Netgear warns users to patch auth bypass, XSS router flaws

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [...]

https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-authentication-bypass-xss-router-flaws/

 DNS hijacks target crypto platforms registered with Squarespace

A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. [...]

https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/

 Rite Aid confirms data breach after June ransomware attack

Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. [...]

https://www.bleepingcomputer.com/news/security/rite-aid-confirms-data-breach-after-june-ransomware-attack/

 Critical Exim bug bypasses security filters on 1.5 million mail servers

Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. [...]

https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/

 Microsoft fixes bug causing Windows Update automation issues

Microsoft has resolved a known issue caused by the June 2024 KB5039302 preview update, causing update problems when using Windows Update automation scripts on Windows 11 systems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-windows-update-automation-issues/

 Hackers use PoC exploits in attacks 22 minutes after release

Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. [...]

https://www.bleepingcomputer.com/news/security/hackers-use-poc-exploits-in-attacks-22-minutes-after-release/

 Banks in Singapore to phase out one-time passwords in 3 months

The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. [...]

https://www.bleepingcomputer.com/news/security/banks-in-singapore-to-phase-out-one-time-passwords-in-3-months/

 Facebook ads for Windows desktop themes push info-stealing malware

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/facebook-ads-for-windows-themes-push-sys01-info-stealing-malware/

 June Windows Server updates break Microsoft 365 Defender features

Microsoft has confirmed that Windows Server updates from last month's Patch Tuesday break some Microsoft 365 Defender features that use the network data reporting service. [...]

https://www.bleepingcomputer.com/news/microsoft/june-windows-server-updates-break-microsoft-365-defender-features/

 SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks

The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. [...]

https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/

 Microsoft shares temp fix for Windows 11 Photos not launching

Microsoft has provided a temporary workaround for a known issue preventing the Microsoft Photos app from launching on some Windows 11 systems. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-windows-11-photos-not-launching/

 New BugSleep malware implant deployed in MuddyWater attacks

The Iranian-backed MuddyWatter hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. [...]

https://www.bleepingcomputer.com/news/security/new-bugsleep-malware-implant-deployed-in-muddywater-attacks/

 Kaspersky is shutting down its business in the United States

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [...]

https://www.bleepingcomputer.com/news/security/kaspersky-is-shutting-down-its-business-in-the-united-states/

 Microsoft finally fixes Outlook alerts bug caused by December updates

Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-finally-fixes-outlook-alerts-bug-caused-by-december-updates/

 Microsoft links Scattered Spider hackers to Qilin ransomware attacks

Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. [...]

https://www.bleepingcomputer.com/news/security/microsoft-links-scattered-spider-hackers-to-qilin-ransomware-attacks/

 Rite Aid says June data breach impacts 2.2 million people

Rite Aid, the third-largest drugstore chain in the United States, says that 2.2 million customers' personal information was stolen last month in what it described as a "data security incident." [...]

https://www.bleepingcomputer.com/news/security/rite-aid-says-june-data-breach-impacts-22-million-people/

 Microsoft announces new Windows 'checkpoint' cumulative updates

Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-windows-checkpoint-cumulative-updates/

 Email addresses of 15 million Trello users leaked on hacking forum

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [...]

https://www.bleepingcomputer.com/news/security/email-addresses-of-15-million-trello-users-leaked-on-hacking-forum/

 CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks

​CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/

 Kaspersky offers free security software for six months in U.S. goodbye

Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. [...]

https://www.bleepingcomputer.com/news/security/kaspersky-offers-free-security-software-for-six-months-in-us-goodbye/

 5 steps to automate user access reviews and simplify IT compliance

While SaaS tools are a boon for worker productivity, they introduce complexity when it comes to IT audits and compliance. Learn more from Nudge Security about automating user access reviews to simplify this process. [...]

https://www.bleepingcomputer.com/news/security/5-steps-to-automate-user-access-reviews-and-simplify-it-compliance/