BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...]
https://www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanism is active. (d6e07de8573fc9018707f22eee885a5d)[...]
https://www.bleepingcomputer.com/news/security/boothole-grub-bootloader-bug-lets-hackers-hide-malware-in-linux-windows/
BleepingComputer
BootHole GRUB bootloader bug lets hackers hide malware in Linux, Windows
A severe vulnerability exists in almost all signed versions of GRUB2 bootloader used by most Linux systems. When properly exploited, it could allow threat actors to compromise an operating system's booting process even if the Secure Boot verification mechanismβ¦
Cisco fixes severe flaws in data center management solution
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. (eaf4eb782b57d2f002da312b3ed275fe)[...]
https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products. (eaf4eb782b57d2f002da312b3ed275fe)[...]
https://www.bleepingcomputer.com/news/security/cisco-fixes-severe-flaws-in-data-center-management-solution/
BleepingComputer
Cisco fixes severe flaws in data center management solution
Cisco today has released several security updates to address three critical authentication bypass, buffer overflow, and authorization bypass vulnerabilities found to affect Cisco Data Center Network Manager (DCNM) and multiple Cisco SD-WAN software products.
Microsoft now detects CCleaner as a Potentially Unwanted Application
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-detects-ccleaner-as-a-potentially-unwanted-application/
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-now-detects-ccleaner-as-a-potentially-unwanted-application/
BleepingComputer
Microsoft now detects CCleaner as a Potentially Unwanted Application
Microsoft is now detecting the popular CCleaner Windows optimization and Registry cleaner program as a potentially unwanted application (PUA) in Microsoft Defender.
Zoom bug allowed attackers to crack private meeting passwords
A lack of rate limiting in password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/zoom-bug-allowed-attackers-to-crack-private-meeting-passwords/
A lack of rate limiting in password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/zoom-bug-allowed-attackers-to-crack-private-meeting-passwords/
BleepingComputer
Zoom bug allowed attackers to crack private meeting passwords
A lack of rate limiting in password attempts allowed potential attackers to crack the numeric passcode used to secure Zoom private meetings as discovered by Tom Anthony, VP Product at SearchPilot.
Sneaky Doki Linux malware infiltrates Docker cloud instances
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/sneaky-doki-linux-malware-infiltrates-docker-cloud-instances/
BleepingComputer
Sneaky Doki Linux malware infiltrates Docker cloud instances
Attackers are targeting misconfigured cloud-based docker instances running on Linux distributions with an undetectable strand of malware.
Vermont Tax Department exposed 3 years worth of tax return info
The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/vermont-tax-department-exposed-3-years-worth-of-tax-return-info/
The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/vermont-tax-department-exposed-3-years-worth-of-tax-return-info/
BleepingComputer
Vermont Tax Department exposed 3 years worth of tax return info
The Vermont Department of Taxes today disclosed that taxpayers' private information was exposed because of a security issue affecting its online filing site discovered on July 2, 2020.
TrickBot's new Linux malware covertly infects Windows devices
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-covertly-infects-windows-devices/
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/trickbots-new-linux-malware-covertly-infects-windows-devices/
BleepingComputer
TrickBot's new Linux malware covertly infects Windows devices
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
Firefox 79 released with new Lockwise password export feature
Mozilla has released Firefox 79 on July 28th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with minor improvements and bug fixes. This is a small release with only some small bug fixes and improvements. The most noteworthy change is that you are now able to export saved login credentials to a CSV file. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/software/firefox-79-released-with-new-lockwise-password-export-feature/
Mozilla has released Firefox 79 on July 28th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with minor improvements and bug fixes. This is a small release with only some small bug fixes and improvements. The most noteworthy change is that you are now able to export saved login credentials to a CSV file. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/software/firefox-79-released-with-new-lockwise-password-export-feature/
BleepingComputer
Firefox 79 released with new Lockwise password export feature
Mozilla has released Firefox 79 on July 28th, 2020, to the Stable desktop channel for Windows, macOS, and Linux with minor improvements and bug fixes. This is a small release with only some small bug fixes and improvements. The most noteworthy change is thatβ¦
US defense contractors targeted by North Korean phishing attacks
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/us-defense-contractors-targeted-by-north-korean-phishing-attacks/
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/us-defense-contractors-targeted-by-north-korean-phishing-attacks/
BleepingComputer
US defense contractors targeted by North Korean phishing attacks
Employees of U.S. defense and aerospace contractors were targeted in a large scale spear-phishing campaign between early April and mid-June 2020 in a series of phishing attacks designed to infect their devices and to exfiltrate defense tech intelligence.
Startups disclose data breaches after massive 386M records leak
Startups have begun to disclose data breaches after a massive leak of stolen databases was published on a hacker forum this month. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/startups-disclose-data-breaches-after-massive-386m-records-leak/
Startups have begun to disclose data breaches after a massive leak of stolen databases was published on a hacker forum this month. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/startups-disclose-data-breaches-after-massive-386m-records-leak/
BleepingComputer
Startups disclose data breaches after massive 386M records leak
Startups have begun to disclose data breaches after a massive leak of stolen databases was published on a hacker forum this month.
EU sanctions Russian espionage unit, Chinese and North Korean firms
The Council of the European Union today announced sanctions imposed on a Russian military espionage unit, as well as on front companies for Chinese and North Korean threat groups involved in cyber-attacks targeting the EU and its member states. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-espionage-unit-chinese-and-north-korean-firms/
The Council of the European Union today announced sanctions imposed on a Russian military espionage unit, as well as on front companies for Chinese and North Korean threat groups involved in cyber-attacks targeting the EU and its member states. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-espionage-unit-chinese-and-north-korean-firms/
BleepingComputer
EU sanctions Russian espionage unit, Chinese and North Korean firms
The Council of the European Union today announced sanctions imposed on a Russian military espionage unit, as well as on front companies for Chinese and North Korean threat groups involved in cyber-attacks targeting the EU and its member states.
Office 365 phishing abuses Google Ads to bypass email filters
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials. (6f4c434995edef0548165457c4d90ce3)[...]
https://www.bleepingcomputer.com/news/security/office-365-phishing-abuses-google-ads-to-bypass-email-filters/
BleepingComputer
Office 365 phishing abuses Google Ads to bypass email filters
An Office 365 phishing campaign abused Google Ads to bypass secure email gateways (SEGs), redirecting employees of targeted organizations to phishing landing pages and stealing their Microsoft credentials.
KDE archive tool flaw let hackers take over Linux accounts
A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/kde-archive-tool-flaw-let-hackers-take-over-linux-accounts/
A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/kde-archive-tool-flaw-let-hackers-take-over-linux-accounts/
BleepingComputer
KDE archive tool flaw let hackers take over Linux accounts
A vulnerability exists in the default KDE extraction utility called ARK that allows attackers to overwrite files or execute code on victim's computers simply by tricking them into downloading an archive and extracting it.
Linux warning: TrickBot malware is now infecting your systems
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels. (47a9275c481dbf25e49cf753f7102ec1)[...]
https://www.bleepingcomputer.com/news/security/linux-warning-trickbot-malware-is-now-infecting-your-systems/
BleepingComputer
Linux warning: TrickBot malware is now infecting your systems
TrickBot's Anchor malware platform has been ported to infect Linux devices and compromise further high-impact and high-value targets using covert channels.
Canadian MSP discloses data breach, failed ransomware attack
Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted with sensitive information being accessed by the hackers. 9d677006e13fc8d17c1f59b05bbb9047 [...]
https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/
Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted with sensitive information being accessed by the hackers. 9d677006e13fc8d17c1f59b05bbb9047 [...]
https://www.bleepingcomputer.com/news/security/canadian-msp-discloses-data-breach-failed-ransomware-attack/
BleepingComputer
Canadian MSP discloses data breach, failed ransomware attack
Managed service provider Pivot Technology Solutions has disclosed that it was the victim of a ransomware attack that resulted in sensitive information being accessed by the hackers.
Hackers stole Twitter employee credentials via phone phishing
Twitter today said that the attackers behind this month's hack were able to take control of high-profile accounts after stealing Twitter employees' credentials as part of a phone spear phishing attack on July 15, 2020. 9d677006e13fc8d17c1f59b05bbb9047 [...]
https://www.bleepingcomputer.com/news/security/hackers-stole-twitter-employee-credentials-via-phone-phishing/
Twitter today said that the attackers behind this month's hack were able to take control of high-profile accounts after stealing Twitter employees' credentials as part of a phone spear phishing attack on July 15, 2020. 9d677006e13fc8d17c1f59b05bbb9047 [...]
https://www.bleepingcomputer.com/news/security/hackers-stole-twitter-employee-credentials-via-phone-phishing/
BleepingComputer
Hackers stole Twitter employee credentials via phone phishing
Twitter today said that the attackers behind this month's hack were able to take control of high-profile accounts after stealing Twitter employees' credentials as part of a phone spear phishing attack on July 15, 2020.
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user. 9d677006e13fc8d17c1f59b05bbb9047 [...]
https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user. 9d677006e13fc8d17c1f59b05bbb9047 [...]
https://www.bleepingcomputer.com/news/security/bypassing-windows-10-uac-with-mock-folders-and-dll-hijacking/
BleepingComputer
Bypassing Windows 10 UAC with mock folders and DLL hijacking
A new technique uses a simplified process of DLL hijacking and mock directories to bypass Windows 10's UAC security feature and run elevated commands without alerting a user.
QNAP urges users to update Malware Remover after QSnatch alert
QNAP urges its users to update the Malware Remover app and bolster their NAS devices' security following a QSnatch malware joint alert published earlier this week by UK's NCSC and the US CISA government cybersecurity agencies. [...]
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
QNAP urges its users to update the Malware Remover app and bolster their NAS devices' security following a QSnatch malware joint alert published earlier this week by UK's NCSC and the US CISA government cybersecurity agencies. [...]
https://www.bleepingcomputer.com/news/security/qnap-urges-users-to-update-malware-remover-after-qsnatch-alert/
BleepingComputer
QNAP urges users to update Malware Remover after QSnatch alert
QNAP urges its users to update the Malware Remover app and bolster their NAS devices' security following a QSnatch malware joint alert published earlier this week by UK's NCSC and the US CISA government cybersecurity agencies.
Windows 10 2004 KB4568831 update released with printing fixes
βMicrosoft released the Windows 10 2004 KB4568831 non-security preview cumulative update with fixes for network printing, family safety, and cellular connectivity issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-kb4568831-update-released-with-printing-fixes/
βMicrosoft released the Windows 10 2004 KB4568831 non-security preview cumulative update with fixes for network printing, family safety, and cellular connectivity issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-kb4568831-update-released-with-printing-fixes/
BleepingComputer
Windows 10 2004 KB4568831 update released with printing fixes
βMicrosoft released the Windows 10 2004 KB4568831 non-security preview cumulative update with fixes for network printing, family safety, and cellular connectivity issues.
Microsoft fixes Windows 10 2004 Bluetooth and Intel GPU issues
Microsoft today addressed two known issues preventing Windows 10 devices with Realtek Bluetooth radios and Intel integrated graphics processing units (iGPUs) from receiving the Windows 10 May 2020 Update. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-2004-bluetooth-and-intel-gpu-issues/
Microsoft today addressed two known issues preventing Windows 10 devices with Realtek Bluetooth radios and Intel integrated graphics processing units (iGPUs) from receiving the Windows 10 May 2020 Update. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-10-2004-bluetooth-and-intel-gpu-issues/
BleepingComputer
Microsoft fixes Windows 10 2004 Bluetooth and Intel GPU issues
Microsoft today addressed two known issues preventing Windows 10 devices with Realtek Bluetooth radios and Intel integrated graphics processing units (iGPUs) from receiving the Windows 10 May 2020 Update.
US government sites abused to redirect users to porn sites
In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. [...]
https://www.bleepingcomputer.com/news/security/us-government-sites-abused-to-redirect-users-to-porn-sites/
In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites. [...]
https://www.bleepingcomputer.com/news/security/us-government-sites-abused-to-redirect-users-to-porn-sites/
BleepingComputer
US government sites abused to redirect users to porn sites
In an ongoing blackhat SEO campaign tracked by BleepingComputer, scammers are using open redirects found on government websites to redirect visitors to pornography sites.