Windows 10 KB5039211 update released with new feature, 12 fixes
Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5039211-update-released-with-new-feature-12-fixes/
Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5039211-update-released-with-new-feature-12-fixes/
BleepingComputer
Windows 10 KB5039211 update released with new feature, 12 fixes
Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows.
Windows 11 KB5039212 update released with 37 changes, fixes
Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5039212-update-released-with-37-changes-fixes/
Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5039212-update-released-with-37-changes-fixes/
BleepingComputer
Windows 11 KB5039212 update released with 37 changes, fixes
Microsoft is rolling out the KB5039212 cumulative update for Windows 11 version 23H3 with thirty-seven improvements and changes, including better drag-and-drop support in the File Explorer address bar.
👍2
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [...]
https://www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [...]
https://www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/
BleepingComputer
JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens
JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens.
😱3👍1
New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes
Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [...]
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-kb5039227-and-kb5039217-updates-fix-lsass-crashes/
Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [...]
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-kb5039227-and-kb5039217-updates-fix-lsass-crashes/
BleepingComputer
New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes
Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs.
Black Basta ransomware gang linked to Windows zero-day attacks
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. [...]
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-windows-zero-day-attacks/
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available. [...]
https://www.bleepingcomputer.com/news/security/black-basta-ransomware-gang-linked-to-windows-zero-day-attacks/
BleepingComputer
Black Basta ransomware gang linked to Windows zero-day attacks
The Cardinal cybercrime group (Storm-1811, UNC4394), who are the main operators of the Black Basta ransomware, is suspected of exploiting a Windows privilege escalation vulnerability, CVE-2024-26169, before a fix was made available.
Police arrest Conti and LockBit ransomware crypter specialist
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. [...]
https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself. [...]
https://www.bleepingcomputer.com/news/security/police-arrest-conti-and-lockbit-ransomware-crypter-specialist/
BleepingComputer
Police arrest Conti and LockBit ransomware crypter specialist
The Ukraine cyber police have arrested a 28-year-old Russian man in Kyiv for working with Conti and LockBit ransomware operations to make their malware undetectable by antivirus software and conducting at least one attack himself.
👍2😢2👎1
Microsoft deprecates Windows DirectAccess, recommends Always On VPN
Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-directaccess-recommends-always-on-vpn/
Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-directaccess-recommends-always-on-vpn/
BleepingComputer
Microsoft deprecates Windows DirectAccess, recommends Always On VPN
Microsoft has announced that the DirectAccess remote access solution is now deprecated and will be removed in a future release of Windows, recommending companies migrate to the 'Always On VPN' for enhanced security and continued support.
Life360 says hacker tried to extort them after Tile data breach
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. [...]
https://www.bleepingcomputer.com/news/security/life360-says-hacker-tried-to-extort-them-after-tile-data-breach/
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. [...]
https://www.bleepingcomputer.com/news/security/life360-says-hacker-tried-to-extort-them-after-tile-data-breach/
BleepingComputer
Life360 says hacker tried to extort them after Tile data breach
Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform.
😇1
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. [...]
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials/
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. [...]
https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials/
BleepingComputer
New phishing toolkit uses PWAs to steal login credentials
A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials.
👍1
CISA warns of criminals impersonating its employees in phone calls
Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-criminals-impersonating-its-employees-in-phone-calls/
Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-criminals-impersonating-its-employees-in-phone-calls/
BleepingComputer
CISA warns of criminals impersonating its employees in phone calls
Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money.
Google warns of actively exploited Pixel firmware zero-day
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [...]
https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day. [...]
https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/
BleepingComputer
Google patches exploited Android zero-day on Pixel devices
Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been exploited in targeted attacks as a zero-day.
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. [...]
https://www.bleepingcomputer.com/news/security/aws-adds-passkeys-support-warns-root-users-must-enable-mfa/
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. [...]
https://www.bleepingcomputer.com/news/security/aws-adds-passkeys-support-warns-root-users-must-enable-mfa/
BleepingComputer
AWS adds passkeys support, warns root users must enable MFA
Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability.
❤4👍1
Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [...]
https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [...]
https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/
BleepingComputer
Phishing emails abuse Windows search protocol to push malicious scripts
A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware.
YouTube tests harder-to-block server-side ad injection in videos
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. [...]
https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements. [...]
https://www.bleepingcomputer.com/news/google/youtube-tests-harder-to-block-server-side-ad-injection-in-videos/
BleepingComputer
YouTube tests harder-to-block server-side ad injection in videos
YouTube reportedly now injects ads directly into video streams to make it more difficult for ad blockers to block advertisements.
💩10🤮6🤬5🤡2
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/
BleepingComputer
Exploit for Veeam Recovery Orchestrator auth bypass available, patch now
A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks.
Panera warns of employee data breach after March ransomware attack
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. [...]
https://www.bleepingcomputer.com/news/security/panera-warns-of-employee-data-breach-after-march-ransomware-attack/
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack. [...]
https://www.bleepingcomputer.com/news/security/panera-warns-of-employee-data-breach-after-march-ransomware-attack/
BleepingComputer
Panera warns of employee data breach after March ransomware attack
U.S. food chain giant Panera Bread is notifying employees of a data breach after unknown threat actors stole their sensitive personal information in a March ransomware attack.
🥴2
Toronto District School Board hit by a ransomware attack
The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. [...]
https://www.bleepingcomputer.com/news/security/toronto-district-school-board-hit-by-a-ransomware-attack/
The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. [...]
https://www.bleepingcomputer.com/news/security/toronto-district-school-board-hit-by-a-ransomware-attack/
BleepingComputer
Toronto District School Board hit by a ransomware attack
The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed.
New York Times warns freelancers of GitHub repo data breach
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. [...]
https://www.bleepingcomputer.com/news/security/new-york-times-warns-freelancers-of-github-repo-data-breach/
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. [...]
https://www.bleepingcomputer.com/news/security/new-york-times-warns-freelancers-of-github-repo-data-breach/
BleepingComputer
New York Times warns freelancers of GitHub repo data breach
The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024.
Ascension hacked after employee downloaded malicious file
Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. [...]
https://www.bleepingcomputer.com/news/security/ascension-hacked-after-employee-downloaded-malicious-file/
Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. [...]
https://www.bleepingcomputer.com/news/security/ascension-hacked-after-employee-downloaded-malicious-file/
BleepingComputer
Ascension hacked after employee downloaded malicious file
Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device.
🥴1
Truist Bank confirms breach after stolen data shows up on hacking forum
Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. [...]
https://www.bleepingcomputer.com/news/security/truist-bank-confirms-data-breach-after-stolen-data-shows-up-on-hacking-forum/
Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. [...]
https://www.bleepingcomputer.com/news/security/truist-bank-confirms-data-breach-after-stolen-data-shows-up-on-hacking-forum/
BleepingComputer
Truist Bank confirms breach after stolen data shows up on hacking forum
Truist Bank, a leading U.S. commercial bank, confirmed this week that its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum.
🥴1