Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux
Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. [...]
https://www.bleepingcomputer.com/news/security/feature-rich-ensiko-malware-can-encrypt-targets-windows-macos-linux/
Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers. [...]
https://www.bleepingcomputer.com/news/security/feature-rich-ensiko-malware-can-encrypt-targets-windows-macos-linux/
BleepingComputer
Feature-rich Ensiko malware can encrypt, targets Windows, macOS, Linux
Threat researchers have found a new feature-rich malware that can encrypt files on any system running PHP, making it a high risk for Windows, macOS, and Linux web servers.
Netflix credential phishing hides behind working CAPTCHA
A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with redirecting to a functioning CAPTCHA page to bypass email security controls. [...]
https://www.bleepingcomputer.com/news/security/netflix-credential-phishing-hides-behind-working-captcha/
A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with redirecting to a functioning CAPTCHA page to bypass email security controls. [...]
https://www.bleepingcomputer.com/news/security/netflix-credential-phishing-hides-behind-working-captcha/
BleepingComputer
Netflix credential phishing hides behind working CAPTCHA
A recent wave of phishing attacks aiming to steal payment card info and credentials for Netflix streaming service starts with redirecting to a functioning CAPTCHA page to bypass email security controls.
Industrial VPN vulnerabilities put critical infrastructure at risk
Security researchers analyzing popular remote access solutions used for industrial control systems (ICS) found multiple vulnerabilities that could let unauthenticated attackers execute arbitrary code and breach the environment. [...]
https://www.bleepingcomputer.com/news/security/industrial-vpn-vulnerabilities-put-critical-infrastructure-at-risk/
Security researchers analyzing popular remote access solutions used for industrial control systems (ICS) found multiple vulnerabilities that could let unauthenticated attackers execute arbitrary code and breach the environment. [...]
https://www.bleepingcomputer.com/news/security/industrial-vpn-vulnerabilities-put-critical-infrastructure-at-risk/
BleepingComputer
Industrial VPN vulnerabilities put critical infrastructure at risk
Security researchers analyzing popular remote access solutions used for industrial control systems (ICS) found multiple vulnerabilities that could let unauthenticated attackers execute arbitrary code and breach the environment.
Hacker leaks 386 million user records from 18 companies for free
A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches. [...]
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/
A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches. [...]
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/
BleepingComputer
Hacker leaks 386 million user records from 18 companies for free
A threat actor is flooding a hacker forum with databases exposing expose over 386 million user records that they claim were stolen from eighteen companies during data breaches.
North Korean hackers created VHD ransomware for enterprise attacks
North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today. [...]
https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/
North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today. [...]
https://www.bleepingcomputer.com/news/security/north-korean-hackers-created-vhd-ransomware-for-enterprise-attacks/
BleepingComputer
North Korean hackers created VHD ransomware for enterprise attacks
North Korean-backed hackers tracked as the Lazarus Group have developed and are actively using VHD ransomware against enterprise targets according to a report published by Kaspersky researchers today.
Magento gets security updates for severe code execution bugs
Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. [...]
https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/
Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity. [...]
https://www.bleepingcomputer.com/news/security/magento-gets-security-updates-for-severe-code-execution-bugs/
BleepingComputer
Magento gets security updates for severe code execution bugs
Adobe today released security updates to fix two code execution vulnerabilities affecting Magento Commerce and Magento Open Source, rated as important and critical severity.
Emotet malware now steals your email attachments to attack contacts
The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails attempting to infect targets' systems. [...]
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails attempting to infect targets' systems. [...]
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-your-email-attachments-to-attack-contacts/
BleepingComputer
Emotet malware now steals your email attachments to attack contacts
The Emotet malware botnet is now also using stolen attachments to increase the authenticity of spam emails used for infecting targets' systems.
Critical Wordpress plugin bug lets hackers take over hosting account
Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites. [...]
https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-lets-hackers-take-over-hosting-account/
Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites. [...]
https://www.bleepingcomputer.com/news/security/critical-wordpress-plugin-bug-lets-hackers-take-over-hosting-account/
BleepingComputer
Critical Wordpress plugin bug lets hackers take over hosting account
Hackers can exploit a maximum severity vulnerability in the wpDiscuz plugin installed on over 70,000 WordPress sites to execute code remotely after uploading arbitrary files on servers hosting vulnerable sites.
Business giant Dussmann Group's data leaked after ransomware attack
The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. [...]
https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/
The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack. [...]
https://www.bleepingcomputer.com/news/security/business-giant-dussmann-groups-data-leaked-after-ransomware-attack/
BleepingComputer
Business giant Dussmann Group's data leaked after ransomware attack
The Nefilim ransomware operation has begun to publish unencrypted files stolen from a Dussmann Group subsidiary during a recent attack.
The IRS asks tax professionals to enable multi-factor authentication
The U.S. Internal Revenue Service is asking tax professionals to enable additional forms of authentication in software that provides the option as an improved defense against hacker takeover attempts. [...]
https://www.bleepingcomputer.com/news/security/the-irs-asks-tax-professionals-to-enable-multi-factor-authentication/
The U.S. Internal Revenue Service is asking tax professionals to enable additional forms of authentication in software that provides the option as an improved defense against hacker takeover attempts. [...]
https://www.bleepingcomputer.com/news/security/the-irs-asks-tax-professionals-to-enable-multi-factor-authentication/
BleepingComputer
The IRS asks tax professionals to enable multi-factor authentication
The U.S. Internal Revenue Service is asking tax professionals to enable additional forms of authentication in software that provides the option as an improved defense against hacker takeover attempts.
FBI warns of Netwalker ransomware targeting US government and orgs
The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-netwalker-ransomware-targeting-us-government-and-orgs/
The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices. [...]
https://www.bleepingcomputer.com/news/security/fbi-warns-of-netwalker-ransomware-targeting-us-government-and-orgs/
BleepingComputer
FBI warns of Netwalker ransomware targeting US government and orgs
The FBI has issued a security alert about Netwalker ransomware operators targeting U.S. and foreign government organizations, advising their victims not to pay the ransom and reporting incidents to their local FBI field offices.
Microsoft to remove all Windows downloads signed with SHA-1
Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020. (9d677006e13fc8d17c1f59b05bbb9047)[...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-all-windows-downloads-signed-with-sha-1/
Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020. (9d677006e13fc8d17c1f59b05bbb9047)[...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-remove-all-windows-downloads-signed-with-sha-1/
BleepingComputer
Microsoft to remove all Windows downloads signed with SHA-1
Microsoft is removing all Windows downloads from the Microsoft Download Center that are signed using SHA-1 certificates on August 3rd, 2020.
BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...]
https://www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...]
https://www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/
BleepingComputer
BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanismβ¦
Cisco fixes severe flaws in data center management solution
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. (eaf4eb782b57d2f002da312b3ed275fe)[...]
https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. (eaf4eb782b57d2f002da312b3ed275fe)[...]
https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/
BleepingComputer
Cisco fixes severe flaws in data center management solution
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products.
Microsoft now detects CCleaner as a Potentially Unwanted Application
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-detects-ccleaner-as-a-potentially-unwanted-application/
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-detects-ccleaner-as-a-potentially-unwanted-application/
BleepingComputer
Microsoft now detects CCleaner as a Potentially Unwanted Application
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender.
Zoom bug allowed attackers to crack private meeting passwords
A lack of rate limiting in password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/zoom-bug-allowed-attackers-to-crack-private-meeting-passwords/
A lack of rate limiting in password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/zoom-bug-allowed-attackers-to-crack-private-meeting-passwords/
BleepingComputer
Zoom bug allowed attackers to crack private meeting passwords
A lack of rate limiting in password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot.
Sneaky Doki Linux malware infiltrates Docker cloud instances
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/
BleepingComputer
Sneaky Doki Linux malware infiltrates Docker cloud instances
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.
Vermont Tax Department exposed 3 years worth of tax return info
The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/vermont-tax-department-exposed-3-years-worth-of-tax-return-info/
The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/vermont-tax-department-exposed-3-years-worth-of-tax-return-info/
BleepingComputer
Vermont Tax Department exposed 3 years worth of tax return info
The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020.
TrickBot's new Linux malware covertly infects Windows devices
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-covertly-infects-windows-devices/
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-covertly-infects-windows-devices/
BleepingComputer
TrickBot's new Linux malware covertly infects Windows devices
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
Firefox 79 released with new Lockwise password export feature
Mozilla has released Firefox 79 on July 28th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with minor improvements and bug fixes. This is a small release with only some small bug fixes and improvements. The most noteworthy change is that you are now able to export saved login credentials to a CSV file. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/software/firefox-79-released-with-new-lockwise-password-export-feature/
Mozilla has released Firefox 79 on July 28th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with minor improvements and bug fixes. This is a small release with only some small bug fixes and improvements. The most noteworthy change is that you are now able to export saved login credentials to a CSV file. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/software/firefox-79-released-with-new-lockwise-password-export-feature/
BleepingComputer
Firefox 79 released with new Lockwise password export feature
Mozilla has released Firefox 79 on July 28th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with minor improvements and bug fixes. This is a small release with only some small bug fixes and improvements. The most noteworthy change is thatβ¦
US defense contractors targeted by North Korean phishing attacks
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/us-defense-contractors-targeted-by-north-korean-phishing-attacks/
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/us-defense-contractors-targeted-by-north-korean-phishing-attacks/
BleepingComputer
US defense contractors targeted by North Korean phishing attacks
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence.