New Octopus Scanner malware spreads via GitHub supply chain attack
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). [...]
https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT). [...]
https://www.bleepingcomputer.com/news/security/new-octopus-scanner-malware-spreads-via-github-supply-chain-attack/
BleepingComputer
New Octopus Scanner malware spreads via GitHub supply chain attack
Security researchers have found a new malware that finds and backdoors open-source NetBeans projects hosted on the GitHub web-based code hosting platform to spread to Windows, Linux, and macOS systems and deploy a Remote Administration Tool (RAT).
NSA: Russian govt hackers exploiting critical Exim flaw since 2019
The U.S. National Security Agency (NSA) says that Russian military threat actors tracked as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019. [...]
https://www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/
The U.S. National Security Agency (NSA) says that Russian military threat actors tracked as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019. [...]
https://www.bleepingcomputer.com/news/security/nsa-russian-govt-hackers-exploiting-critical-exim-flaw-since-2019/
BleepingComputer
NSA: Russian govt hackers exploiting critical Exim flaw since 2019
The U.S. National Security Agency (NSA) says that Russian military threat actors tracked as Sandworm Team have been exploiting a critical flaw in the Exim mail transfer agent (MTA) software since at least August 2019.
Michigan State University network breached in ransomware attack
Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution's network will be leaked to the public. [...]
https://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/
Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution's network will be leaked to the public. [...]
https://www.bleepingcomputer.com/news/security/michigan-state-university-network-breached-in-ransomware-attack/
BleepingComputer
Michigan State University network breached in ransomware attack
Michigan State University received a deadline to pay ransomware attackers under the threat that files stolen from the institution's network will be leaked to the public.
Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines. [...]
https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/
This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines. [...]
https://www.bleepingcomputer.com/news/security/microsoft-iis-servers-hacked-by-blue-mockingbird-to-mine-monero/
BleepingComputer
Microsoft IIS servers hacked by Blue Mockingbird to mine Monero
This month news broke about a hacker group, namely Blue Mockingbird, exploiting a critical vulnerability in Microsoft IIS servers to plant Monero (XMR) cryptocurrency miners on compromised machines.
Minted discloses data breach after 5M user records sold online
Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace. [...]
https://www.bleepingcomputer.com/news/security/minted-discloses-data-breach-after-5m-user-records-sold-online/
Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace. [...]
https://www.bleepingcomputer.com/news/security/minted-discloses-data-breach-after-5m-user-records-sold-online/
BleepingComputer
Minted discloses data breach after 5M user records sold online
Minted, a US-based marketplace for independent artists, has disclosed a data breach after a hacker sold a database containing 5 million user records on a dark web marketplace.
200K sites with buggy WordPress plugin exposed to wipe attacks
Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions. [...]
https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/
Two high severity security vulnerabilities found in the PageLayer plugin can let attackers to potentially wipe the contents or take over WordPress sites using vulnerable plugin versions. [...]
https://www.bleepingcomputer.com/news/security/200k-sites-with-buggy-wordpress-plugin-exposed-to-wipe-attacks/
Fake Valorant Mobile app pushes scams on eager gamers
As the eagerly anticipated tactical FPS game Valorant ends their closed beta, a fake mobile version is being distributed that displays nothing but scams to those who install it. [...]
https://www.bleepingcomputer.com/news/security/fake-valorant-mobile-app-pushes-scams-on-eager-gamers/
As the eagerly anticipated tactical FPS game Valorant ends their closed beta, a fake mobile version is being distributed that displays nothing but scams to those who install it. [...]
https://www.bleepingcomputer.com/news/security/fake-valorant-mobile-app-pushes-scams-on-eager-gamers/
BleepingComputer
Fake Valorant Mobile app pushes scams on eager gamers
As the eagerly anticipated tactical FPS game Valorant ends their closed beta, a fake mobile version is being distributed that displays nothing but scams to those who install it.
Cisco hacked by exploiting vulnerable SaltStack servers
Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month. [...]
https://www.bleepingcomputer.com/news/security/cisco-hacked-by-exploiting-vulnerable-saltstack-servers/
Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month. [...]
https://www.bleepingcomputer.com/news/security/cisco-hacked-by-exploiting-vulnerable-saltstack-servers/
BleepingComputer
Cisco hacked by exploiting vulnerable SaltStack servers
Cisco said today that some of its Cisco Virtual Internet Routing Lab Personal Edition (VIRL-PE) backend servers were hacked by exploiting critical SaltStack vulnerabilities patched last month.
Windows 10 2004 update not offered? Here's how to get it now
Microsoft officially started rolling out Windows 10 version 2004, the Windows 10 May 2020 Update yesterday, but for many people, it is not being offered when they check via Windows Update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-update-not-offered-heres-how-to-get-it-now/
Microsoft officially started rolling out Windows 10 version 2004, the Windows 10 May 2020 Update yesterday, but for many people, it is not being offered when they check via Windows Update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-update-not-offered-heres-how-to-get-it-now/
BleepingComputer
Windows 10 2004 update not offered? Here's how to get it now
Microsoft officially started rolling out Windows 10 version 2004, the Windows 10 May 2020 Update yesterday, but for many people, it is not being offered when they check via Windows Update.
Highly-targeted attacks on industrial sector hide payload in images
Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images. [...]
https://www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/
Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images. [...]
https://www.bleepingcomputer.com/news/security/highly-targeted-attacks-on-industrial-sector-hide-payload-in-images/
BleepingComputer
Highly-targeted attacks on industrial sector hide payload in images
Attackers looking to steal employee credentials from organizations tied to the industrial sector deployed highly-targeted operations that delivered malicious PowerShell scripts in images.
Microsoft mitigates Windows 10 2004 known issue impacting DISM
Microsoft acknowledged and mitigated a new Windows 10 known issue affecting the Deployment Image Servicing and Management (DISM) tool used to service Windows images prior to deployment. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-10-2004-known-issue-impacting-dism/
Microsoft acknowledged and mitigated a new Windows 10 known issue affecting the Deployment Image Servicing and Management (DISM) tool used to service Windows images prior to deployment. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-mitigates-windows-10-2004-known-issue-impacting-dism/
BleepingComputer
Microsoft mitigates Windows 10 2004 known issue impacting DISM
Microsoft acknowledged and mitigated a new Windows 10 known issue affecting the Deployment Image Servicing and Management (DISM) tool used to service Windows images prior to deployment.
Windows 10 2004 upgrade may be blocked due to old graphics drivers
Microsoft is blocking Windows 10 2004 upgrades due to multiple conflicts caused by older or incompatible display drivers. Microsoft will not allow the May 2020 Update to be installed until these issues are resolved. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-upgrade-may-be-blocked-due-to-old-graphics-drivers/
Microsoft is blocking Windows 10 2004 upgrades due to multiple conflicts caused by older or incompatible display drivers. Microsoft will not allow the May 2020 Update to be installed until these issues are resolved. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-2004-upgrade-may-be-blocked-due-to-old-graphics-drivers/
BleepingComputer
Windows 10 2004 upgrade may be blocked due to old graphics drivers
Microsoft is blocking Windows 10 2004 upgrades due to multiple conflicts caused by older or incompatible display drivers. Microsoft will not allow the May 2020 Update to be installed until these issues are resolved.
Valak malware steals credentials from Microsoft Exchange servers
Classified initially as a malware loader, Valak has morphed into an information stealer that targets Microsoft Exchange servers to rob email login credentials and certificates from enterprises. [...]
https://www.bleepingcomputer.com/news/security/valak-malware-steals-credentials-from-microsoft-exchange-servers/
Classified initially as a malware loader, Valak has morphed into an information stealer that targets Microsoft Exchange servers to rob email login credentials and certificates from enterprises. [...]
https://www.bleepingcomputer.com/news/security/valak-malware-steals-credentials-from-microsoft-exchange-servers/
BleepingComputer
Valak malware steals credentials from Microsoft Exchange servers
Classified initially as a malware loader, Valak has morphed into an information stealer that targets Microsoft Exchange servers to rob email login credentials and certificates from enterprises.
Google Chrome 84 to hide abusive notifications starting July
Google will start blocking abusive sites from delivering web notifications to Chrome 84 users starting July by automatically enrolling them in the quieter notifications UI launched in January 2020. [...]
https://www.bleepingcomputer.com/news/google/google-chrome-84-to-hide-abusive-notifications-starting-july/
Google will start blocking abusive sites from delivering web notifications to Chrome 84 users starting July by automatically enrolling them in the quieter notifications UI launched in January 2020. [...]
https://www.bleepingcomputer.com/news/google/google-chrome-84-to-hide-abusive-notifications-starting-july/
BleepingComputer
Google Chrome 84 to hide abusive notifications starting July
Google will start blocking abusive sites from delivering web notifications to Chrome 84 users starting July by automatically enrolling them in the quieter notifications UI launched in January 2020.
Nworm: TrickBot gangβs new stealthy malware spreading module
The Trickbot banking trojan has evolved once again with a new malware spreading module that uses a stealth mode to quietly infect Windows domain controllers without being detected. [...]
https://www.bleepingcomputer.com/news/security/nworm-trickbot-gang-s-new-stealthy-malware-spreading-module/
The Trickbot banking trojan has evolved once again with a new malware spreading module that uses a stealth mode to quietly infect Windows domain controllers without being detected. [...]
https://www.bleepingcomputer.com/news/security/nworm-trickbot-gang-s-new-stealthy-malware-spreading-module/
BleepingComputer
Nworm: TrickBot gangβs new stealthy malware spreading module
The Trickbot banking trojan has evolved once again with a new malware spreading module that uses a stealth mode to quietly infect Windows domain controllers without being detected.
The Week in Ransomware - May 29th 2020 - Quiet before the storm?
For the most part, this week has been fairly quiet with not a lot of new ransomware released and only a few large-scale ransomware attacks. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-29th-2020-quiet-before-the-storm/
For the most part, this week has been fairly quiet with not a lot of new ransomware released and only a few large-scale ransomware attacks. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-29th-2020-quiet-before-the-storm/
BleepingComputer
The Week in Ransomware - May 29th 2020 - Quiet before the storm?
For the most part, this week has been fairly quiet with not a lot of new ransomware released and only a few large-scale ransomware attacks.
Amtrak resets user passwords after Guest Rewards data breach
The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the exposure of personal information of some Guest Rewards members. [...]
https://www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/
The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the exposure of personal information of some Guest Rewards members. [...]
https://www.bleepingcomputer.com/news/security/amtrak-resets-user-passwords-after-guest-rewards-data-breach/
BleepingComputer
Amtrak resets user passwords after Guest Rewards data breach
The National Railroad Passenger Corporation (Amtrak) disclosed a data breach that led to the exposure of personal information of some Guest Rewards members.
List of well-known web sites that port scan their visitors
Many well-known and heavily used web sites are using a fraud protection script that port scans your local computer for remote access programs. [...]
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
Many well-known and heavily used web sites are using a fraud protection script that port scans your local computer for remote access programs. [...]
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
BleepingComputer
List of well-known web sites that port scan their visitors
Many well-known and heavily used web sites are using a fraud protection script that port scans your local computer for remote access programs.
Windows 10's Winget Package Manager gets third-party front ends
Windows 10's Winget package manager is an excellent tool for installing popular applications, but it only works from the command line. To make it easier to find apps and install them, third-party developers have released front-ends for Windows 10's new package manager. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10s-winget-package-manager-gets-third-party-front-ends/
Windows 10's Winget package manager is an excellent tool for installing popular applications, but it only works from the command line. To make it easier to find apps and install them, third-party developers have released front-ends for Windows 10's new package manager. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10s-winget-package-manager-gets-third-party-front-ends/
BleepingComputer
Windows 10's Winget Package Manager gets third-party front ends
Windows 10's Winget package manager is an excellent tool for installing popular applications, but it only works from the command line. To make it easier to find apps and install them, third-party developers have released front-ends for Windows 10's new packageβ¦
Office 365 to give detailed info on malicious email attachments
Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation. [...]
https://www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/
Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation. [...]
https://www.bleepingcomputer.com/news/security/office-365-to-give-detailed-info-on-malicious-email-attachments/
BleepingComputer
Office 365 to give detailed info on malicious email attachments
Microsoft will provide Office 365 Advanced Threat Protection (ATP) users with more details on malware samples and malicious URLs discovered following detonation.