Cyber agencies share security guidance for network edge devices

Five Eyes cybersecurity agencies in the UK, Australia, Canada, New Zealand, and the U.S. have issued guidance urging makers of network edge devices and appliances to improve forensic visibility to help defenders detect attacks and investigate breaches. [...]

https://www.bleepingcomputer.com/news/security/cyber-agencies-share-security-guidance-for-network-edge-devices/

 Google Play, Apple App Store apps caught stealing crypto wallets

A new campaign dubbed 'SparkCat' has been uncovered, targeting the cryptocurrency wallet recovery phrases of Android and iOS users using optical character recognition (OCR) stealers. [...]

https://www.bleepingcomputer.com/news/mobile/google-play-apple-app-store-apps-caught-stealing-crypto-wallets/

 Zyxel won’t patch newly exploited flaws in end-of-life routers

Zyxel has issued a security advisory about actively exploited flaws in CPE Series devices, warning that it has no plans to issue fixing patches and urging users to move to actively supported models. [...]

https://www.bleepingcomputer.com/news/security/zyxel-wont-patch-newly-exploited-flaws-in-end-of-life-routers/

 How attackers abuse S3 Bucket Namesquatting — And How to Stop Them

AWS S3 bucket names are global with predictable names that can be exploited in "S3 bucket namesquatting" attacks to access or hijack S3 buckets. In this article, Varonis explains how these attacks work and how you can prevent them. [...]

https://www.bleepingcomputer.com/news/security/how-attackers-abuse-s3-bucket-namesquatting-and-how-to-stop-them/

 Spain arrests suspected hacker of US and Spanish military agencies

The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public and private organizations, including the Guardia Civil, the Ministry of Defense, NATO, the US Army, and various universities. [...]

https://www.bleepingcomputer.com/news/legal/spain-arrests-suspected-hacker-of-us-and-spanish-military-agencies/

 CISA tags Microsoft .NET and Apache OFBiz bugs as exploited in attacks

The US Cybersecurity & Infrastructure Security Agency (CISA) has added four vulnerabilities to its Known Exploited Vulnerabilities catalog, urging federal agencies and large organizations to apply the available security updates as soon as possible. [...]

https://www.bleepingcomputer.com/news/security/cisa-tags-microsoft-net-and-apache-ofbiz-bugs-as-exploited-in-attacks/

 AMD fixes bug that lets hackers load malicious microcode patches

​AMD has released mitigation and firmware updates to address a high-severity vulnerability that can be exploited to load malicious CPU microcode on unpatched devices. [...]

https://www.bleepingcomputer.com/news/security/amd-fixes-bug-that-lets-hackers-load-malicious-microcode-patches/

 Hackers spoof Microsoft ADFS login pages to steal credentials

A help desk phishing campaign targets an organization's Microsoft Active Directory Federation Services (ADFS) using spoofed login pages to steal credentials and bypass multi-factor authentication (MFA) protections. [...]

https://www.bleepingcomputer.com/news/security/hackers-spoof-microsoft-adfs-login-pages-to-steal-credentials/

 CISA orders agencies to patch Linux kernel bug exploited in attacks

​CISA has ordered federal agencies to secure their systems within three weeks against a high-severity Linux kernel flaw actively exploited in attacks. [...]

https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-linux-kernel-bug-exploited-in-attacks/

 Ransomware payments fell by 35% in 2024, totalling $813,550,000

Payments to ransomware actors decreased 35% year-over-year in 2024, totaling $813.55 million, down from $1.25 billion recorded in 2023. [...]

https://www.bleepingcomputer.com/news/security/ransomware-payments-fell-by-35-percent-in-2024-totalling-813-550-000/

 Robocallers posing as FCC fraud prevention team call FCC staff

The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations. [...]

https://www.bleepingcomputer.com/news/security/robocallers-posing-as-fcc-fraud-prevention-team-call-fcc-staff/

 Microsoft script updates bootable media for BlackLotus bootkit fixes

Microsoft has released a PowerShell script to help Windows users and admins update bootable media so it utilizes the new "Windows UEFI CA 2023" certificate before the mitigations of the BlackLotus UEFI bootkit are enforced later this year. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-script-updates-bootable-media-for-blacklotus-bootkit-fixes/

 British engineering firm IMI discloses breach, shares no details

British-based engineering firm IMI plc has disclosed a security breach after unknown attackers hacked into the company's systems. [...]

https://www.bleepingcomputer.com/news/security/british-engineering-firm-imi-discloses-breach-shares-no-details/

 DDoS attacks reportedly behind DayZ and Arma network outages

An ongoing distributed denial of service (DDoS) attack targets Bohemia Interactive's infrastructure, preventing players of DayZ and Arma Reforger from playing the games online. [...]

https://www.bleepingcomputer.com/news/security/ddos-attacks-reportedly-behind-dayz-and-arma-network-outages/

 Critical Cisco ISE bug can let attackers run commands as root

Cisco has fixed two critical Identity Services Engine (ISE) vulnerabilities that can let attackers with read-only admin privileges bypass authorization and run commands as root. [...]

https://www.bleepingcomputer.com/news/security/critical-cisco-ise-bug-can-let-attackers-run-commands-as-root/

 Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware

Hackers are targeting vulnerable SimpleHelp RMM clients to create administrator accounts, drop backdoors, and potentially lay the groundwork for ransomware attacks. [...]

https://www.bleepingcomputer.com/news/security/hackers-exploit-simplehelp-rmm-flaws-to-deploy-sliver-malware/

 Critical RCE bug in Microsoft Outlook now exploited in attacks

CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. [...]

https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-microsoft-outlook-now-exploited-in-attacks/

 Kimsuky hackers use new custom RDP Wrapper for remote access

The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. [...]

https://www.bleepingcomputer.com/news/security/kimsuky-hackers-use-new-custom-rdp-wrapper-for-remote-access/

 Microsoft says attackers use exposed ASP.NET keys to deploy malware

Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. [...]

https://www.bleepingcomputer.com/news/security/microsoft-says-attackers-use-exposed-aspnet-keys-to-deploy-malware/

 Microsoft Edge update adds AI-powered Scareware Blocker

Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-update-adds-ai-powered-scareware-blocker/

 Microsoft has finally fixed Date & Time bug in Windows 11

Windows 11's January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-has-finally-fixed-date-and-time-bug-in-windows-11/