QNAP warns of critical auth bypass flaw in its NAS devices

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [...]

https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/

 Critical Fortinet flaw may impact 150,000 exposed devices

Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [...]

https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/

 The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand

We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-8th-2024-waiting-for-the-blackcat-rebrand/

 Magnet Goblin hackers use 1-day flaws to drop custom Linux malware

A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]

https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/

 Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware

Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/

 YouTube stops recommending videos when signed out of Google

YouTube has changed how it works for people not signed into Google account or using incoginto mode, and it's not showing suggested videos anymore. This change, which is being tested with some random users, shows a very simple YouTube homepage without any videos or tips on what to watch. [...]

https://www.bleepingcomputer.com/news/google/youtube-stops-recommending-videos-when-signed-out-of-google/

 Fake Leather wallet app on Apple App Store is a crypto drainer

The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [...]

https://www.bleepingcomputer.com/news/security/fake-leather-wallet-app-on-apple-app-store-is-a-crypto-drainer/

 Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [...]

https://www.bleepingcomputer.com/news/security/over-15-000-hacked-roku-accounts-sold-for-50-each-to-buy-hardware/

 Equilend warns employees their data was stolen by ransomware gang

New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/equilend-warns-employees-their-data-was-stolen-by-ransomware-gang/

 Researchers expose Microsoft SCCM misconfigs usable in cyberattacks

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...]

https://www.bleepingcomputer.com/news/security/researchers-expose-microsoft-sccm-misconfigs-usable-in-cyberattacks/

 Okta says data leaked on hacking forum not from its systems

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [...]

https://www.bleepingcomputer.com/news/security/okta-says-data-leaked-on-hacking-forum-not-from-its-systems/

 Microsoft says Windows 10 21H2 support is ending in June

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-10-21h2-support-is-ending-in-june/

 Tuta Mail adds new quantum-resistant encryption to protect email

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [...]

https://www.bleepingcomputer.com/news/security/tuta-mail-adds-new-quantum-resistant-encryption-to-protect-email/

 Over 12 million auth secrets and keys leaked on GitHub in 2023

GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [...]

https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/

 Google paid $10 million in bug bounty rewards last year

Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [...]

https://www.bleepingcomputer.com/news/google/google-paid-10-million-in-bug-bounty-rewards-last-year/

 Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship

The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [...]

https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/

 Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs

Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2024-patch-tuesday-fixes-60-flaws-18-rce-bugs/

 Windows 10 KB5035845 update released with 9 new changes, fixes

Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5035845-update-released-with-9-new-changes-fixes/

 Windows 11 KB5035853 update released, here's what's new

Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5035853-update-released-heres-whats-new/

 Acer confirms Philippines employee data leaked on hacking forum

Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. [...]

https://www.bleepingcomputer.com/news/security/acer-confirms-philippines-employee-data-leaked-on-hacking-forum/

 Stanford: Data of 27,000 people stolen in September ransomware attack

Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. [...]

https://www.bleepingcomputer.com/news/security/stanford-data-of-27-000-people-stolen-in-september-ransomware-attack/