McDonald's: Global outage was caused by "configuration change"

McDonald's has blamed a third-party service provider's configuration change, not a cyberattack, for the global outage that forced many of its fast-food restaurants to close. [...]

https://www.bleepingcomputer.com/news/technology/mcdonalds-global-outage-was-caused-by-configuration-change/

 International Monetary Fund email accounts hacked in cyberattack

The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. [...]

https://www.bleepingcomputer.com/news/security/international-monetary-fund-email-accounts-hacked-in-cyberattack/

 Hackers exploit Aiohttp bug to find vulnerable networks

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/

 New acoustic attack determines keystrokes from typing patterns

Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. [...]

https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determines-keystrokes-from-typing-patterns/

 Microsoft again bothers Chrome users with Bing popup ads in Windows

Microsoft is once again harassing Google Chrome users on Windows 10 and Windows 11 with popup desktop advertisements promoting Bing and its GPT-4 Bing Chat platform. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-again-bothers-chrome-users-with-bing-popup-ads-in-windows/

 AT&T says leaked data of 70 million people is not from its systems

AT&T says a massive trove of data impacting 71 million people did not originate from its systems after a hacker leaked it on a cybercrime forum and claimed it was stolen in a 2021 breach of the company. [...]

https://www.bleepingcomputer.com/news/security/att-says-leaked-data-of-70-million-people-is-not-from-its-systems/

 How the New NIST 2.0 Guidelines Help Detect SaaS Threats

NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. [...]

https://www.bleepingcomputer.com/news/security/how-the-new-nist-20-guidelines-help-detect-saas-threats/

 Fujitsu found malware on IT systems, confirms data breach

Japanese tech giant Fujitsu discovered that several of its systems were infected by malware and warns that the hackers stole customer data. [...]

https://www.bleepingcomputer.com/news/security/fujitsu-found-malware-on-it-systems-confirms-data-breach/

 Apex Legends players worried about RCE flaw after ALGS hacks

Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament. [...]

https://www.bleepingcomputer.com/news/security/apex-legends-players-worried-about-rce-flaw-after-algs-hacks/

 Microsoft announces deprecation of 1024-bit RSA keys in Windows

Microsoft has announced that RSA keys shorter than 2048 bits will soon be deprecated in Windows Transport Layer Security (TLS) to provide increased security. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-deprecation-of-1024-bit-rsa-keys-in-windows/

 Chinese Earth Krahang hackers breach 70 orgs in 23 countries

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. [...]

https://www.bleepingcomputer.com/news/security/chinese-earth-krahang-hackers-breach-70-orgs-in-23-countries/

 Investment advisers pay $400K to settle ‘AI washing’ charges

The U.S. Securities and Exchange Commission (SEC) announced today that two investment advisers, Delphia (USA) and Global Predictions, have settled charges of making misleading statements regarding the use of artificial intelligence (AI) technology in their products. [...]

https://www.bleepingcomputer.com/news/technology/investment-advisers-pay-400k-to-settle-ai-washing-charges/

 Avoid high cyber insurance costs by improving Active Directory security

With the growing number of data breaches and cyberattacks, insurance premiums are increasing. Learn more from Specops Software about how securing an Activity Directory could lead to lower cyber insurance premiums. [...]

https://www.bleepingcomputer.com/news/security/avoid-high-cyber-insurance-costs-by-improving-active-directory-security/

 New AcidPour data wiper targets Linux x86 network devices

A new destructive malware named AcidPour was spotted in the wild, featuring data-wiper functionality and targeting Linux x86 IoT and networking devices. [...]

https://www.bleepingcomputer.com/news/security/new-acidpour-data-wiper-targets-linux-x86-network-devices/

 Oracle warns that macOS 14.4 update breaks Java on Apple CPUs

Oracle warned Apple customers to delay installing the latest macOS 14.4 Sonoma update because it will break Java on Apple silicon CPUs. [...]

https://www.bleepingcomputer.com/news/apple/oracle-warns-that-macos-144-update-breaks-java-on-apple-cpus/

 Ukraine arrests hackers trying to sell 100 million stolen accounts

The Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. [...]

https://www.bleepingcomputer.com/news/security/ukraine-arrests-hackers-trying-to-sell-100-million-stolen-accounts/

 FTC warns scammers are impersonating its employees to steal money

The U.S. Federal Trade Commission (FTC) warned today that scammers are impersonating its employees to steal thousands of dollars from Americans. [...]

https://www.bleepingcomputer.com/news/security/ftc-warns-scammers-are-impersonating-its-employees-to-steal-money/

 CISA shares critical infrastructure defense tips against Chinese hackers

CISA, the NSA, the FBI, and several other agencies in the U.S. and worldwide warned critical infrastructure leaders to protect their systems against the Chinese Volt Typhoon hacking group. [...]

https://www.bleepingcomputer.com/news/security/cisa-shares-critical-infrastructure-defense-tips-against-chinese-hackers/

 US Defense Dept received 50,000 vulnerability reports since 2016

The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. [...]

https://www.bleepingcomputer.com/news/security/us-defense-dept-received-50-000-vulnerability-reports-since-2016/

 White House and EPA warn of hackers breaching water systems

U.S. National Security Advisor Jake Sullivan and Environmental Protection Agency (EPA) Administrator Michael Regan warned governors today that hackers are "striking" critical infrastructure across the country's water sector. [...]

https://www.bleepingcomputer.com/news/security/white-house-and-epa-warn-of-hackers-breaching-water-systems/

 Misconfigured Firebase instances leaked 19 million plaintext passwords

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [...]

https://www.bleepingcomputer.com/news/security/misconfigured-firebase-instances-leaked-19-million-plaintext-passwords/