Switzerland: Play ransomware leaked 65,000 government documents

The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [...]

https://www.bleepingcomputer.com/news/security/switzerland-play-ransomware-leaked-65-000-government-documents/

 CISA, NSA share best practices for securing cloud services

The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [...]

https://www.bleepingcomputer.com/news/security/cisa-nsa-share-best-practices-for-securing-cloud-services/

 Microsoft says Russian hackers breached its systems, accessed source code

Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-russian-hackers-breached-its-systems-accessed-source-code/

 UnitedHealth brings some Change Healthcare pharmacy services back online

Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. [...]

https://www.bleepingcomputer.com/news/security/unitedhealth-brings-some-change-healthcare-pharmacy-services-back-online/

 QNAP warns of critical auth bypass flaw in its NAS devices

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/

 Critical Fortinet flaw may impact 150,000 exposed devices

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [...]

https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/

 The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand

We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-8th-2024-waiting-for-the-blackcat-rebrand/

 Magnet Goblin hackers use 1-day flaws to drop custom Linux malware

A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

 Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/

 YouTube stops recommending videos when signed out of Google

YouTube has changed how it works for people not signed into Google account or using incoginto mode, and it's not showing suggested videos anymore. This change, which is being tested with some random users, shows a very simple YouTube homepage without any videos or tips on what to watch. [...]

https://www.bleepingcomputer.com/news/google/youtube-stops-recommending-videos-when-signed-out-of-google/

 Fake Leather wallet app on Apple App Store is a crypto drainer

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [...]

https://www.bleepingcomputer.com/news/security/fake-leather-wallet-app-on-apple-app-store-is-a-crypto-drainer/

 Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [...]

https://www.bleepingcomputer.com/news/security/over-15-000-hacked-roku-accounts-sold-for-50-each-to-buy-hardware/

 Equilend warns employees their data was stolen by ransomware gang

New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/equilend-warns-employees-their-data-was-stolen-by-ransomware-gang/

 Researchers expose Microsoft SCCM misconfigs usable in cyberattacks

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...]

https://www.bleepingcomputer.com/news/security/researchers-expose-microsoft-sccm-misconfigs-usable-in-cyberattacks/

 Okta says data leaked on hacking forum not from its systems

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/okta-says-data-leaked-on-hacking-forum-not-from-its-systems/

 Microsoft says Windows 10 21H2 support is ending in June

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-10-21h2-support-is-ending-in-june/

 Tuta Mail adds new quantum-resistant encryption to protect email

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [...]

https://www.bleepingcomputer.com/news/security/tuta-mail-adds-new-quantum-resistant-encryption-to-protect-email/

 Over 12 million auth secrets and keys leaked on GitHub in 2023

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [...]

https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/

 Google paid $10 million in bug bounty rewards last year

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [...]

https://www.bleepingcomputer.com/news/google/google-paid-10-million-in-bug-bounty-rewards-last-year/

 Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship

The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [...]

https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/

 Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2024-patch-tuesday-fixes-60-flaws-18-rce-bugs/