Pulse Secure VPN zero-day used to hack defense firms, govt orgs
Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited against US Defense Industrial base (DIB) networks and worldwide organizations. [...]
https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/
Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited against US Defense Industrial base (DIB) networks and worldwide organizations. [...]
https://www.bleepingcomputer.com/news/security/pulse-secure-vpn-zero-day-used-to-hack-defense-firms-govt-orgs/
BleepingComputer
Pulse Secure VPN zero-day used to hack defense firms, govt orgs
Pulse Secure has shared mitigation measures for a zero-day authentication bypass vulnerability in the Pulse Connect Secure (PCS) SSL VPN appliance actively exploited in attacks against worldwide organizations and focused on US Defense Industrial base (DIB)β¦
Microsoft partially fixes Windows 7, Server 2008 vulnerability
Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...]
https://www.bleepingcomputer.com/news/security/microsoft-partially-fixes-windows-7-server-2008-vulnerability/
Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices. [...]
https://www.bleepingcomputer.com/news/security/microsoft-partially-fixes-windows-7-server-2008-vulnerability/
BleepingComputer
Microsoft partially fixes Windows 7, Server 2008 vulnerability
Microsoft has silently issued a partial fix for a local privilege escalation (LPE) vulnerability impacting all Windows 7 and Server 2008 R2 devices.
Eversource Energy data breach caused by unsecured cloud storage
Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. [...]
https://www.bleepingcomputer.com/news/security/eversource-energy-data-breach-caused-by-unsecured-cloud-storage/
Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server. [...]
https://www.bleepingcomputer.com/news/security/eversource-energy-data-breach-caused-by-unsecured-cloud-storage/
BleepingComputer
Eversource Energy data breach caused by unsecured cloud storage
Eversource, the largest power supplier in New England, has suffered a data breach after customers' personal information was exposed on an unsecured cloud server.
SonicWall warns customers to patch 3 zero-days exploited in the wild
Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. [...]
https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-patch-3-zero-days-exploited-in-the-wild/
Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products. [...]
https://www.bleepingcomputer.com/news/security/sonicwall-warns-customers-to-patch-3-zero-days-exploited-in-the-wild/
BleepingComputer
SonicWall warns customers to patch 3 zero-days exploited in the wild
Security hardware manufacturer SonicWall is urging customers to patch a set of three zero-day vulnerabilities affecting both its on-premises and hosted Email Security products.
REvil gang tries to extort Apple, threatens to sell stolen blueprints
The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced. [...]
https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/
The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced. [...]
https://www.bleepingcomputer.com/news/security/revil-gang-tries-to-extort-apple-threatens-to-sell-stolen-blueprints/
BleepingComputer
REvil gang tries to extort Apple, threatens to sell stolen blueprints
The REvil ransomware gang asked Apple to "buy back" stolen product blueprints to avoid having them leaked on REvil's leak site before today's Apple Spring Loaded event where the new iMac was introduced.
Facebook leaks strategy to numb reaction to data scraping incidents
Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. [...]
https://www.bleepingcomputer.com/news/security/facebook-leaks-strategy-to-numb-reaction-to-data-scraping-incidents/
Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network. [...]
https://www.bleepingcomputer.com/news/security/facebook-leaks-strategy-to-numb-reaction-to-data-scraping-incidents/
BleepingComputer
Facebook leaks strategy to numb reaction to data scraping incidents
Facebook's long-term strategy is to desensitize users about leaked data dumps that were collected through scraping the public portion of the social network.
WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts
WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent. [...]
https://www.bleepingcomputer.com/news/security/whatsapp-pink-malware-can-now-auto-reply-to-your-signal-telegram-texts/
WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appeared this week, primarily targeting WhatsApp users in the Indian subcontinent. [...]
https://www.bleepingcomputer.com/news/security/whatsapp-pink-malware-can-now-auto-reply-to-your-signal-telegram-texts/
BleepingComputer
WhatsApp Pink malware can now auto-reply to your Signal, Telegram texts
WhatsApp malware dubbed WhatsApp Pink has now been updated with advanced capabilities that let this counterfeit Android app automatically respond to your Signal, Telegram, Viber, and Skype messages. WhatsApp Pink refers to a counterfeit app that appearedβ¦
Logins for 1.3 million Windows RDP servers collected from hacker market
βThe login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. [...]
https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/
βThe login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. [...]
https://www.bleepingcomputer.com/news/security/logins-for-13-million-windows-rdp-servers-collected-from-hacker-market/
BleepingComputer
Logins for 1.3 million Windows RDP servers collected from hacker market
βThe login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials.
CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday. [...]
https://www.bleepingcomputer.com/news/security/cisa-orders-federal-orgs-to-mitigate-pulse-secure-vpn-bug-by-friday/
BleepingComputer
CISA orders federal orgs to mitigate Pulse Secure VPN bug by Friday
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a new emergency directive ordering federal agencies to mitigate an actively exploited vulnerability in Pulse Connect Secure (PCS) VPN appliances on their networks by Friday.
Google fixes exploited Chrome zero-day dropped on Twitter last week
Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-exploited-chrome-zero-day-dropped-on-twitter-last-week/
Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-exploited-chrome-zero-day-dropped-on-twitter-last-week/
BleepingComputer
Google fixes exploited Chrome zero-day dropped on Twitter last week
Google has released Chrome 90.0.4430.85 to address an actively exploited zero-day and four other high severity security vulnerabilities impacting today's most popular web browser.
Linux bans University of Minnesota for committing malicious code
Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [...]
https://www.bleepingcomputer.com/news/security/linux-bans-university-of-minnesota-for-committing-malicious-code/
Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberately introduced security vulnerabilities in the official Linux project. [...]
https://www.bleepingcomputer.com/news/security/linux-bans-university-of-minnesota-for-committing-malicious-code/
BleepingComputer
Linux bans University of Minnesota for committing malicious code
Linux kernel project maintainers have imposed a ban on the University of Minnesota (UMN) from contributing to the open-source Linux project after a group of UMN researchers were caught submitting a series of malicious code commits, or patches that deliberatelyβ¦
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. [...]
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives. [...]
https://www.bleepingcomputer.com/news/security/massive-qlocker-ransomware-attack-uses-7zip-to-encrypt-qnap-devices/
BleepingComputer
Massive Qlocker ransomware attack uses 7zip to encrypt QNAP devices
A massive ransomware campaign targeting QNAP devices worldwide is underway, and users are finding their files now stored in password-protected 7zip archives.
Windows 10 Task Manager now lets you throttle resource-hungry apps
Microsoft has added a new experimental 'Eco mode' feature to the Windows 10 Task Manager in the latest Preview build available for Windows Insiders in the Dev Channel. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-task-manager-now-lets-you-throttle-resource-hungry-apps/
Microsoft has added a new experimental 'Eco mode' feature to the Windows 10 Task Manager in the latest Preview build available for Windows Insiders in the Dev Channel. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-task-manager-now-lets-you-throttle-resource-hungry-apps/
BleepingComputer
Windows 10 Task Manager now lets you throttle resource-hungry apps
Microsoft has added a new experimental 'Eco mode' feature to the Windows 10 Task Manager in the latest Preview build available for Windows Insiders in the Dev Channel.
Windows 10 now lets you seamlessly run Linux GUI apps
Windows 10 now lets you run Linux GUI apps (X11 and Wayland) without using a virtual machine after Microsoft added GUI support to the Windows Subsystem for Linux (WSL). [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-now-lets-you-seamlessly-run-linux-gui-apps/
Windows 10 now lets you run Linux GUI apps (X11 and Wayland) without using a virtual machine after Microsoft added GUI support to the Windows Subsystem for Linux (WSL). [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-now-lets-you-seamlessly-run-linux-gui-apps/
BleepingComputer
Windows 10 now lets you seamlessly run Linux GUI apps
Windows 10 now lets you run Linux GUI apps (X11 and Wayland) without using a virtual machine after Microsoft added GUI support to the Windows Subsystem for Linux (WSL).
Microsoft Autoruns is crashing when listing Windows 10 startups
A recent update to Microsoft's Sysinternals Autoruns program is causing the program to crash as its scans for autostarts in Windows. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-autoruns-is-crashing-when-listing-windows-10-startups/
A recent update to Microsoft's Sysinternals Autoruns program is causing the program to crash as its scans for autostarts in Windows. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-autoruns-is-crashing-when-listing-windows-10-startups/
BleepingComputer
Microsoft Autoruns is crashing when listing Windows 10 startups
A recent update to Microsoft's Sysinternals Autoruns program is causing the program to crash as its scans for autostarts in Windows.
Signal CEO gives mobile-hacking firm a taste of being hacked
Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal. [...]
https://www.bleepingcomputer.com/news/security/signal-ceo-gives-mobile-hacking-firm-a-taste-of-being-hacked/
Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal. [...]
https://www.bleepingcomputer.com/news/security/signal-ceo-gives-mobile-hacking-firm-a-taste-of-being-hacked/
BleepingComputer
Signal CEO gives mobile-hacking firm a taste of being hacked
Software developed by data extraction company Cellebrite contains vulnerabilities that allow arbitrary code execution on the device, claims Moxie Marlinspike, the creator of the encrypted messaging app Signal.
Attackers can hide 'external sender' email warnings with HTML and CSS
The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code. [...]
https://www.bleepingcomputer.com/news/security/attackers-can-hide-external-sender-email-warnings-with-html-and-css/
The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether from emails is just a few lines of HTML and CSS code. [...]
https://www.bleepingcomputer.com/news/security/attackers-can-hide-external-sender-email-warnings-with-html-and-css/
BleepingComputer
Attackers can hide 'external sender' email warnings with HTML and CSS
The "external sender" warnings shown to email recipients by clients like Microsoft Outlook can be hidden by the sender, as demonstrated by a researcher. Turns out, all it takes for attackers to alter the "external sender" warning, or remove it altogether fromβ¦
QNAP removes backdoor account in NAS backup, disaster recovery app
QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. [...]
https://www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/
QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials. [...]
https://www.bleepingcomputer.com/news/security/qnap-removes-backdoor-account-in-nas-backup-disaster-recovery-app/
BleepingComputer
QNAP removes backdoor account in NAS backup, disaster recovery app
QNAP has addressed a critical vulnerability allowing attackers to log into QNAP NAS (network-attached storage) devices using hardcoded credentials.
Exchange Online down: Microsoft 365 outage affects email delivery
A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. [...]
https://www.bleepingcomputer.com/news/microsoft/exchange-online-down-microsoft-365-outage-affects-email-delivery/
A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes. [...]
https://www.bleepingcomputer.com/news/microsoft/exchange-online-down-microsoft-365-outage-affects-email-delivery/
BleepingComputer
Exchange Online down: Microsoft 365 outage affects email delivery
A Microsoft 365 outage is preventing Exchange Online users from sending and receiving emails, with messages being stuck in transit and not reaching the recipients' inboxes.
Windows 10 News and Interests taskbar news feed rolling out worldwide
The new Windows 10 News and Interests taskbar news feed feature is now rolling out to Windows 10 devices worldwide. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-news-and-interests-taskbar-news-feed-rolling-out-worldwide/
The new Windows 10 News and Interests taskbar news feed feature is now rolling out to Windows 10 devices worldwide. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-news-and-interests-taskbar-news-feed-rolling-out-worldwide/
BleepingComputer
Windows 10 News and Interests taskbar news feed rolling out worldwide
The new Windows 10 News and Interests taskbar news feed feature is now rolling out to Windows 10 devices worldwide.
Botnet backdoors Microsoft Exchange servers, mines cryptocurrency
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. [...]
https://www.bleepingcomputer.com/news/security/botnet-backdoors-microsoft-exchange-servers-mines-cryptocurrency/
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots. [...]
https://www.bleepingcomputer.com/news/security/botnet-backdoors-microsoft-exchange-servers-mines-cryptocurrency/
BleepingComputer
Botnet backdoors Microsoft Exchange servers, mines cryptocurrency
Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero (XMR) cryptocurrency mining bots.