Posts

Showing posts from April, 2024

New Latrodectus malware attacks use Microsoft, Cloudflare themes

Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security platforms to detect the emails as malicious. [...] https://www.bleepingcomputer.com/news/security/new-latrodectus-malware-attacks-use-microsoft-cloudflare-themes/ Posted from: this blog via Microsoft Power Automate .

Philadelphia Inquirer: Data of over 25,000 people stolen in 2023 breach

Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. [...] https://www.bleepingcomputer.com/news/security/philadelphia-inquirer-data-of-over-25-000-people-stolen-in-2023-breach/ Posted from: this blog via Microsoft Power Automate .

R language flaw allows code execution via RDS/RDX files

A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. [...] https://www.bleepingcomputer.com/news/security/r-language-flaw-allows-code-execution-via-rds-rdx-files/ Posted from: this blog via Microsoft Power Automate .

Google now pays up to $450,000 for RCE bugs in some Android apps

Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward reaching $450,000 for exceptional quality reports. [...] https://www.bleepingcomputer.com/news/security/google-now-pays-up-to-450-000-for-rce-bugs-in-some-android-apps/ Posted from: this blog via Microsoft Power Automate .

Millions of Docker repos found pushing malware, phishing sites

Three large-scale campaigns have targeted Docker Hub users, planting millions of repositories designed to push malware and phishing sites since early 2021. [...] https://www.bleepingcomputer.com/news/security/millions-of-docker-repos-found-pushing-malware-phishing-sites/ Posted from: this blog via Microsoft Power Automate .

New Wpeeper Android malware hides behind hacked WordPress sites

A new Android backdoor malware named 'Wpeeper' has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party app store for Android devices with over 220 million downloads. [...] https://www.bleepingcomputer.com/news/security/new-wpeeper-android-malware-hides-behind-hacked-wordpress-sites/ Posted from: this blog via Microsoft Power Automate .

Change Healthcare hacked using stolen Citrix account with no MFA

UnitedHealth confirms that Change Healthcare's network was breached by the BlackCat ransomware gang, who used stolen credentials to log into the company's Citrix remote access service, which did not have multi-factor authentication enabled. [...] https://www.bleepingcomputer.com/news/security/change-healthcare-hacked-using-stolen-citrix-account-with-no-mfa/ Posted from: this blog via Microsoft Power Automate .

Muddling Meerkat hackers manipulate DNS using China’s Great Firewall

A new cluster of activity tracked as "Muddling Meerkat" is believed to be linked to a Chinese state-sponsored threat actor's manipulation of DNS to probe networks globally since October 2019, with a spike in activity observed in September 2023. [...] https://www.bleepingcomputer.com/news/security/muddling-meerkat-hackers-manipulate-dns-using-chinas-great-firewall/ Posted from: this blog via Microsoft Power Automate .

FCC fines carriers $200 million for illegally sharing user location

​The Federal Communications Commission (FCC) has fined the largest U.S. wireless carriers almost $200 million for sharing their customers' real-time location data without their consent. [...] https://www.bleepingcomputer.com/news/technology/fcc-fines-carriers-200-million-for-illegally-sharing-user-location/ Posted from: this blog via Microsoft Power Automate .

London Drugs pharmacy chain closes stores after cyberattack

​Canadian pharmacy chain London Drugs has closed all its retail stores to contain what it described as a "cybersecurity incident." [...] https://www.bleepingcomputer.com/news/security/london-drugs-pharmacy-chain-closes-stores-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

FBI warns of fake verification schemes targeting dating app users

The FBI is warning of fake verification schemes promoted by fraudsters on online dating platforms that lead to costly recurring subscription charges. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-verification-schemes-targeting-dating-app-users/ Posted from: this blog via Microsoft Power Automate .

Google rejected 2.28 million risky Android apps from Play store in 2023

Google blocked 2.28 million Android apps from being published on Google Play after finding various policy violations that could threaten user's security. [...] https://www.bleepingcomputer.com/news/security/google-rejected-228-million-risky-android-apps-from-play-store-in-2023/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bug behind incorrect BitLocker encryption errors

Microsoft has fixed a known issue causing incorrect BitLocker drive encryption errors in some managed Windows environments. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-incorrect-bitlocker-encryption-errors/ Posted from: this blog via Microsoft Power Automate .

Collection agency FBCS warns data breach impacts 1.9 million people

Financial Business and Consumer Solutions (FBCS) is warning 1,955,385 impacted individuals in the United States that the company suffered a data breach after discovering unauthorized access to specific systems in its network. [...] https://www.bleepingcomputer.com/news/security/collection-agency-fbcs-warns-data-breach-impacts-19-million-people/ Posted from: this blog via Microsoft Power Automate .

US Post Office phishing sites get as much traffic as the real one

Security researchers analyzing phishing campaigns that target United States Postal Service (USPS) saw that the traffic to the fake domains is typically similar to what the legitimate site records and it is even higher during holidays. [...] https://www.bleepingcomputer.com/news/security/us-post-office-phishing-sites-get-as-much-traffic-as-the-real-one/ Posted from: this blog via Microsoft Power Automate .

Japanese police create fake support scam payment cards to warn victims

Japanese police placed fake payment cards in convenience stores to protect the elderly targeted by tech support scams or unpaid money fraud. [...] https://www.bleepingcomputer.com/news/security/japanese-police-create-fake-support-scam-payment-cards-to-warn-victims/ Posted from: this blog via Microsoft Power Automate .

Okta warns of "unprecedented" credential stuffing attacks on customers

Okta warns of an "unprecedented" spike in credential stuffing attacks targeting its identity and access management solutions, with some customer accounts breached in the attacks. [...] https://www.bleepingcomputer.com/news/security/okta-warns-of-unprecedented-credential-stuffing-attacks-on-customers/ Posted from: this blog via Microsoft Power Automate .

Telegram is down with "Connecting" error

Telegram users are currently experiencing issues worldwide, with users unable to use the website and mobile apps. [...] https://www.bleepingcomputer.com/news/technology/telegram-is-down-with-connecting-error/ Posted from: this blog via Microsoft Power Automate .

Fake job interviews target developers with new Python backdoor

A new campaign tracked as "Dev Popper" is targeting software developers with fake job interviews in an attempt to trick them into installing a Python remote access trojan (RAT). [...] https://www.bleepingcomputer.com/news/security/fake-job-interviews-target-developers-with-new-python-backdoor/ Posted from: this blog via Microsoft Power Automate .

FBI warns against using unlicensed crypto transfer services

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-unlicensed-crypto-transfer-services/ Posted from: this blog via Microsoft Power Automate .

FBI warns against using unlicensed crypto transfer services

The FBI has warned today that using unlicensed cryptocurrency transfer services can result in financial loss if these platforms are taken down by law enforcement. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-against-using-unlicensed-crypto-transfer-services/ Posted from: this blog via Microsoft Power Automate .

LA County Health Services: Patients' data exposed in phishing attack

The L.A. County's Department of Health Services, the second-largest public health care system in the United States, disclosed a data breach after patients' personal and health information was exposed in a data breach resulting from a recent phishing attack impacting over two dozen employees. [...] https://www.bleepingcomputer.com/news/security/la-county-health-services-patients-data-exposed-in-phishing-attack/ Posted from: this blog via Microsoft Power Automate .

Researchers sinkhole PlugX malware server with 2.5 million unique IPs

Researchers have sinkholed a command and control server for a variant of the PlugX malware and observed in six months more than 2.5 million connections from unique IP addresses. [...] https://www.bleepingcomputer.com/news/security/researchers-sinkhole-plugx-malware-server-with-25-million-unique-ips/ Posted from: this blog via Microsoft Power Automate .

Reddit down in major outage blocking access to web, mobile apps

Reddit is investigating a major outage blocking users worldwide from accessing the social network's websites and mobile apps. [...] https://www.bleepingcomputer.com/news/technology/reddit-down-in-major-outage-blocking-access-to-web-mobile-apps/ Posted from: this blog via Microsoft Power Automate .

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

​Over 1,400 CrushFTP servers exposed online were found vulnerable to attacks currently targeting a critical severity server-side template injection (SSTI) vulnerability previously exploited as a zero-day. [...] https://www.bleepingcomputer.com/news/security/over-1-400-crushftp-servers-vulnerable-to-actively-exploited-bug/ Posted from: this blog via Microsoft Power Automate .

WP Automatic WordPress plugin hit by millions of SQL injection attacks

Hackers have started to target a critical severity vulnerability in the WP Automatic plugin for WordPress to create user accounts with administrative privileges and to plant backdoors for long-term access. [...] https://www.bleepingcomputer.com/news/security/wp-automatic-wordpress-plugin-hit-by-millions-of-sql-injection-attacks/ Posted from: this blog via Microsoft Power Automate .

New Brokewell malware takes over Android devices, steals data

Security researchers have discovered a new Android banking trojan they named Brokewell that can capture every event on the device, from touches and information displayed to text input and the applications the user launches. [...] https://www.bleepingcomputer.com/news/security/new-brokewell-malware-takes-over-android-devices-steals-data/ Posted from: this blog via Microsoft Power Automate .

US charges Samourai cryptomixer founders for laundering $100 million

Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. [...] https://www.bleepingcomputer.com/news/security/us-charges-samourai-cryptomixer-founders-for-laundering-100-million/ Posted from: this blog via Microsoft Power Automate .

US charges Samourai cryptomixer founders for laundering $100 million

Keonne Rodriguez and William Lonergan Hill have been charged by the U.S. Department of Justice for laundering more than $100 million from various criminal enterprises through Samourai, a cryptocurrency mixer service they ran for nearly a decade. [...] https://www.bleepingcomputer.com/news/security/us-charges-samourai-cryptomixer-founders-for-laundering-100-million/ Posted from: this blog via Microsoft Power Automate .

Maximum severity Flowmon bug has a public exploit, patch now

Proof-of-concept exploit code has been released for a top-severity security vulnerability in Progress Flowmon, a tool for monitoring network performance and visibility. [...] https://www.bleepingcomputer.com/news/security/maximum-severity-flowmon-bug-has-a-public-exploit-patch-now/ Posted from: this blog via Microsoft Power Automate .

ArcaneDoor hackers exploit Cisco zero-days to breach govt networks

​Cisco warned today that a state-backed hacking group has been exploiting two zero-day vulnerabilities in Adaptive Security Appliance (ASA) and Firepower Threat Defense (FTD) firewalls since November 2023 to breach government networks worldwide. [...] https://www.bleepingcomputer.com/news/security/arcanedoor-hackers-exploit-cisco-zero-days-to-breach-govt-networks/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5036980 update goes live with Start Menu ads

​Microsoft has enabled Start menu ads in the optional KB5036980 preview cumulative update for Windows 11 22H2 and 23H2. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5036980-update-goes-live-with-start-menu-ads/ Posted from: this blog via Microsoft Power Automate .

Ring customers get $5.6 million in privacy breach settlement

The Federal Trade Commission is sending $5.6 million in refunds to Ring users whose private video feeds were accessed without consent by Amazon employees and contractors, or had their accounts and devices hacked because of insufficient security protections. [...] https://www.bleepingcomputer.com/news/security/ring-customers-get-56-million-in-privacy-breach-settlement/ Posted from: this blog via Microsoft Power Automate .

Microsoft pulls fix for Outlook bug behind ICS security alerts

Microsoft reversed the fix for an Outlook bug causing erroneous security warnings after installing December 2023 security updates [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-fix-for-outlook-bug-unexpected-ICS-warnings-after-December-security-updates/ Posted from: this blog via Microsoft Power Automate .

CoralRaider attacks use CDN cache to push info-stealer malware

A threat actor has been using a content delivery network cache to store information-stealing malware in an ongoing campaign targeting systems U.S., the U.K., Germany, and Japan. [...] https://www.bleepingcomputer.com/news/security/coralraider-attacks-use-cdn-cache-to-push-info-stealer-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases Exchange hotfixes for security update issues

​Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-exchange-hotfixes-for-security-update-issues/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases Exchange hotfixes for security update issues

​Microsoft has released hotfix updates to address multiple known issues impacting Exchange servers after installing the March 2024 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-exchange-hotfixes-for-security-update-issues/ Posted from: this blog via Microsoft Power Automate .

US govt sanctions Iranians linked to government cyberattacks

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement in cyberattacks against the U.S. government, defense contractors, and private companies. [...] https://www.bleepingcomputer.com/news/security/us-govt-sanctions-iranians-linked-to-government-cyberattacks/ Posted from: this blog via Microsoft Power Automate .

DPRK hacking groups breach South Korean defense contractors

The National Police Agency in South Korea issued an urgent warning today about North Korean hacking groups targeting defense industry entities to steal valuable technology information. [...] https://www.bleepingcomputer.com/news/security/dprk-hacking-groups-breach-south-korean-defense-contractors/ Posted from: this blog via Microsoft Power Automate .

US imposes visa bans on 13 spyware makers and their families

​The Department of State has started imposing visa restrictions on mercenary spyware makers and peddlers, prohibiting their entry into the United States, as announced earlier in February. [...] https://www.bleepingcomputer.com/news/security/us-imposes-visa-bans-on-13-spyware-makers-and-their-families/ Posted from: this blog via Microsoft Power Automate .

Hackers hijack antivirus updates to drop GuptiMiner malware

North Korean hackers have been exploiting the updating mechanism of the eScan antivirus to plant backdoors on big corporate networks and deliver cryptocurrency miners through GuptiMiner malware. [...] https://www.bleepingcomputer.com/news/security/hackers-hijack-antivirus-updates-to-drop-guptiminer-malware/ Posted from: this blog via Microsoft Power Automate .

UnitedHealth confirms it paid ransomware gang to stop data leak

The UnitedHealth Group has confirmed that it paid a ransom to cybercriminals to protect sensitive data stolen during the Optum ransomware attack in late February. [...] https://www.bleepingcomputer.com/news/security/unitedhealth-confirms-it-paid-ransomware-gang-to-stop-data-leak/ Posted from: this blog via Microsoft Power Automate .

Microsoft: APT28 hackers exploit Windows flaw reported by NSA

​Microsoft warns that the Russian APT28 threat group exploits a Windows Print Spooler vulnerability to escalate privileges and steal credentials and data using a previously unknown hacking tool called GooseEgg. [...] https://www.bleepingcomputer.com/news/security/microsoft-apt28-hackers-exploit-windows-flaw-reported-by-nsa/ Posted from: this blog via Microsoft Power Automate .

Synlab Italia suspends operations following ransomware attack

Synlab Italia has suspended all its medical diagnostic and testing services after a ransomware attack forced its IT systems to be taken offline. [...] https://www.bleepingcomputer.com/news/security/synlab-italia-suspends-operations-following-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

GitLab affected by GitHub-style CDN flaw allowing malware hosting

BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion. [...] https://www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/ Posted from: this blog via Microsoft Power Automate .

Russian Sandworm hackers targeted 20 critical orgs in Ukraine

Russian hacker group Sandworm aimed to disrupt operations at around 20 critical infrastructure facilities in Ukraine, according to a report from the Ukrainian Computer Emergency Response Team (CERT-UA). [...] https://www.bleepingcomputer.com/news/security/russian-sandworm-hackers-targeted-20-critical-orgs-in-ukraine/ Posted from: this blog via Microsoft Power Automate .

Malware dev lures child exploiters into honeytrap to extort them

You rarely root for a cybercriminal, but a new malware campaign targeting child exploiters doesn't make you feel bad for the victims. [...] https://www.bleepingcomputer.com/news/security/malware-dev-lures-child-exploiters-into-honeytrap-to-extort-them/ Posted from: this blog via Microsoft Power Automate .

Ransomware payments drop to record low of 28% in Q1 2024

Ransomware actors have had a rough start this year, as stats from cybersecurity firm Coveware show that the trend of victims declining to pay the cybercriminals continues and has now reached a new record low of 28%. [...] https://www.bleepingcomputer.com/news/security/ransomware-payments-drop-to-record-low-of-28-percent-in-q1-2024/ Posted from: this blog via Microsoft Power Automate .

Critical Forminator plugin flaw impacts over 300k WordPress sites

The Forminator WordPress plugin used in over 500,000 sites is vulnerable to a flaw that allows malicious actors to perform unrestricted file uploads to the server. [...] https://www.bleepingcomputer.com/news/security/critical-forminator-plugin-flaw-impacts-over-300k-wordpress-sites/ Posted from: this blog via Microsoft Power Automate .

GitHub comments abused to push malware via Microsoft repo URLs

A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository, making the files appear trustworthy. [...] https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/ Posted from: this blog via Microsoft Power Automate .

The Week in Ransomware - April 19th 2024 - Attacks Ramp Up

While ransomware attacks decreased after the LockBit and BlackCat disruptions, they have once again started to ramp up with other operations filling the void. [...] https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-april-19th-2024-attacks-ramp-up/ Posted from: this blog via Microsoft Power Automate .

CrushFTP warns users to patch exploited zero-day “immediately”

CrushFTP warned customers today in a private memo of an actively exploited zero-day vulnerability fixed in new versions released today, urging them to patch their servers immediately. [...] https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/ Posted from: this blog via Microsoft Power Automate .

HelloKitty ransomware rebrands, releases CD Projekt and Cisco data

An operator of the HelloKitty ransomware operation announced they changed the name to 'HelloGookie,' releasing passwords for previously leaked CD Projekt source code, Cisco network information, and decryption keys from old attacks.. [...] https://www.bleepingcomputer.com/news/security/hellokitty-ransomware-rebrands-releases-cd-projekt-and-cisco-data/ Posted from: this blog via Microsoft Power Automate .

MITRE says state hackers breached its network via Ivanti zero-days

The MITRE Corporation says a state-backed hacking group breached its systems in January 2024 by chaining two Ivanti VPN zero-days. [...] https://www.bleepingcomputer.com/news/security/mitre-says-state-hackers-breached-its-network-via-ivanti-zero-days/ Posted from: this blog via Microsoft Power Automate .

United Nations agency investigates ransomware attack, data theft

​The United Nations Development Programme (UNDP) is investigating a cyberattack after threat actors breached its IT systems to steal human resources data. [...] https://www.bleepingcomputer.com/news/security/united-nations-agency-investigates-ransomware-attack-claimed-by-8Base-gang/ Posted from: this blog via Microsoft Power Automate .

22,500 Palo Alto firewalls "possibly vulnerable" to ongoing attacks

Approximately 22,500 exposed Palo Alto GlobalProtect firewall devices are likely vulnerable to the CVE-2024-3400 flaw, a critical command injection vulnerability that has been actively exploited in attacks since at least March 26, 2024. [...] https://www.bleepingcomputer.com/news/security/22-500-palo-alto-firewalls-possibly-vulnerable-to-ongoing-attacks/ Posted from: this blog via Microsoft Power Automate .

Fake cheat lures gamers into spreading infostealer malware

A new info-stealing malware linked to Redline poses as a game cheat called 'Cheat Lab,' promising downloaders a free copy if they convince their friends to install it too. [...] https://www.bleepingcomputer.com/news/security/fake-cheat-lures-gamers-into-spreading-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

Frontier Communications shuts down systems after cyberattack

​American telecom provider Frontier Communications is restoring systems after a cybercrime group breached some of its IT systems in a recent cyberattack. [...] https://www.bleepingcomputer.com/news/security/frontier-communications-shuts-down-systems-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Microsoft Office LTSC 2024 preview available for Windows, Mac

A preview of Microsoft Office LTSC 2024, a volume-licensed and perpetual version of Office for commercial customers, is now available for Windows and macOS users. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-office-ltsc-2024-preview-available-for-windows-mac/ Posted from: this blog via Microsoft Power Automate .

Cybercriminals pose as LastPass staff to hack password vaults

LastPass is warning of a malicious campaign targeting its users with the CryptoChameleon phishing kit that is associated with cryptocurrency theft. [...] https://www.bleepingcomputer.com/news/security/cybercriminals-pose-as-lastpass-staff-to-hack-password-vaults/ Posted from: this blog via Microsoft Power Automate .

LabHost phishing service with 40,000 domains disrupted, 37 arrested

The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised the infrastructure and arrested 37 suspects, among them the original developer. [...] https://www.bleepingcomputer.com/news/security/labhost-phishing-service-with-40-000-domains-disrupted-37-arrested/ Posted from: this blog via Microsoft Power Automate .

SoumniBot malware exploits Android bugs to evade detection

A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [...] https://www.bleepingcomputer.com/news/security/soumnibot-malware-exploits-android-bugs-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

SoumniBot malware exploits Android bugs to evade detection

A new Android banking malware named 'SoumniBot' is using a less common obfuscation approach by exploiting weaknesses in the Android manifest extraction and parsing procedure. [...] https://www.bleepingcomputer.com/news/security/soumnibot-malware-exploits-android-bugs-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks

In an ongoing Kubernetes cryptomining campaign, attackers target OpenMetadata workloads using critical remote code execution and authentication vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/hackers-hijack-openmetadata-apps-in-kubernetes-cryptomining-attacks/ Posted from: this blog via Microsoft Power Automate .

FIN7 targets American automaker’s IT staff in phishing attacks

The financially motivated threat actor FIN7 targeted a large U.S. car maker with spear-phishing emails for employees in the IT department to infect systems with the Anunak backdoor. [...] https://www.bleepingcomputer.com/news/security/fin7-targets-american-automakers-it-staff-in-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Multiple botnets exploiting one-year-old TP-Link flaw to hack routers

At least six distinct botnet malware operations are hunting for TP-Link Archer AX21 (AX1800) routers vulnerable to a command injection security issue reported and addressed last year. [...] https://www.bleepingcomputer.com/news/security/multiple-botnets-exploiting-one-year-old-tp-link-flaw-to-hack-routers/ Posted from: this blog via Microsoft Power Automate .

Microsoft: New Copilot app added by Edge doesn’t collect data

Microsoft says the new Copilot app, added by recent Edge updates to the list of installed Windows apps, doesn't collect or relay data to its servers. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-new-copilot-app-added-by-edge-doesnt-collect-data/ Posted from: this blog via Microsoft Power Automate .

UK e-visa rollout begins today: no more immigration cards for millions

Starting today, millions living in the UK will receive email invitations to sign up for an e-visa account that will replace their physical immigration documents like Biometric Residence Permits (BRPs). The move is, according to the Home Office, "a key step in creating a modernised and digital border." [...] https://www.bleepingcomputer.com/news/security/uk-e-visa-rollout-begins-today-no-more-immigration-cards-for-millions/ Posted from: this blog via Microsoft Power Automate .

T-Mobile, Verizon workers get texts offering $300 for SIM swaps

Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps. [...] https://www.bleepingcomputer.com/news/security/t-mobile-verizon-workers-get-texts-offering-300-for-sim-swaps/ Posted from: this blog via Microsoft Power Automate .

Cerebral to pay $7 million settlement in Facebook pixel data leak case

The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. [...] https://www.bleepingcomputer.com/news/security/cerebral-to-pay-7-million-settlement-in-facebook-pixel-data-leak-case/ Posted from: this blog via Microsoft Power Automate .

Cerebral to pay $7 million settlement in Facebook pixel data leak case

The U.S. Federal Trade Commission has reached a settlement with telehealth firm Cerebral in which the company will pay $7,000,000 over allegations of mishandling people's sensitive health data. [...] https://www.bleepingcomputer.com/news/security/cerebral-to-pay-7-million-settlement-in-facebook-pixel-data-leak-case/ Posted from: this blog via Microsoft Power Automate .

Ivanti warns of critical flaws in its Avalanche MDM solution

Ivanti has released security updates to fix 27 vulnerabilities in its Avalanche mobile device management (MDM) solution, two of them critical heap overflows that can be exploited for remote command execution. [...] https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/ Posted from: this blog via Microsoft Power Automate .

How to make your web apps resistant to social engineering

There are things that you can do to make your web apps more resistant to social engineering. Learn more from Outpost24 on securing your web applications. [...] https://www.bleepingcomputer.com/news/security/how-to-make-your-web-apps-resistant-to-social-engineering/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang starts leaking alleged stolen Change Healthcare data

The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. [...] https://www.bleepingcomputer.com/news/security/ransomware-gang-starts-leaking-alleged-stolen-change-healthcare-data/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang starts leaking alleged stolen Change Healthcare data

The RansomHub extortion gang has begun leaking what they claim is corporate and patient data stolen from United Health subsidiary Change Healthcare in what has been a long and convoluted extortion process for the company. [...] Posted from: this blog via Microsoft Power Automate .

New SteganoAmor attacks use steganography to target 320 orgs globally

A new campaign conducted by the TA558 hacking group is concealing malicious code inside images using steganography to deliver various malware tools onto targeted systems. [...] Posted from: this blog via Microsoft Power Automate .

Microsoft will limit Exchange Online bulk emails to fight spam

Microsoft has announced plans to fight spam by imposing a daily Exchange Online bulk email limit of 2,000 external recipients starting January 2025. [...] Posted from: this blog via Microsoft Power Automate .