Hackers are exploiting critical bug in LiteSpeed Cache plugin

Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. [...]

https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-bug-in-litespeed-cache-plugin/

 Greasy Opal's CAPTCHA solver still serving cybercrime after 16 years

A developer that researchers now track as Greasy Opal, operating as a seemingly legitimate business, has been fueling the cybercrime-as-a-service industry with a tool that bypasses account security solutions and allows bot-led CAPTCHA solving at scale. [...]

https://www.bleepingcomputer.com/news/security/greasy-opals-captcha-solver-still-serving-cybercrime-after-16-years/

 Russian laundering millions for Lazarus hackers arrested in Argentina

The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...]

https://www.bleepingcomputer.com/news/legal/russian-laundering-millions-for-lazarus-hackers-arrested-in-argentina/

 US oil giant Halliburton confirms cyberattack behind systems shutdown

​Halliburton, one of the world's largest providers of services to the energy industry, has confirmed a cyberattack that forced it to shut down some of its systems earlier this week. [...]

https://www.bleepingcomputer.com/news/security/us-oil-giant-halliburton-confirms-cyberattack-behind-systems-shutdown/

 Hackers now use AppDomain Injection to drop CobaltStrike beacons

A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. [...]

https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/

 New Windows 10 22H2 beta fixes memory leaks and crashes

Microsoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-10-22h2-beta-fixes-memory-leaks-and-crashes/

 Microsoft shares temp fix for Linux boot issues on dual-boot systems

Microsoft shared a workaround for Linux boot issues triggered by August security updates on dual-boot systems with Secure Boot enabled [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-linux-boot-issues-on-dual-boot-systems/

 American Radio Relay League confirms $1 million ransom payment

The American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack [...]

https://www.bleepingcomputer.com/news/security/american-radio-relay-league-confirms-1-million-ransom-payment/

 Stealthy 'sedexp' Linux malware evaded detection for two years

A stealthy Linux malware named 'sedexp' has been evading detection since 2022 by using a persistence technique not yet included in the MITRE ATT&CK framework. [...]

https://www.bleepingcomputer.com/news/security/stealthy-sedexp-linux-malware-evaded-detection-for-two-years/

 Audit finds notable security gaps in FBI's storage media management

An audit from the Department of Justice's Office of the Inspector General (OIG) identified "significant weaknesses" in FBI's inventory management and disposal of electronic storage media containing sensitive and classified information. [...]

https://www.bleepingcomputer.com/news/security/audit-finds-notable-security-gaps-in-fbis-storage-media-management/

 Seattle-Tacoma Airport IT systems down due to a cyberattack

The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. [...]

https://www.bleepingcomputer.com/news/security/seattle-tacoma-airport-it-systems-down-due-to-a-cyberattack/

 Remote Work: A Ticking Time Bomb Waiting to be Exploited

ThreatLocker has created a list of the top 15 actions to secure an organization if employing a remote or hybrid workforce. Learn more in this free e-book from ThreatLocker. [...]

https://www.bleepingcomputer.com/news/security/remote-work-a-ticking-time-bomb-waiting-to-be-exploited/

 SonicWall warns of critical access control flaw in SonicOS

SonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash. [...]

https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos/

 Versa fixes Director zero-day vulnerability exploited in attacks

Versa Networks has fixed a zero-day vulnerability exploited in the wild that allows attackers to upload malicious files by exploiting an unrestricted file upload flaw in the Versa Director GUI. [...]

https://www.bleepingcomputer.com/news/security/versa-fixes-director-zero-day-vulnerability-exploited-in-attacks/

 Uber fined $325 million for moving driver data from Europe to US

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of  €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. [...]

https://www.bleepingcomputer.com/news/legal/uber-fined-325-million-for-moving-driver-data-from-europe-to-us/

 Microsoft: Exchange Online mistakenly tags emails as malware

Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-mistakenly-tags-emails-as-malware/

 Patelco notifies 726,000 customers of ransomware data breach

Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year. [...]

https://www.bleepingcomputer.com/news/security/patelco-notifies-726-000-customers-of-ransomware-data-breach/

 Google tags a tenth Chrome zero-day as exploited this year

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. [...]

https://www.bleepingcomputer.com/news/security/google-tags-a-tenth-chrome-zero-day-as-exploited-this-year/

 Microsoft Sway abused in massive QR code phishing campaign

​A massive QR code phishing campaign abused Microsoft Sway, a cloud-based tool for creating online presentations, to host landing pages to trick Microsoft 365 users into handing over their credentials. [...]

https://www.bleepingcomputer.com/news/security/microsoft-sway-abused-in-massive-qr-code-phishing-campaign/

 How to identify unknown assets while pen testing

External Attack Surface Management (EASM) coupled with Penetration Testing as a Service (PTaaS) can help find those blind spots and hidden assets exposed on your network. Learn more from Outpost24 about how combining EASM and PTaaS can help reveal these hidden pitfalls. [...]

https://www.bleepingcomputer.com/news/security/how-to-identify-unknown-assets-while-pen-testing/