Hackers exploit Ray framework flaw to breach servers, hijack resources
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-ray-framework-flaw-to-breach-servers-hijack-resources/
BleepingComputer
Hackers exploit Ray framework flaw to breach servers, hijack resources
A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.
Germany warns of 17K vulnerable Microsoft Exchange servers exposed online
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [...]
https://www.bleepingcomputer.com/news/security/germany-warns-of-17k-vulnerable-microsoft-exchange-servers-exposed-online/
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [...]
https://www.bleepingcomputer.com/news/security/germany-warns-of-17k-vulnerable-microsoft-exchange-servers-exposed-online/
BleepingComputer
Germany warns of 17K vulnerable Microsoft Exchange servers exposed online
The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities.
$700 cybercrime software turns Raspberry Pi into an evasive fraud tool
Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools. [...]
https://www.bleepingcomputer.com/news/security/700-cybercrime-software-turns-raspberry-pi-into-an-evasive-fraud-tool/
Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools. [...]
https://www.bleepingcomputer.com/news/security/700-cybercrime-software-turns-raspberry-pi-into-an-evasive-fraud-tool/
BleepingComputer
$700 cybercrime software turns Raspberry Pi into an evasive fraud tool
Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools.
Finland confirms APT31 hackers behind 2021 parliament breach
The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. [...]
https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/
The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021. [...]
https://www.bleepingcomputer.com/news/security/finland-confirms-apt31-hackers-behind-2021-parliament-breach/
BleepingComputer
Finland confirms APT31 hackers behind 2021 parliament breach
The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.
🔥2👍1
Windows 10 KB5035941 update released with lock screen widgets
Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5035941-update-released-with-lock-screen-widgets/
Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5035941-update-released-with-lock-screen-widgets/
BleepingComputer
Windows 10 KB5035941 update released with lock screen widgets
Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes.
Windows 11 KB5035942 update enables Moment 5 features for everyone
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5035942-update-enables-moment-5-features-for-everyone/
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5035942-update-enables-moment-5-features-for-everyone/
BleepingComputer
Windows 11 KB5035942 update enables Moment 5 features for everyone
Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues.
Google: Spyware vendors behind 50% of zero-days exploited in 2023
Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. [...]
https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/
Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients. [...]
https://www.bleepingcomputer.com/news/security/google-spyware-vendors-behind-50-percent-of-zero-days-exploited-in-2023/
BleepingComputer
Google: Spyware vendors behind 50% of zero-days exploited in 2023
Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.
Ransomware as a Service and the Strange Economics of the Dark Web
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next. [...]
https://www.bleepingcomputer.com/news/security/ransomware-as-a-service-and-the-strange-economics-of-the-dark-web/
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next. [...]
https://www.bleepingcomputer.com/news/security/ransomware-as-a-service-and-the-strange-economics-of-the-dark-web/
BleepingComputer
Ransomware as a Service and the Strange Economics of the Dark Web
Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.
KuCoin charged with AML violations that let cybercriminals launder billions
The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/kucoin-charged-with-aml-violations-that-let-cybercriminals-launder-billions/
The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/kucoin-charged-with-aml-violations-that-let-cybercriminals-launder-billions/
BleepingComputer
KuCoin charged with AML violations that let cybercriminals launder billions
The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money.
CISA tags Microsoft SharePoint RCE bug as actively exploited
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-sharepoint-rce-bug-as-actively-exploited/
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-sharepoint-rce-bug-as-actively-exploited/
BleepingComputer
CISA tags Microsoft SharePoint RCE bug as actively exploited
CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.
👍1
INC Ransom threatens to leak 3TB of NHS Scotland stolen data
The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. [...]
https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-stolen-data/
The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland. [...]
https://www.bleepingcomputer.com/news/security/inc-ransom-threatens-to-leak-3tb-of-nhs-scotland-stolen-data/
BleepingComputer
INC Ransom threatens to leak 3TB of NHS Scotland stolen data
The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland.
Google fixes Chrome zero-days exploited at Pwn2Own 2024
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-days-exploited-at-pwn2own-2024/
BleepingComputer
Google fixes Chrome zero-days exploited at Pwn2Own 2024
Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.
Windows 11 22H2 Home and Pro get preview updates until June 26
Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-22h2-home-and-pro-get-preview-updates-until-june-26/
Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-22h2-home-and-pro-get-preview-updates-until-june-26/
BleepingComputer
Windows 11 22H2 Home and Pro get preview updates until June 26
Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26.
New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [...]
https://www.bleepingcomputer.com/news/security/new-darcula-phishing-service-targets-iphone-users-via-imessage/
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [...]
https://www.bleepingcomputer.com/news/security/new-darcula-phishing-service-targets-iphone-users-via-imessage/
BleepingComputer
New Darcula phishing service targets iPhone users via iMessage
A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.
How Pentesting-as-a-Service can Reduce Overall Security Costs
Penetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings. [...]
https://www.bleepingcomputer.com/news/security/how-pentesting-as-a-service-can-reduce-overall-security-costs/
Penetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings. [...]
https://www.bleepingcomputer.com/news/security/how-pentesting-as-a-service-can-reduce-overall-security-costs/
BleepingComputer
How Pentesting-as-a-Service can Reduce Overall Security Costs
Penetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings.
👍6
Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. [...]
https://www.bleepingcomputer.com/news/security/cisco-warns-of-password-spraying-attacks-targeting-vpn-services/
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices. [...]
https://www.bleepingcomputer.com/news/security/cisco-warns-of-password-spraying-attacks-targeting-vpn-services/
BleepingComputer
Cisco warns of password-spraying attacks targeting VPN services
Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.
PyPI suspends new user registration to block malware campaign
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...]
https://www.bleepingcomputer.com/news/security/pypi-suspends-new-user-registration-to-block-malware-campaign/
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...]
https://www.bleepingcomputer.com/news/security/pypi-suspends-new-user-registration-to-block-malware-campaign/
BleepingComputer
PyPI suspends new user registration to block malware campaign
The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign.
Retail chain Hot Topic hit by new credential stuffing attacks
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. [...]
https://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-hit-by-new-credential-stuffing-attacks/
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data. [...]
https://www.bleepingcomputer.com/news/security/retail-chain-hot-topic-hit-by-new-credential-stuffing-attacks/
BleepingComputer
Retail chain Hot Topic hit by new credential stuffing attacks
American retailer Hot Topic disclosed that two waves of credential stuffing attacks in November exposed affected customers' personal information and partial payment data.
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [...]
https://www.bleepingcomputer.com/news/security/decade-old-linux-wall-bug-helps-make-fake-sudo-prompts-steal-passwords/
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [...]
https://www.bleepingcomputer.com/news/security/decade-old-linux-wall-bug-helps-make-fake-sudo-prompts-steal-passwords/
BleepingComputer
Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords
A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command.
Google Podcasts service shuts down in the US next week
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. [...]
https://www.bleepingcomputer.com/news/google/google-podcasts-service-shuts-down-in-the-us-next-week/
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. [...]
https://www.bleepingcomputer.com/news/google/google-podcasts-service-shuts-down-in-the-us-next-week/
BleepingComputer
Google Podcasts service shuts down in the US next week
U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally.
Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. [...]
https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries. [...]
https://www.bleepingcomputer.com/news/security/red-hat-warns-of-backdoor-in-xz-tools-used-by-most-linux-distros/
BleepingComputer
Red Hat warns of backdoor in XZ tools used by most Linux distros
Today, Red Hat warned users to immediately stop using systems running Fedora development and experimental versions because of a backdoor found in the latest XZ Utils data compression tools and libraries.
🤬5👍1