Fake CrowdStrike repair manual pushes new infostealer malware

CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [...]

https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/

 Verizon to pay $16 million in TracFone data breach settlement

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. [...]

https://www.bleepingcomputer.com/news/security/verizon-to-pay-16-million-in-tracfone-data-breach-settlement/

 FrostyGoop malware attack cut off heat in Ukraine during winter

Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. [...]

https://www.bleepingcomputer.com/news/security/frostygoop-malware-attack-cut-off-heat-in-ukraine-during-winter/

 BreachForums v1 hacking forum data leak exposes members’ info

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...]

https://www.bleepingcomputer.com/news/security/breachforums-v1-hacking-forum-data-leak-exposes-members-info/

 DeFi exchange dYdX v3 website hacked in DNS hijack attack

Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [...]

https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/

 Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak

Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5040525-fixes-wdac-issues-causing-app-failures-memory-leak/

 Hamster Kombat’s 250 million players targeted in malware attacks

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/hamster-kombats-250-million-players-targeted-in-android-windows-malware-attacks/

 Chinese hackers deploy new Macma macOS backdoor version

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. [...]

https://www.bleepingcomputer.com/news/security/evasive-panda-hackers-deploy-new-macma-macos-backdoor-version/

 BreachForums v1 database leak is an OPSEC test for hackers

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [...]

https://www.bleepingcomputer.com/news/security/breachforums-v1-database-leak-is-an-opsec-test-for-hackers/

 Windows July security updates send PCs into BitLocker recovery

Microsoft warned that some Windows devices will boot into BitLocker recovery after installing the July 2024 Windows security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-july-security-updates-send-pcs-into-bitlocker-recovery/

 Hot topics: Can’t-miss sessions at Mandiant’s 2024 mWISE event

Now that the mWISE 2024 session catalog is out, it's time to take a closer look at the topics. Learn more from @mWISEConference about the three hottest tracks in this year's conference. [...]

https://www.bleepingcomputer.com/news/security/hot-topics-cant-miss-sessions-at-mandiants-2024-mwise-event/

 CrowdStrike: 'Content Validator' bug let faulty update pass checks

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [...]

https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass-checks/

 Google Chrome now warns about risky password-protected archives

Google Chrome now warns when downloading risky password-protected files and provides improved alerts with more information about potentially malicious downloaded files. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-now-warns-about-risky-password-protected-archives/

 KnowBe4 mistakenly hires North Korean hacker, faces infostealer attack

American cybersecurity company KnowBe4 says a person it recently hired as a Principal Software Engineer turned out to be a North Korean state actor who attempted to install information-stealing on its devices. [...]

https://www.bleepingcomputer.com/news/security/knowbe4-mistakenly-hires-north-korean-hacker-faces-infostealer-attack/

 Microsoft fixes bug behind Windows 10 Connected Cache delivery issues

Microsoft has fixed a known Windows 10 update issue that broke Microsoft Connected Cache (MCC) node discovery on enterprise networks. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-windows-10-connected-cache-delivery-issues/

 Docker fixes critical 5-year old authentication bypass flaw

Docker has issued security updates to address a critical vulnerability impacting certain versions of Docker Engine that could allow an attacker to bypass authorization plugins (AuthZ) under certain circumstances. [...]

https://www.bleepingcomputer.com/news/security/docker-fixes-critical-5-year-old-authentication-bypass-flaw/

 Over 3,000 GitHub accounts used by malware distribution service

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [...]

https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/

 Why Multivendor Cybersecurity Stacks Are Increasingly Obsolete

Multivendor tech stacks are costly and complex to integrate and manage. Learn more from Cynet about how an All-in-One approach reduces costs for MSPs and SMEs, while offering increased security. [...]

https://www.bleepingcomputer.com/news/security/why-multivendor-cybersecurity-stacks-are-increasingly-obsolete/

 French police push PlugX malware self-destruct payload to clean PCs

The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France. [...]

https://www.bleepingcomputer.com/news/security/french-police-push-plugx-malware-self-destruct-payload-to-clean-pcs/

 Progress warns of critical RCE bug in Telerik Report Server

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. [...]

https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/

 Meta nukes massive Instagram sextortion network of 63,000 accounts

Meta has removed 63,000 Instagram accounts from Nigeria that were involved in sextortion scams, including a coordinated network of 2,500 accounts linked to 20 individuals targeting primarily adult men in the United States. [...]

https://www.bleepingcomputer.com/news/security/meta-nukes-massive-instagram-sextortion-network-of-63-000-accounts/