Spa Grand Prix email account hacked to phish banking info from fans

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [...]

https://www.bleepingcomputer.com/news/security/spa-grand-prix-email-account-hacked-to-phish-banking-info-from-fans/

 New Windows Server updates cause domain controller crashes, reboots

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots/

 Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [...]

https://www.bleepingcomputer.com/news/security/windows-11-tesla-and-ubuntu-linux-hacked-at-pwn2own-vancouver/

 Microsoft confirms Windows Server issue behind domain controller crashes

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-server-issue-behind-domain-controller-crashes/

 What the Latest Ransomware Attacks Teach About Defending Networks

Recent ransomware attacks have shared valuable lessons on how to limit risk to your own networks. Learn from Blink Ops about how organizations can limit their ransomware risk. [...]

https://www.bleepingcomputer.com/news/security/what-the-latest-ransomware-attacks-teach-about-defending-networks/

 Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/

 Evasive Sign1 malware campaign infects 39,000 WordPress sites

A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. [...]

https://www.bleepingcomputer.com/news/security/evasive-sign1-malware-campaign-infects-39-000-wordpress-sites/

 Unsaflok flaw can let hackers unlock millions of hotel doors

Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards. [...]

https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/

 KDE advises extreme caution after theme wipes Linux user's files

On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. [...]

https://www.bleepingcomputer.com/news/linux/kde-advises-extreme-caution-after-theme-wipes-linux-users-files/

 Windows 11 Notepad finally gets spellcheck and autocorrect

Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-notepad-finally-gets-spellcheck-and-autocorrect/

 Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver

Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions). [...]

https://www.bleepingcomputer.com/news/security/hackers-earn-1-132-500-for-29-zero-days-at-pwn2own-vancouver/

 New GoFetch attack on Apple Silicon CPUs can steal crypto keys

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. [...]

https://www.bleepingcomputer.com/news/security/new-gofetch-attack-on-apple-silicon-cpus-can-steal-crypto-keys/

 Darknet marketplace Nemesis Market seized by German police

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. [...]

https://www.bleepingcomputer.com/news/security/darknet-marketplace-nemesis-market-seized-by-german-police/

 Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own

Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. [...]

https://www.bleepingcomputer.com/news/security/mozilla-fixes-two-firefox-zero-day-bugs-exploited-at-pwn2own/

 Russian hackers target German political parties with WineLoader malware

Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. [...]

https://www.bleepingcomputer.com/news/security/russian-hackers-target-german-political-parties-with-wineloader-malware/

 Microsoft releases emergency fix for Windows Server crashes

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fix-for-windows-server-crashes/

 Microsoft to shut down 50 cloud services for Russian businesses

Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-shut-down-50-cloud-services-for-russian-businesses/

 Opera sees big jump in EU users on iOS, Android after DMA update

Opera has reported a substantial 164% increase in new European Union users on iOS devices after Apple introduced a new feature to comply with the EU's Digital Markets Act (DMA). [...]

https://www.bleepingcomputer.com/news/technology/opera-sees-big-jump-in-eu-users-on-ios-android-after-dma-update/

 Over 100 US and EU orgs targeted in StrelaStealer malware attacks

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [...]

https://www.bleepingcomputer.com/news/security/over-100-us-and-eu-orgs-targeted-in-strelastealer-malware-attacks/

 Google's new AI search results promotes sites pushing malware, scams

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [...]

https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/

 New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. [...]

https://www.bleepingcomputer.com/news/security/new-zenhammer-memory-attack-impacts-amd-zen-cpus/