Russian hackers use new Lunar malware to breach a European govt's agencies

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. [...]

https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-lunar-malware-to-breach-a-european-govts-agencies/

 MediSecure e-script firm hit by ‘large-scale’ ransomware data breach

Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. [...]

https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/

 Microsoft shares temp fix for Outlook encrypted email reply issues

​Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-encrypted-email-reply-issues/

 Norway recommends replacing SSL VPN to prevent breaches

The Norwegian National Cyber Security Centre (NCSC) recommends replacing SSLVPN/WebVPN solutions with alternatives due to the repeated exploitation of related vulnerabilities in edge network devices to breach corporate networks. [...]

https://www.bleepingcomputer.com/news/security/norway-recommends-replacing-ssl-vpn-to-prevent-breaches/

 Five charged for cyber schemes to benefit North Korea's weapons program

​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. [...]

https://www.bleepingcomputer.com/news/security/five-charged-for-cyber-schemes-to-benefit-north-koreas-weapons-program/

 WebTPA data breach impacts 2.4 million insurance policyholders

The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. [...]

https://www.bleepingcomputer.com/news/security/webtpa-data-breach-impacts-24-million-insurance-policyholders/

 US arrests suspects behind $73M ‘pig butchering’ laundering scheme

​The U.S. Department of Justice charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as "pig butchering." [...]

https://www.bleepingcomputer.com/news/security/us-arrests-suspects-behind-73m-pig-butchering-laundering-scheme/

 SEC: Financial orgs have 30 days to send data breach notifications

The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. [...]

https://www.bleepingcomputer.com/news/security/sec-financial-orgs-have-30-days-to-send-data-breach-notifications/

 Microsoft to start enforcing Azure multi-factor authentication in July

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-will-start-enforcing-azure-multi-factor-authentication-MFA-in-july-2024/

 The Week in Ransomware - May 17th 2024 - Mailbombing is back

This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-17th-2024-mailbombing-is-back/

 Android malware Grandoreiro returns after police disruption

The Android banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. [...]

https://www.bleepingcomputer.com/news/security/android-malware-grandoreiro-returns-after-police-disruption/

 Ransomware gang targets Windows admins via PuTTy, WinSCP malvertising

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-targets-windows-admins-via-putty-winscp-malvertising/

 CISA warns of hackers exploiting Chrome, EoL D-Link bugs

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three security vulnerabilities to its 'Known Exploited Vulnerabilities' catalog, one impacting Google Chrome and two affecting some D-Link routers. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-exploiting-chrome-eol-d-link-bugs/

 Frustration grows over Google's AI Overviews feature, how to disable

Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. However, there are ways to turn it off using a new "Web" search mode, which we explain in this article.. [...]

https://www.bleepingcomputer.com/news/google/frustration-grows-over-googles-ai-overviews-feature-how-to-disable/

 American Radio Relay League cyberattack takes Logbook of the World offline

The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. [...]

https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline/

 QNAP QTS zero-day in Share feature gets public RCE exploit

An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. [...]

https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/

 New BiBi Wiper version also destroys the disk partition table

A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. [...]

https://www.bleepingcomputer.com/news/security/new-bibi-wiper-version-also-destroys-the-disk-partition-table/

 Windows 11 Recall AI feature will record everything you do on your PC

Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-recall-ai-feature-will-record-everything-you-do-on-your-pc/

 Owner of Incognito dark web drugs market arrested in New York

The alleged owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. [...]

https://www.bleepingcomputer.com/news/security/owner-of-incognito-dark-web-drugs-market-arrested-in-new-york/

 OmniVision discloses data breach after 2023 ransomware attack

The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. [...]

https://www.bleepingcomputer.com/news/security/omnivision-discloses-data-breach-after-2023-ransomware-attack/

 Critical Fluent Bit flaw impacts all major cloud providers

​A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. [...]

https://www.bleepingcomputer.com/news/security/critical-fluent-bit-flaw-impacts-all-major-cloud-providers/