scope of the security breach. [...]

https://www.bleepingcomputer.com/news/security/rcmp-investigating-cyber-attack-as-its-website-remains-down/

 PayPal files patent for new method to detect stolen cookies

PayPal has filed a patent application for a novel method that can identify when "super-cookie" is stolen, which could improve the cookie-based authentication mechanism and limit account takeover attacks. [...]

https://www.bleepingcomputer.com/news/security/paypal-files-patent-for-new-method-to-detect-stolen-cookies/