Hackers breach ISP to poison software updates with malware

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [...]

https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-updates-with-malware/

 Linux kernel impacted by new SLUBStick cross-cache attack

A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. [...]

https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/

 Surge in Magniber ransomware attacks impact home users worldwide

[...]

https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/

 Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024

There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. [...]

https://www.bleepingcomputer.com/news/security/countdown-is-on-last-chance-for-discount-registration-at-mandiants-mwise-2024/

 New LianSpy malware hides by blocking Android security feature

A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [...]

https://www.bleepingcomputer.com/news/security/new-lianspy-malware-hides-by-blocking-android-security-feature/

 Keytronic reports losses of over $17 million after ransomware attack

Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. [...]

https://www.bleepingcomputer.com/news/security/keytronic-reports-losses-of-over-17-million-after-ransomware-attack/

 North Korean hackers exploit VPN update flaw to install malware

South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-vpn-update-flaw-to-install-malware/

 Windows Smart App Control, SmartScreen bypass exploited since 2018

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-smart-app-control-smartscreen-bypass-exploited-since-2018/

 Crowdstrike: Delta Air Lines refused free help to resolve IT outage

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [...]

https://www.bleepingcomputer.com/news/security/crowdstrike-delta-air-lines-refused-free-help-to-resolve-it-outage/

 Microsoft Azure outage takes down services across North America

​Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-outage-takes-down-services-across-north-america/

 Ransomware gang targets IT workers with new SharpRhino malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...]

https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/

 Google fixes Android kernel zero-day exploited in targeted attacks

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/

 Proton VPN adds ‘Discreet Icons’ to hide app on Android devices

Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. [...]

https://www.bleepingcomputer.com/news/security/proton-vpn-adds-discreet-icons-to-hide-app-on-android-devices/

 Point of entry: Why hackers target stolen credentials for initial access

Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. [...]

https://www.bleepingcomputer.com/news/security/point-of-entry-why-hackers-target-stolen-credentials-for-initial-access/

 Hacker wipes 13,000 devices after breaching classroom management platform

A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. [...]

https://www.bleepingcomputer.com/news/security/hacker-wipes-13-000-devices-after-breaching-classroom-management-platform/

 France's Grand Palais discloses cyberattack during Olympic games

The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. [...]

https://www.bleepingcomputer.com/news/security/frances-grand-palais-discloses-cyberattack-during-olympic-games/

 Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [...]

https://www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/

 INTERPOL recovers over $40 million stolen in a BEC attack

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. [...]

https://www.bleepingcomputer.com/news/security/interpol-recovers-over-40-million-stolen-in-a-bec-attack/

 Google Chrome will let you send money to your favourite website

Google has confirmed plans to implement Web Monetization in Chrome, allowing website owners to receive micro-payments as tips or rewards for their content as an additional way to generate revenue. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-will-let-you-send-money-to-your-favourite-website/

 Microsoft 365 anti-phishing feature can be bypassed with CSS

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [...]

https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/

 How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply

With skilled CISOs in short supply, service providers are turning to virtual CISOs. A new eBook by Cynomi explains how service providers/MSPs can quickly and easily expand vCISO service offerings to their customers. [...]

https://www.bleepingcomputer.com/news/security/how-msps-and-mssps-offer-vciso-services-with-skilled-cisos-in-short-supply/