Over 1,400 CrushFTP servers vulnerable to actively exploited bug

​Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. [...]

https://www.bleepingcomputer.com/news/security/over-1-400-crushftp-servers-vulnerable-to-actively-exploited-bug/

 Reddit down in major outage blocking access to web, mobile apps

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps. [...]

https://www.bleepingcomputer.com/news/technology/reddit-down-in-major-outage-blocking-access-to-web-mobile-apps/

 Researchers sinkhole PlugX malware server with 2.5 million unique IPs

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [...]

https://www.bleepingcomputer.com/news/security/researchers-sinkhole-plugx-malware-server-with-25-million-unique-ips/

 LA County Health Services: Patients' data exposed in phishing attack

The L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. [...]

https://www.bleepingcomputer.com/news/security/la-county-health-services-patients-data-exposed-in-phishing-attack/

 FBI warns against using unlicensed crypto transfer services

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-unlicensed-crypto-transfer-services/

 Kaiser Permanente: Data breach may impact 13.4 million patients

Healthcare service provider Kaiser Permanente disclosed a data security incident that may impact 13.4 million people in the United States. [...]

https://www.bleepingcomputer.com/news/security/kaiser-permanente-data-breach-may-impact-134-million-patients/

 Fake job interviews target developers with new Python backdoor

A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). [...]

https://www.bleepingcomputer.com/news/security/fake-job-interviews-target-developers-with-new-python-backdoor/

 Telegram is down with "Connecting" error

Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. [...]

https://www.bleepingcomputer.com/news/technology/telegram-is-down-with-connecting-error/

 Okta warns of "unprecedented" credential stuffing attacks on customers

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. [...]

https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/

 Japanese police create fake support scam payment cards to warn victims

Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. [...]

https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/

 Google Chrome's new post-quantum cryptography may break TLS connections

Some ​Google Chrome users report having issues connecting to websites, servers, and firewalls after Chrome 124 was released last week with the new quantum-resistant X25519Kyber768 encapsulation mechanism enabled by default. [...]

https://www.bleepingcomputer.com/news/security/google-chromes-new-post-quantum-cryptography-may-break-tls-connections/

 US Post Office phishing sites get as much traffic as the real one

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. [...]

https://www.bleepingcomputer.com/news/security/us-post-office-phishing-sites-get-as-much-traffic-as-the-real-one/

 Collection agency FBCS warns data breach impacts 1.9 million people

Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. [...]

https://www.bleepingcomputer.com/news/security/collection-agency-fbcs-warns-data-breach-impacts-19-million-people/

 Microsoft fixes bug behind incorrect BitLocker encryption errors

Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-incorrect-bitlocker-encryption-errors/

 Google rejected 2.28 million risky Android apps from Play store in 2023

Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. [...]

https://www.bleepingcomputer.com/news/security/google-rejected-228-million-risky-android-apps-from-play-store-in-2023/

 FBI warns of fake verification schemes targeting dating app users

The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/

 London Drugs pharmacy chain closes stores after cyberattack

​Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident." [...]

https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cyberattack/

 FCC fines carriers $200 million for illegally sharing user location

​The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers' real-time location data without their consent. [...]

https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location/

 Muddling Meerkat hackers manipulate DNS using China’s Great Firewall

A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. [...]

https://www.bleepingcomputer.com/news/security/muddling-meerkat-hackers-manipulate-dns-using-chinas-great-firewall/

 Change Healthcare hacked using stolen Citrix account with no MFA

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [...]

https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/

 New Wpeeper Android malware hides behind hacked WordPress sites

A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. [...]

https://www.bleepingcomputer.com/news/security/new-wpeeper-android-malware-hides-behind-hacked-wordpress-sites/