βDell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...]
https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...]
https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/
BleepingComputer
Dell API abused to steal 49 million customer records in data breach
The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company.
π©6π₯°1
βThe Week in Ransomware - May 10th 2024 - Chipping away at LockBit
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-10th-2024-chipping-away-at-lockbit/
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-10th-2024-chipping-away-at-lockbit/
BleepingComputer
The Week in Ransomware - May 10th 2024 - Chipping away at LockBit
After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation.
π4π₯2π₯°1π1π€‘1
βEuropol confirms web portal breach, says no operational data stolen
βEuropol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. [...]
https://www.bleepingcomputer.com/news/security/europol-confirms-web-portal-breach-says-no-operational-data-stolen/
βEuropol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. [...]
https://www.bleepingcomputer.com/news/security/europol-confirms-web-portal-breach-says-no-operational-data-stolen/
BleepingComputer
Europol confirms web portal breach, says no operational data stolen
βEuropol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containingβ¦
π€£5β‘2π2
βCISA: Black Basta ransomware breached over 500 orgs worldwide
βCISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. [...]
https://www.bleepingcomputer.com/news/security/cisa-black-basta-ransomware-breached-over-500-orgs-worldwide/
βCISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. [...]
https://www.bleepingcomputer.com/news/security/cisa-black-basta-ransomware-breached-over-500-orgs-worldwide/
BleepingComputer
CISA: Black Basta ransomware breached over 500 orgs worldwide
βCISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024.
π₯°2
βThe Post Millennial hack leaked data impacting 26 million people
Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. [...]
https://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/
Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website. [...]
https://www.bleepingcomputer.com/news/security/the-post-millennial-hack-leaked-data-impacting-26-million-people/
BleepingComputer
The Post Millennial hack leaked data impacting 26 million people
Have I Been Pwned has added the information for 26,818,266 people whose data was leaked in a recent hack of The Post Millennial conservative news website.
π»1
βLargest non-bank lender in Australia warns of a data breach
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. [...]
https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm. [...]
https://www.bleepingcomputer.com/news/security/largest-non-bank-lender-in-australia-warns-of-a-data-breach/
BleepingComputer
Largest non-bank lender in Australia warns of a data breach
Firstmac Limited is warning customers that it suffered a data breach a day after the new Embargo cyber-extortion group leaked over 500GB of data allegedly stolen from the firm.
π»1
βHelsinki suffers data breach after hackers exploit unpatched flaw
The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. [...]
https://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/
The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. [...]
https://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/
BleepingComputer
Helsinki suffers data breach after hackers exploit unpatched flaw
The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel.
π»2
βHackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [...]
https://www.bleepingcomputer.com/news/security/hackers-use-dns-tunneling-for-network-scanning-tracking-victims/
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [...]
https://www.bleepingcomputer.com/news/security/hackers-use-dns-tunneling-for-network-scanning-tracking-victims/
BleepingComputer
Hackers use DNS tunneling for network scanning, tracking victims
Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities.
π»4
βBotnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. [...]
https://www.bleepingcomputer.com/news/security/botnet-sent-millions-of-emails-in-lockbit-black-ransomware-campaign/
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign. [...]
https://www.bleepingcomputer.com/news/security/botnet-sent-millions-of-emails-in-lockbit-black-ransomware-campaign/
BleepingComputer
Botnet sent millions of emails in LockBit Black ransomware campaign
Since April, millions of phishing emails have been sent through the Phorpiex botnet to conduct a large-scale LockBit Black ransomware campaign.
π΄1
βINC ransomware source code selling on hacking forums for $300,000
A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. [...]
https://www.bleepingcomputer.com/news/security/inc-ransomware-source-code-selling-on-hacking-forums-for-300-000/
A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. [...]
https://www.bleepingcomputer.com/news/security/inc-ransomware-source-code-selling-on-hacking-forums-for-300-000/
BleepingComputer
INC ransomware source code selling on hacking forums for $300,000
A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023.
π΄1
βFCC reveals Royal Tiger, its first tagged robocall threat actor
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. [...]
https://www.bleepingcomputer.com/news/security/fcc-reveals-royal-tiger-its-first-tagged-robocall-threat-actor/
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. [...]
https://www.bleepingcomputer.com/news/security/fcc-reveals-royal-tiger-its-first-tagged-robocall-threat-actor/
BleepingComputer
FCC reveals Royal Tiger, its first tagged robocall threat actor
The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns.
π1π΄1
βApple backports fix for RTKit iOS zero-day to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. [...]
https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones/
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. [...]
https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones/
BleepingComputer
Apple backports fix for zero-day exploited in attacks to older iPhones
Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS zero-day tagged as exploited in attacks.
π1π₯±1
βPyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. [...]
https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. [...]
https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/
BleepingComputer
PyPi package backdoors Macs using the Sliver pen-testing suite
A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks.
π΄5
βGoogle Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2024/
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-6th-zero-day-exploited-in-2024/
BleepingComputer
Google Chrome emergency update fixes 6th zero-day exploited in 2024
Google has released emergency security updates for the Chrome browser to address a high-severity zero-day vulnerability tagged as exploited in attacks.
π»6π1
βVMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [...]
https://www.bleepingcomputer.com/news/security/vmware-fixes-three-zero-day-bugs-exploited-at-pwn2own-2024/
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [...]
https://www.bleepingcomputer.com/news/security/vmware-fixes-three-zero-day-bugs-exploited-at-pwn2own-2024/
BleepingComputer
VMware fixes three zero-day bugs exploited at Pwn2Own 2024
VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest.
βApple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them. [...]
https://www.bleepingcomputer.com/news/security/apple-and-google-add-alerts-for-unknown-bluetooth-trackers-to-ios-android/
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them. [...]
https://www.bleepingcomputer.com/news/security/apple-and-google-add-alerts-for-unknown-bluetooth-trackers-to-ios-android/
BleepingComputer
Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android
On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them.
π©2
βApple fixes Safari WebKit zero-day flaw exploited at Pwn2Own
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. [...]
https://www.bleepingcomputer.com/news/apple/apple-fixes-safari-webkit-zero-day-flaw-exploited-at-pwn2own/
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. [...]
https://www.bleepingcomputer.com/news/apple/apple-fixes-safari-webkit-zero-day-flaw-exploited-at-pwn2own/
BleepingComputer
Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own
Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition.
βEbury botnet malware infected 400,000 Linux servers since 2009
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. [...]
https://www.bleepingcomputer.com/news/security/ebury-botnet-malware-infected-400-000-linux-servers-since-2009/
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. [...]
https://www.bleepingcomputer.com/news/security/ebury-botnet-malware-infected-400-000-linux-servers-since-2009/
BleepingComputer
Ebury botnet malware infected 400,000 Linux servers since 2009
A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023.
π5
βWindows 11 KB5037771 update released with 30 fixes, changes
Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5037771-update-released-with-30-fixes-changes/
Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5037771-update-released-with-30-fixes-changes/
BleepingComputer
Windows 11 KB5037771 update released with 30 fixes, changes
Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections.
βMicrosoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-patch-tuesday-fixes-3-zero-days-61-flaws/
BleepingComputer
Microsoft May 2024 Patch Tuesday fixes 3 zero-days, 61 flaws
Today is Microsoft's May 2024 Patch Tuesday, which includes security updates for 61 flaws and three actively exploited or publicly disclosed zero days.
π2