Microsoft Azure outage takes down services across North America

​Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-outage-takes-down-services-across-north-america/

 Ransomware gang targets IT workers with new SharpRhino malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...]

https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/

 Google fixes Android kernel zero-day exploited in targeted attacks

Android security updates this month patch 46 vulnerabilities, including a high-severity remote code execution (RCE) exploited in targeted attacks. [...]

https://www.bleepingcomputer.com/news/security/google-fixes-android-kernel-zero-day-exploited-in-targeted-attacks/

 Proton VPN adds ‘Discreet Icons’ to hide app on Android devices

Proton VPN has announced a series of updates to its Windows and Android apps to help users combat censorship, circumvent blocks, and protect themselves from authoritarian governments due to using forbidden tools. [...]

https://www.bleepingcomputer.com/news/security/proton-vpn-adds-discreet-icons-to-hide-app-on-android-devices/

 Point of entry: Why hackers target stolen credentials for initial access

Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. [...]

https://www.bleepingcomputer.com/news/security/point-of-entry-why-hackers-target-stolen-credentials-for-initial-access/

 Hacker wipes 13,000 devices after breaching classroom management platform

A hacker has breached Mobile Guardian, a digital classroom management platform used worldwide, and remotely wiped data from at least 13,000 student's iPads and Chromebooks. [...]

https://www.bleepingcomputer.com/news/security/hacker-wipes-13-000-devices-after-breaching-classroom-management-platform/

 France's Grand Palais discloses cyberattack during Olympic games

The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. [...]

https://www.bleepingcomputer.com/news/security/frances-grand-palais-discloses-cyberattack-during-olympic-games/

 Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [...]

https://www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/

 INTERPOL recovers over $40 million stolen in a BEC attack

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. [...]

https://www.bleepingcomputer.com/news/security/interpol-recovers-over-40-million-stolen-in-a-bec-attack/

 Google Chrome will let you send money to your favourite website

Google has confirmed plans to implement Web Monetization in Chrome, allowing website owners to receive micro-payments as tips or rewards for their content as an additional way to generate revenue. [...]

https://www.bleepingcomputer.com/news/google/google-chrome-will-let-you-send-money-to-your-favourite-website/

 Microsoft 365 anti-phishing feature can be bypassed with CSS

Researchers have demonstrated a method to bypass an anti-phishing measure in Microsoft 365 (formerly Office 365), elevating the risk of users opening malicious emails.` [...]

https://www.bleepingcomputer.com/news/security/microsoft-365-anti-phishing-feature-can-be-bypassed-with-css/

 How MSPs and MSSPs offer vCISO services with skilled CISOs in short supply

With skilled CISOs in short supply, service providers are turning to virtual CISOs. A new eBook by Cynomi explains how service providers/MSPs can quickly and easily expand vCISO service offerings to their customers. [...]

https://www.bleepingcomputer.com/news/security/how-msps-and-mssps-offer-vciso-services-with-skilled-cisos-in-short-supply/

 Critical Progress WhatsUp RCE flaw now under active exploitation

Threat actors are actively attempting to exploit a recently fixed  Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. [...]

https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/

 macOS Sequoia brings better Gatekeeper, stalkerware protections

Apple's macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. [...]

https://www.bleepingcomputer.com/news/apple/macos-sequoia-brings-better-gatekeeper-stalkerware-protections/

 UK IT provider faces $7.7 million fine for 2022 ransomware breach

The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. [...]

https://www.bleepingcomputer.com/news/security/uk-it-provider-faces-77-million-fine-for-2022-ransomware-breach/

 McLaren hospitals disruption linked to INC ransomware attack

​On Tuesday, IT and phone systems at McLaren Health Care hospitals were disrupted following an attack linked to the INC Ransom ransomware operation. [...]

https://www.bleepingcomputer.com/news/security/mclaren-hospitals-disruption-linked-to-inc-ransomware-attack/

 Windows Update downgrade attack "unpatches" fully-updated systems

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [...]

https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully-updated-systems/

 New CMoon USB worm targets Russians in data theft attacks

A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. [...]

https://www.bleepingcomputer.com/news/security/new-cmoon-usb-worm-targets-russians-in-data-theft-attacks/

 FBI: BlackSuit ransomware made over $500 million in ransom demands

CISA and the FBI confirmed today that the Royal ransomware rebranded to BlackSuit and has demanded over $500 million from victims since it emerged more than two years ago. [...]

https://www.bleepingcomputer.com/news/security/fbi-blacksuit-ransomware-made-over-500-million-in-ransom-demands/

 SEC ends probe into MOVEit attacks impacting 95 million people

The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. [...]

https://www.bleepingcomputer.com/news/security/sec-ends-probe-into-moveit-attacks-impacting-95-million-people/