Secret backdoor discovered in Zyxel firewall and AP controllers
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware. [...]
https://www.bleepingcomputer.com/news/security/secret-backdoor-discovered-in-zyxel-firewall-and-ap-controllers/
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware. [...]
https://www.bleepingcomputer.com/news/security/secret-backdoor-discovered-in-zyxel-firewall-and-ap-controllers/
BleepingComputer
Secret backdoor discovered in Zyxel firewalls and AP controllers
Over 100,000 Zyxel devices are potentially vulnerable to a secret backdoor caused by hardcoded credentials used to update firewall and AP controllers' firmware.
Google Chrome fixes antivirus 'file locking' bug on Windows 10
Google has fixed a Chromium bug to prevent antivirus programs running on Windows 10 from blocking new files and bookmarks. [...]
https://www.bleepingcomputer.com/news/security/google-chrome-fixes-antivirus-file-locking-bug-on-windows-10/
Google has fixed a Chromium bug to prevent antivirus programs running on Windows 10 from blocking new files and bookmarks. [...]
https://www.bleepingcomputer.com/news/security/google-chrome-fixes-antivirus-file-locking-bug-on-windows-10/
BleepingComputer
Google Chrome fixes antivirus 'file locking' bug on Windows 10
Google has fixed a Chromium bug to prevent antivirus programs running on Windows 10 from blocking new files and bookmarks.
Beware: PayPal phishing texts state your account is 'limited'
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft. [...]
https://www.bleepingcomputer.com/news/security/beware-paypal-phishing-texts-state-your-account-is-limited/
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft. [...]
https://www.bleepingcomputer.com/news/security/beware-paypal-phishing-texts-state-your-account-is-limited/
BleepingComputer
Beware: PayPal phishing texts state your account is 'limited'
A PayPal text message phishing campaign is underway that attempts to steal your account credentials and other sensitive information that can be used for identity theft.
Microsoft's unreleased Windows Core Polaris OS leaks online
A user that keeps track of unreleased Windows builds, has now leaked a new build that may indicate that Windows Core OS-powered Polaris OS was real. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-unreleased-windows-core-polaris-os-leaks-online/
A user that keeps track of unreleased Windows builds, has now leaked a new build that may indicate that Windows Core OS-powered Polaris OS was real. [...]
https://www.bleepingcomputer.com/news/microsoft/microsofts-unreleased-windows-core-polaris-os-leaks-online/
BleepingComputer
Microsoft's unreleased Windows Core Polaris OS leaks online
A user that keeps track of unreleased Windows builds, has now leaked a new build that may indicate that Windows Core OS-powered Polaris OS was real.
China's APT hackers move to ransomware attacks
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. [...]
https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China. [...]
https://www.bleepingcomputer.com/news/security/chinas-apt-hackers-move-to-ransomware-attacks/
BleepingComputer
China's APT hackers move to ransomware attacks
Security researchers investigating a set of ransomware incidents at multiple companies discovered malware indicating that the attacks may be the work of a hacker group believed to operate on behalf of China.
Slack suffers its first massive outage of 2021
As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. [...]
https://www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/
As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide. [...]
https://www.bleepingcomputer.com/news/technology/slack-suffers-its-first-massive-outage-of-2021/
BleepingComputer
Slack suffers its first massive outage of 2021
As everyone gets back to work after the New Year holiday, Slack brings in 2021 with a massive outage affecting users worldwide.
Zend Framework remote code execution vulnerability revealed
An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007. [...]
https://www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/
An untrusted deserialization vulnerability has been disclosed in Zend Framework which can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007. [...]
https://www.bleepingcomputer.com/news/security/zend-framework-remote-code-execution-vulnerability-revealed/
BleepingComputer
Zend Framework disputes RCE vulnerability, issues patch
An untrusted deserialization vulnerability has been disclosed in how Zend Framework can be used by attackers to achieve remote code execution on PHP sites. Portions of Laminas Project may also be impacted by this flaw, tracked as CVE-2021-3007, now beingβ¦
Citrix adds NetScaler ADC setting to block recent DDoS attacks
Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks. [...]
https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/
Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks. [...]
https://www.bleepingcomputer.com/news/security/citrix-adds-netscaler-adc-setting-to-block-recent-ddos-attacks/
BleepingComputer
Citrix adds NetScaler ADC setting to block recent DDoS attacks
Citrix has released a feature enhancement designed to block attackers from using the Datagram Transport Layer Security (DTLS) feature of NetScaler ADC devices as an amplification vector in DDoS attacks.
TransLink confirms ransomware data theft, still restoring systems
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information. [...]
https://www.bleepingcomputer.com/news/security/translink-confirms-ransomware-data-theft-still-restoring-systems/
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information. [...]
https://www.bleepingcomputer.com/news/security/translink-confirms-ransomware-data-theft-still-restoring-systems/
BleepingComputer
TransLink confirms ransomware data theft, still restoring systems
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information.
TransLink confirms ransomware data theft, still restoring systems
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stolen employees' banking and social security information. [...]
https://www.bleepingcomputer.com/news/security/translink-confirms-ransomware-data-theft-still-restoring-systems/
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stolen employees' banking and social security information. [...]
https://www.bleepingcomputer.com/news/security/translink-confirms-ransomware-data-theft-still-restoring-systems/
BleepingComputer
TransLink confirms ransomware data theft, still restoring systems
Metro Vancouver's transportation agency TransLink has confirmed that the Egregor ransomware operators who breached its network at the beginning of December 2020 also accessed and potentially stole employees' banking and social security information.
Microsoft wants to show βWindows is BACKβ with Windows 10 UI refresh
A new Microsoft job listing states that the OS developer wants to show customers that "Windows is BACK" with a user interface refresh for Windows 10. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-to-show-windows-is-back-with-windows-10-ui-refresh/
A new Microsoft job listing states that the OS developer wants to show customers that "Windows is BACK" with a user interface refresh for Windows 10. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-wants-to-show-windows-is-back-with-windows-10-ui-refresh/
BleepingComputer
Microsoft wants to show βWindows is BACKβ with Windows 10 UI refresh
A new Microsoft job listing states that the OS developer wants to show customers that "Windows is BACK" with a user interface refresh for Windows 10.
Microsoft Defender for Office 365 to allow testing without setup
Microsoft wants to add a new Office 365 feature to allow customers to test Microsoft Defender email protection without actually having to configure the environment and devices for your organization. [...]
https://www.bleepingcomputer.com/news/security/microsoft-defender-for-office-365-to-allow-testing-without-setup/
Microsoft wants to add a new Office 365 feature to allow customers to test Microsoft Defender email protection without actually having to configure the environment and devices for your organization. [...]
https://www.bleepingcomputer.com/news/security/microsoft-defender-for-office-365-to-allow-testing-without-setup/
BleepingComputer
Microsoft Defender for Office 365 to allow testing without setup
Microsoft wants to add a new Office 365 feature to allow customers to test Microsoft Defender email protection without actually having to configure the environment and devices for your organization.
Indian government sites leaking patient COVID-19 test results
Multiple Indian government department websites are leaking COVID-19 lab test results for patients online. These reports uploaded by testing labs across the country as part of the national 'test, trace, isolate' efforts, expose patient's details, test site location, COVID-19 test results, dates, and the healthcare provider's info. [...]
https://www.bleepingcomputer.com/news/security/indian-government-sites-leaking-patient-covid-19-test-results/
Multiple Indian government department websites are leaking COVID-19 lab test results for patients online. These reports uploaded by testing labs across the country as part of the national 'test, trace, isolate' efforts, expose patient's details, test site location, COVID-19 test results, dates, and the healthcare provider's info. [...]
https://www.bleepingcomputer.com/news/security/indian-government-sites-leaking-patient-covid-19-test-results/
BleepingComputer
Indian government sites leaking patient COVID-19 test results
Multiple Indian government department websites are leaking COVID-19 lab test results for patients online. These reports uploaded by testing labs across the country as part of the national 'test, trace, isolate' efforts, expose patient's details, test siteβ¦
Ryuk ransomware is the top threat for the healthcare sector
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent. [...]
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-is-the-top-threat-for-the-healthcare-sector/
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent. [...]
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-is-the-top-threat-for-the-healthcare-sector/
BleepingComputer
Ryuk ransomware is the top threat for the healthcare sector
Healthcare organizations continue to be a prime target for cyberattacks of all kinds, with ransomware incidents, Ryuk in particular, being more prevalent.
Hacker posts data of 10,000 American Express accounts for free
A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor is also claiming to sell more data of Mexican banking customers of American Express, Santander, and Banamex. [...]
https://www.bleepingcomputer.com/news/security/hacker-posts-data-of-10-000-american-express-accounts-for-free/
A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor is also claiming to sell more data of Mexican banking customers of American Express, Santander, and Banamex. [...]
https://www.bleepingcomputer.com/news/security/hacker-posts-data-of-10-000-american-express-accounts-for-free/
BleepingComputer
Hacker posts data of 10,000 American Express accounts for free
A threat actor has posted data of 10,000 American Express credit card holders on a hacker forum for free. In the same forum post, the actor is also claiming to sell more data of Mexican banking customers of American Express, Santander, and Banamex.
Cross-platform ElectroRAT malware drains cryptocurrency wallets
Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users. [...]
https://www.bleepingcomputer.com/news/security/cross-platform-electrorat-malware-drains-cryptocurrency-wallets/
Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users. [...]
https://www.bleepingcomputer.com/news/security/cross-platform-electrorat-malware-drains-cryptocurrency-wallets/
BleepingComputer
Cross-platform ElectroRAT malware drains cryptocurrency wallets
Security researchers have discovered a new remote access trojan (RAT) used to empty the cryptocurrency wallets of thousands of Windows, Linux, and macOS users.
North Korean software supply chain attack targets stock investors
North Korean hacking group Thallium aka APT37 has been targeting a private stock investment messenger service in a supply chain attack, as reported this week. [...]
https://www.bleepingcomputer.com/news/security/north-korean-software-supply-chain-attack-targets-stock-investors/
North Korean hacking group Thallium aka APT37 has been targeting a private stock investment messenger service in a supply chain attack, as reported this week. [...]
https://www.bleepingcomputer.com/news/security/north-korean-software-supply-chain-attack-targets-stock-investors/
BleepingComputer
North Korean software supply chain attack targets stock investors
North Korean hacking group Thallium has been targeting a private stock investment messenger service in a supply chain attack, as reported this week.
Australian cybersecurity agency used as cover in malware campaign
The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware. [...]
https://www.bleepingcomputer.com/news/security/australian-cybersecurity-agency-used-as-cover-in-malware-campaign/
The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware. [...]
https://www.bleepingcomputer.com/news/security/australian-cybersecurity-agency-used-as-cover-in-malware-campaign/
BleepingComputer
Australian cybersecurity agency used as cover in malware campaign
The Australian government warns of an ongoing campaign impersonating the Australian Cyber Security Centre (ACSC) to infect targets with malware.
Microsoft Office January updates fix Outlook crash issues
Microsoft has released the January 2021 non-security Microsoft Office updates with fixes for known issues impacting Windows Installer (MSI) editions of Office 2016 products. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-january-updates-fix-outlook-crash-issues/
Microsoft has released the January 2021 non-security Microsoft Office updates with fixes for known issues impacting Windows Installer (MSI) editions of Office 2016 products. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-office-january-updates-fix-outlook-crash-issues/
BleepingComputer
Microsoft Office January updates fix Outlook crash issues
Microsoft has released the January 2021 non-security Microsoft Office updates with fixes for known issues impacting Windows Installer (MSI) editions of Office 2016 products.
Babuk Locker is the first new enterprise ransomware of 2021
It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks. [...]
https://www.bleepingcomputer.com/news/security/babuk-locker-is-the-first-new-enterprise-ransomware-of-2021/
It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks. [...]
https://www.bleepingcomputer.com/news/security/babuk-locker-is-the-first-new-enterprise-ransomware-of-2021/
BleepingComputer
Babuk Locker is the first new enterprise ransomware of 2021
It's a new year, and with it comes a new ransomware called Babuk Locker that targets corporate victims in human-operated attacks.
NSA shares guidance, tools to mitigate weak encryption protocols
The National Security Agency has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants. [...]
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-tools-to-mitigate-weak-encryption-protocols/
The National Security Agency has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants. [...]
https://www.bleepingcomputer.com/news/security/nsa-shares-guidance-tools-to-mitigate-weak-encryption-protocols/
BleepingComputer
NSA shares guidance, tools to mitigate weak encryption protocols
The National Security Agency has shared guidance on how to detect and replace outdated Transport Layer Security (TLS) protocol versions with up to date and secure variants.