Posts

Showing posts from May, 2024

Live Nation finally confirms massive Ticketmaster data breach

Live Nation has confirmed that Ticketmaster suffered a data breach after its data was stolen from a third-party cloud database provider, which is believed to be Snowflake. [...] https://www.bleepingcomputer.com/news/security/live-nation-finally-confirms-massive-ticketmaster-data-breach/ Posted from: this blog via Microsoft Power Automate .

DMM Bitcoin warns that hackers stole $300 million in Bitcoin

Japanese bitcoin exchange DMM Bitcoin is warning that 4,502.9 Bitcoin (BTC), or approximately $308 million (48.2 billion yen), has been stolen from one of its wallets today, making it the most significant cryptocurrency heist of 2024. [...] https://www.bleepingcomputer.com/news/security/dmm-bitcoin-warns-that-hackers-stole-300-million-in-bitcoin/ Posted from: this blog via Microsoft Power Automate .

DMM Bitcoin warns that hackers stole $300 million in Bitcoin

Japanese bitcoin exchange DMM Bitcoin is warning that 4,502.9 Bitcoin (BTC), or approximately $308 million (48.2 billion yen), has been stolen from one of its wallets today, making it the most significant cryptocurrency heist of 2024. [...] https://www.bleepingcomputer.com/news/security/dmm-bitcoin-warns-that-hackers-stole-300-million-in-bitcoin/ Posted from: this blog via Microsoft Power Automate .

CISA warns of actively exploited Linux privilege elevation flaw

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added two vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog, including a Linux kernel privilege elevation flaw. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-actively-exploited-linux-privilege-elevation-flaw/ Posted from: this blog via Microsoft Power Automate .

Snowflake account hacks linked to Santander, Ticketmaster breaches

A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake. However, Snowflake disputes these claims, saying recent breaches were caused by poorly secured customer accounts. [...] https://www.bleepingcomputer.com/news/security/snowflake-account-hacks-linked-to-santander-ticketmaster-breaches/ Posted from: this blog via Microsoft Power Automate .

Europol identifies 8 cybercriminals tied to malware loader botnets

Europol and German law enforcement have revealed the identities of eight cybercriminals linked to the various malware droppers and loaders disrupted as part of the Operation Endgame law enforcement operation. [...] https://www.bleepingcomputer.com/news/legal/europol-identifies-8-cybercriminals-tied-to-malware-loader-botnets/ Posted from: this blog via Microsoft Power Automate .

ShinyHunters claims Santander breach, selling data for 30M customers

A threat actor known as ShinyHunters is claiming to be selling a massive trove of Santander Bank data, including information for 30 million customers, employees, and bank account data, two weeks after the bank reported a data breach. [...] https://www.bleepingcomputer.com/news/security/shinyhunters-claims-santander-breach-selling-data-for-30m-customers/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows 11 preview update causes taskbar crashes

Microsoft warned customers on Thursday that the May 2024 non-security preview update for Windows 11 is causing taskbar crashes and glitches. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-may-2024-kb5037959-windows-11-preview-update-causes-taskbar-crashes/ Posted from: this blog via Microsoft Power Automate .

Data of 560 million Ticketmaster customers for sale after alleged breach

​A threat actor known as ShinyHunters is selling what they claim is the personal and financial information of 560 million Ticketmaster customers on the recently revived BreachForums hacking forum for $500,000. [...] https://www.bleepingcomputer.com/news/security/data-of-560-million-ticketmaster-customers-for-sale-after-alleged-breach/ Posted from: this blog via Microsoft Power Automate .

Pirated Microsoft Office delivers malware cocktail on systems

Cybercriminals are distributing a malware cocktail through cracked versions of Microsoft Office promoted on torrent sites. [...] https://www.bleepingcomputer.com/news/security/pirated-microsoft-office-delivers-malware-cocktail-on-systems/ Posted from: this blog via Microsoft Power Automate .

Malware botnet bricked 600,000 routers in mysterious 2023 event

A malware botnet named 'Pumpkin Eclipse' performed a mysterious destructive event in 2023 that took 600,000 office/home office (SOHO) internet routers offline, according to a new report by researchers at Lumen's Black Lotus Labs. [...] https://www.bleepingcomputer.com/news/security/malware-botnet-bricked-600-000-routers-in-mysterious-2023-event/ Posted from: this blog via Microsoft Power Automate .

Everbridge warns of corporate systems breach exposing business data

Everbridge, an American software company focused on crisis management and public warning solutions, notified customers that unknown attackers had accessed files containing business and user data in a recent corporate systems breach. [...] https://www.bleepingcomputer.com/news/security/everbridge-warns-of-corporate-systems-breach-exposing-business-data/ Posted from: this blog via Microsoft Power Automate .

Cooler Master confirms customer data stolen in data breach

Computer hardware manufacturer Cooler Master has confirmed that it suffered a data breach on May 19, allowing a threat actor to steal customer data. [...] https://www.bleepingcomputer.com/news/security/cooler-master-confirms-customer-data-stolen-in-data-breach/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5037853 update fixes File Explorer issues, 20 bugs

​Microsoft has released the May 2024 non-security preview update for Windows 11 versions 22H2 and 23H2, which includes 32 fixes and changes. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5037853-update-fixes-file-explorer-issues-20-bugs/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5037849 update released with 9 changes or fixes

Microsoft has released the optional KB5037849 Preview cumulative update for Windows 10 22H2 with nine fixes or changes. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5037849-update-released-with-9-changes-or-fixes/ Posted from: this blog via Microsoft Power Automate .

Cooler Master hit by data breach exposing customer information

Computer hardware manufacturer Cooler Master has suffered a data breach after a threat actor breached the company's website and claimed to steal the Fanzone member information of 500,000 customers. [...] https://www.bleepingcomputer.com/news/security/cooler-master-hit-by-data-breach-exposing-customer-information/ Posted from: this blog via Microsoft Power Automate .

Check Point VPN zero-day exploited in attacks since April 30

Threat actors have been exploiting a high-severity Check Point Remote Access VPN zero-day since at least April 30, stealing Active Directory data needed to move laterally through the victims' networks in successful attacks. [...] https://www.bleepingcomputer.com/news/security/check-point-vpn-zero-day-exploited-in-attacks-since-april-30/ Posted from: this blog via Microsoft Power Automate .

Free Piano phish targets American university students, staff

A large-scale phishing campaign is using an unusual lure to earn at least $900,000 by tricking email recipients into believing they're about to receive a baby grand piano for free. [...] https://www.bleepingcomputer.com/news/security/free-piano-phish-targets-american-university-students-staff/ Posted from: this blog via Microsoft Power Automate .

US dismantles 911 S5 botnet used for cyberattacks, arrests admin

The U.S. Justice Department and international partners dismantled the 911 S5 proxy botnet and arrested 35-year-old Chinese national YunHe Wang, its administrator. [...] https://www.bleepingcomputer.com/news/security/us-dismantles-911-s5-residential-proxy-botnet-used-for-cyberattacks-arrests-admin/ Posted from: this blog via Microsoft Power Automate .

Okta warns of credential stuffing attacks targeting its CORS feature

Okta warns that a Customer Identity Cloud (CIC) feature is being targeted in credential stuffing attacks, stating that numerous customers have been targeted since April. [...] https://www.bleepingcomputer.com/news/security/okta-warns-of-credential-stuffing-attacks-targeting-its-cors-feature/ Posted from: this blog via Microsoft Power Automate .

First American December data breach impacts 44,000 people

First American Financial Corporation, the second-largest title insurance company in the United States, revealed on Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. [...] https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/ Posted from: this blog via Microsoft Power Automate .

Over 90 malicious Android apps with 5.5M installs found on Google Play

Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [...] https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/ Posted from: this blog via Microsoft Power Automate .

Over 90 malicious Android apps with 5.5M installs found on Google Play

Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [...] https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/ Posted from: this blog via Microsoft Power Automate .

Over 90 malicious Android apps with 5.5M installs found on Google Play

Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [...] https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/ Posted from: this blog via Microsoft Power Automate .

US govt sanctions cybercrime gang behind massive 911 S5 botnet

The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5." [...] https://www.bleepingcomputer.com/news/security/us-govt-sanctions-cybercrime-gang-behind-massive-911-s5-botnet-linked-to-illegitimate-residential-proxy-service/ Posted from: this blog via Microsoft Power Automate .

Russian indicted for selling access to US corporate networks

A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. [...] https://www.bleepingcomputer.com/news/security/russian-indicted-for-selling-access-to-us-corporate-networks/ Posted from: this blog via Microsoft Power Automate .

Microsoft links North Korean hackers to new FakePenny ransomware

​Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-links-moonstone-sleet-north-korean-hackers-to-new-fakepenny-ransomware/ Posted from: this blog via Microsoft Power Automate .

Christie’s confirms breach after RansomHub threatens to leak data

Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. [...] https://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/ Posted from: this blog via Microsoft Power Automate .

Ad blocker users say YouTube videos are now skipping to the end

Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. [...] https://www.bleepingcomputer.com/news/google/ad-blocker-users-say-youtube-videos-are-now-skipping-to-the-end/ Posted from: this blog via Microsoft Power Automate .

TP-Link fixes critical RCE bug in popular C5400X gaming router

The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. [...] https://www.bleepingcomputer.com/news/security/tp-link-fixes-critical-rce-bug-in-popular-c5400x-gaming-router/ Posted from: this blog via Microsoft Power Automate .

Hackers target Check Point VPNs to breach enterprise networks

Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. [...] https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/ Posted from: this blog via Microsoft Power Automate .

Sav-Rx discloses data breach impacting 2.8 million Americans

Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. [...] https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/ Posted from: this blog via Microsoft Power Automate .

Hackers phish finance orgs using trojanized Minesweeper clone

Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. [...] https://www.bleepingcomputer.com/news/security/hackers-phish-finance-orgs-using-trojanized-minesweeper-clone/ Posted from: this blog via Microsoft Power Automate .

Indian man stole $37 million in crypto using fake Coinbase Pro site

An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [...] https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/ Posted from: this blog via Microsoft Power Automate .

Indian man stole $37 million in crypto using fake Coinbase Pro site

An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [...] https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/ Posted from: this blog via Microsoft Power Automate .

Indian man stole $37 million in crypto using fake Coinbase Pro site

An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [...] https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/ Posted from: this blog via Microsoft Power Automate .

ICQ messenger shuts down after almost 28 years

The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [...] https://www.bleepingcomputer.com/news/software/icq-messenger-shuts-down-after-almost-28-years/ Posted from: this blog via Microsoft Power Automate .

Hacker defaces spyware app’s site, dumps database and source code

​​A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. [...] https://www.bleepingcomputer.com/news/security/hacker-defaces-spyware-apps-site-dumps-database-and-source-code/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows 24H2 will remove Cortana and WordPad apps

Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-24h2-will-remove-cortana-and-wordpad-apps/ Posted from: this blog via Microsoft Power Automate .

Microsoft Copilot fixed worldwide after 24 hour outage

After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-fixed-worldwide-after-24-hour-outage/ Posted from: this blog via Microsoft Power Automate .

Google fixes eighth actively exploited Chrome zero-day this year

Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. [...] https://www.bleepingcomputer.com/news/security/google-fixes-eighth-actively-exploited-chrome-zero-day-this-year/ Posted from: this blog via Microsoft Power Automate .

Microsoft pushes emergency fix for Windows Server 2019 update errors

Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 that fixes a bug causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-emergency-fix-for-windows-server-2019-0x800f0982-update-errors/ Posted from: this blog via Microsoft Power Automate .

JAVS courtroom recording software backdoored in supply chain attack

Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. [...] https://www.bleepingcomputer.com/news/security/javs-courtroom-recording-software-backdoored-in-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft spots gift card thieves using cyber-espionage tactics

Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. [...] https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/ Posted from: this blog via Microsoft Power Automate .

Microsoft spots gift card thieves using cyber-espionage tactics

Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. [...] https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/ Posted from: this blog via Microsoft Power Automate .

High-severity GitLab flaw lets attackers take over accounts

GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. [...] https://www.bleepingcomputer.com/news/security/high-severity-gitlab-flaw-lets-attackers-take-over-accounts/ Posted from: this blog via Microsoft Power Automate .

Apple wasn’t storing deleted iOS photos in iCloud after all

Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. [...] https://www.bleepingcomputer.com/news/security/apple-wasnt-storing-deleted-ios-photos-in-icloud-after-all/ Posted from: this blog via Microsoft Power Automate .

Northern Ireland police faces £750k fine after exposing staff info

UK's Information Commissioner Office (ICO) has announced the intention to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce's personal details by inadvertently publishing a spreadsheet file online. [...] https://www.bleepingcomputer.com/news/security/northern-ireland-police-faces-750k-fine-after-exposing-staff-info/ Posted from: this blog via Microsoft Power Automate .

Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search

A massive Microsoft outage in some regions affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-outage-affects-bing-copilot-duckduckgo-and-chatgpt-internet-search/ Posted from: this blog via Microsoft Power Automate .

Windows 11 24H2 now rolling out to Release Preview Insiders

Microsoft is rolling out Windows 11 24H2 to testers in the Release Preview Channel, confirming that it is in the final stages of testing. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-now-rolling-out-to-release-preview-insiders/ Posted from: this blog via Microsoft Power Automate .

Microsoft to start killing off VBScript in second half of 2024

Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-start-killing-off-vbscript-in-second-half-of-2024/ Posted from: this blog via Microsoft Power Automate .

State hackers turn to massive ORB proxy networks to evade detection

Security researchers are warning that China-linked state-backed hackers are increasingly relying on vast proxy networks of virtual private servers and compromised connected devices for cyberespionage operations. [...] https://www.bleepingcomputer.com/news/security/state-hackers-turn-to-massive-orb-proxy-networks-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

Intercontinental Exchange to pay $10M SEC penalty over VPN breach

The Intercontinental Exchange (ICE) will pay a $10 million penalty to settle charges brought by the U.S. Securities and Exchange Commission (SEC) after failing to ensure its subsidiaries promptly reported an April 2021 VPN security breach. [...] https://www.bleepingcomputer.com/news/security/intercontinental-exchange-to-pay-10m-sec-penalty-over-vpn-breach/ Posted from: this blog via Microsoft Power Automate .

GhostEngine mining attacks kill EDR security using vulnerable drivers

A malicious crypto mining campaign codenamed 'REF4578,' has been discovered deploying a malicious payload named GhostEngine that uses vulnerable drivers to turn off security products and deploy an XMRig miner. [...] https://www.bleepingcomputer.com/news/security/ghostengine-mining-attacks-kill-edr-security-using-vulnerable-drivers/ Posted from: this blog via Microsoft Power Automate .

Veeam warns of critical Backup Enterprise Manager auth bypass bug

​Veeam warned customers today to patch a critical security vulnerability that allows unauthenticated attackers to sign into any account via the Veeam Backup Enterprise Manager (VBEM). [...] https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-backup-enterprise-manager-auth-bypass-bug/ Posted from: this blog via Microsoft Power Automate .

LockBit says they stole data in London Drugs ransomware attack

Today, the LockBit ransomware gang claimed they were behind the April cyberattack on Canadian pharmacy chain London Drugs and is now threatening to publish stolen data online after allegedly failed negotiations. [...] https://www.bleepingcomputer.com/news/security/lockbit-says-they-stole-data-in-london-drugs-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Western Sydney University data breach exposed student data

Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. [...] https://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/ Posted from: this blog via Microsoft Power Automate .

Western Sydney University data breach exposed student data

Western Sydney University (WSU) has notified students and academic staff about a data breach after threat actors breached its Microsoft 365 and Sharepoint environment. [...] https://www.bleepingcomputer.com/news/security/western-sydney-university-data-breach-exposed-student-data/ Posted from: this blog via Microsoft Power Automate .

Atlassian Bitbucket artifacts can leak plaintext auth secrets

Threat actors were found breaching AWS accounts using authentication secrets leaked as plaintext in Atlassian Bitbucket artifact objects. [...] https://www.bleepingcomputer.com/news/security/atlassian-bitbucket-artifacts-can-leak-plaintext-auth-secrets/ Posted from: this blog via Microsoft Power Automate .

Rockwell Automation warns admins to take ICS devices offline

Rockwell Automation warned customers to disconnect all industrial control systems (ICSs) not designed for online exposure from the Internet due to increasing malicious activity worldwide. [...] https://www.bleepingcomputer.com/news/security/rockwell-automation-warns-admins-to-take-ics-devices-offline/ Posted from: this blog via Microsoft Power Automate .

Google rolls out Chrome fix for empty pages when switching tabs

Google is rolling out a server-side fix for a known issue affecting the Chrome browser that causes webpage content to temporarily disappear when users change between open tabs. [...] https://www.bleepingcomputer.com/news/google/google-rolls-out-chrome-fix-for-empty-pages-when-switching-tabs/ Posted from: this blog via Microsoft Power Automate .

Zoom adds post-quantum end-to-end encryption to video meetings

Zoom has announced the global availability of post-quantum end-to-end encryption (E2EE) for Zoom Meetings, with Zoom Phone and Zoom Rooms to follow soon. [...] https://www.bleepingcomputer.com/news/security/zoom-adds-post-quantum-end-to-end-encryption-to-video-meetings/ Posted from: this blog via Microsoft Power Automate .

Critical Fluent Bit flaw impacts all major cloud providers

​A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. [...] https://www.bleepingcomputer.com/news/security/critical-fluent-bit-flaw-impacts-all-major-cloud-providers/ Posted from: this blog via Microsoft Power Automate .

OmniVision discloses data breach after 2023 ransomware attack

The California-based imaging sensors manufacturer OmniVision is warning of a data breach after the company suffered a Cactus ransomware attack last year. [...] https://www.bleepingcomputer.com/news/security/omnivision-discloses-data-breach-after-2023-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Owner of Incognito dark web drugs market arrested in New York

The owner and operator of Incognito Market, a dark web marketplace for selling illegal narcotics online, was arrested at the John F. Kennedy Airport in New York on May 18. [...] https://www.bleepingcomputer.com/news/security/owner-of-incognito-dark-web-drugs-market-arrested-in-new-york/ Posted from: this blog via Microsoft Power Automate .

Windows 11 Recall AI feature will record everything you do on your PC

Microsoft has announced a new AI-powered feature for Windows 11 called 'Recall,' which records everything you do on your PC and lets you search through your historical activities. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-recall-ai-feature-will-record-everything-you-do-on-your-pc/ Posted from: this blog via Microsoft Power Automate .

New BiBi Wiper version also destroys the disk partition table

A new version of the BiBi Wiper malware is now deleting the disk partition table to make data restoration harder, extending the downtime for targeted victims. [...] https://www.bleepingcomputer.com/news/security/new-bibi-wiper-version-also-destroys-the-disk-partition-table/ Posted from: this blog via Microsoft Power Automate .

QNAP QTS zero-day in Share feature gets public RCE exploit

An extensive security audit of QNAP QTS, the operating system for the company's NAS products, has uncovered fifteen vulnerabilities of varying severity, with eleven remaining unfixed. [...] https://www.bleepingcomputer.com/news/security/qnap-qts-zero-day-in-share-feature-gets-public-rce-exploit/ Posted from: this blog via Microsoft Power Automate .

American Radio Relay League cyberattack takes Logbook of the World offline

The American Radio Relay League (ARRL) warns it suffered a cyberattack, which disrupted its IT systems and online operations, including email and the Logbook of the World. [...] https://www.bleepingcomputer.com/news/security/arrl-cyberattack-takes-logbook-of-the-world-offline/ Posted from: this blog via Microsoft Power Automate .

Frustration grows over Google's AI Overviews feature, how to disable

Since Google enabled its AI-powered search feature, many people have tried and failed to disable the often incorrect AI Overviews feature in regular search results. However, there are ways to turn it off using a new "Web" search mode, which we explain in this article.. [...] https://www.bleepingcomputer.com/news/google/frustration-grows-over-googles-ai-overviews-feature-how-to-disable/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang target Windows admins via PuTTy, WinSCP malvertising

A ransomware operation targets Windows system administrators by taking out Google ads to promote fake download sites for Putty and WinSCP. [...] https://www.bleepingcomputer.com/news/security/ransomware-gang-target-windows-admins-via-putty-winscp-malvertising/ Posted from: this blog via Microsoft Power Automate .

Android malware Grandoreiro returns after police disruption

The Android banking trojan "Grandoreiro" is spreading in a large-scale phishing campaign in over 60 countries, targeting customer accounts of roughly 1,500 banks. [...] https://www.bleepingcomputer.com/news/security/android-malware-grandoreiro-returns-after-police-disruption/ Posted from: this blog via Microsoft Power Automate .

The Week in Ransomware - May 17th 2024 - Mailbombing is back

This week was pretty quiet on the ransomware front, with most of the attention on the seizure of the BreachForums data theft forum. However, that does not mean there was nothing of interest released this week about ransomware. [...] https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-17th-2024-mailbombing-is-back/ Posted from: this blog via Microsoft Power Automate .

Microsoft to start enforcing Azure multi-factor authentication in July

Starting in July, Microsoft will begin gradually enforcing multi-factor authentication (MFA) for all users signing into Azure to administer resources. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-will-start-enforcing-azure-multi-factor-authentication-MFA-in-july-2024/ Posted from: this blog via Microsoft Power Automate .

SEC: Financial orgs have 30 days to send data breach notifications

The Securities and Exchange Commission (SEC) has adopted amendments to Regulation S-P that require certain financial institutions to disclose data breach incidents to impacted individuals within 30 days of discovery. [...] https://www.bleepingcomputer.com/news/security/sec-financial-orgs-have-30-days-to-send-data-breach-notifications/ Posted from: this blog via Microsoft Power Automate .

US arrests suspects behind $73M ‘pig butchering’ laundering scheme

​The U.S. Department of Justice charged two suspects for allegedly leading a crime ring that laundered at least $73 million from cryptocurrency investment scams, also known as "pig butchering." [...] https://www.bleepingcomputer.com/news/security/us-arrests-suspects-behind-73m-pig-butchering-laundering-scheme/ Posted from: this blog via Microsoft Power Automate .

WebTPA data breach impacts 2.4 million insurance policyholders

The WebTPA Employer Services (WebTPA) data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. [...] https://www.bleepingcomputer.com/news/security/webtpa-data-breach-impacts-24-million-insurance-policyholders/ Posted from: this blog via Microsoft Power Automate .

Five charged for cyber schemes to benefit North Korea's weapons program

​The U.S. Justice Department charged five individuals today, a U.S. Citizen woman, a Ukrainian man, and three foreign nationals, for their involvement in cyber schemes that generated revenue for North Korea's nuclear weapons program. [...] https://www.bleepingcomputer.com/news/security/five-charged-for-cyber-schemes-to-benefit-north-koreas-weapons-program/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares temp fix for Outlook encrypted email reply issues

​Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from replying to encrypted emails using the Outlook Desktop client. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-encrypted-email-reply-issues/ Posted from: this blog via Microsoft Power Automate .

MediSecure e-script firm hit by ‘large-scale’ ransomware data breach

Electronic prescription provider MediSecure in Australia has shut down its website and phone lines following a ransomware attack believed to originate from a third-party vendor. [...] https://www.bleepingcomputer.com/news/security/medisecure-e-script-firm-hit-by-large-scale-ransomware-data-breach/ Posted from: this blog via Microsoft Power Automate .

Russian hackers use new Lunar malware to breach a European govt's agencies

Security researchers discovered two previously unseen backdoors dubbed LunarWeb and LunarMail that were used to compromise a European government's diplomatic institutions abroad. [...] https://www.bleepingcomputer.com/news/security/russian-hackers-use-new-lunar-malware-to-breach-a-european-govts-agencies/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors

​Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-server-2019-updates-fail-with-0x800f0982-errors/ Posted from: this blog via Microsoft Power Automate .

Google patches third exploited Chrome zero-day in a week

​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. [...] https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/ Posted from: this blog via Microsoft Power Automate .

Google patches third exploited Chrome zero-day in a week

​Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week. [...] https://www.bleepingcomputer.com/news/google/google-patches-third-exploited-chrome-zero-day-in-a-week/ Posted from: this blog via Microsoft Power Automate .

Android 15, Google Play get new anti-malware and anti-fraud features

Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. [...] https://www.bleepingcomputer.com/news/google/android-15-google-play-get-new-anti-malware-and-anti-fraud-features/ Posted from: this blog via Microsoft Power Automate .

Android to add new anti-theft and data protection features

​Google is introducing multiple anti-theft and data protection features later this year, some available only for Android 15+ devices, while others will roll out to billions of devices running Android 10 and later. [...] https://www.bleepingcomputer.com/news/google/android-to-add-new-anti-theft-and-data-protection-features/ Posted from: this blog via Microsoft Power Automate .

Android 15, Google Play get new anti-malware and anti-fraud features

Today, Google announced new security features coming to Android 15 and Google Play that will help block scams, fraud, and malware apps on users' devices. [...] https://www.bleepingcomputer.com/news/google/android-15-google-play-get-new-anti-malware-and-anti-fraud-features/ Posted from: this blog via Microsoft Power Automate .

Nissan North America data breach impacts over 53,000 employees

Nissan North America (Nissan) suffered a data breach last year when a threat actor targeted the company's external VPN and shut down systems to receive a ransom. [...] https://www.bleepingcomputer.com/news/security/nissan-north-america-data-breach-impacts-over-53-000-employees/ Posted from: this blog via Microsoft Power Automate .

Brothers arrested for $25 million theft in Ethereum blockchain attack

​The U.S. Department of Justice has indicted two brothers for allegedly manipulating the Ethereum blockchain and stealing $25 million worth of cryptocurrency within approximately 12 seconds in a "first-of-its-kind" scheme. [...] https://www.bleepingcomputer.com/news/security/brothers-arrested-for-25-million-theft-in-ethereum-blockchain-attack/ Posted from: this blog via Microsoft Power Automate .

Apple blocked $7 billion in fraudulent App Store purchases in 4 years

Apple's antifraud technology has blocked more than $7 billion in potentially fraudulent transactions in four years, the company states in its latest annual fraud prevention analysis. [...] https://www.bleepingcomputer.com/news/security/apple-blocked-7-billion-in-fraudulent-app-store-purchases-in-4-years/ Posted from: this blog via Microsoft Power Automate .

Windows Quick Assist abused in Black Basta ransomware attacks

​Financially motivated cybercriminals abuse the Windows Quick Assist feature in social engineering attacks to deploy Black Basta ransomware payloads on victims' networks. [...] https://www.bleepingcomputer.com/news/security/windows-quick-assist-abused-in-black-basta-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

FBI seize BreachForums hacking forum used to leak stolen data

The FBI has seized the notorious BreachForums hacking forum used to leak and sell stolen corporate data to other cybercriminals. [...] https://www.bleepingcomputer.com/news/security/fbi-seize-breachforums-hacking-forum-used-to-leak-stolen-data/ Posted from: this blog via Microsoft Power Automate .

Banco Santander warns of a data breach exposing customer info

Banco Santander S.A. announced it suffered a data breach impacting customers after an unauthorized actor accessed a database hosted by one of its third-party service providers. [...] https://www.bleepingcomputer.com/news/security/banco-santander-warns-of-a-data-breach-exposing-customer-info/ Posted from: this blog via Microsoft Power Automate .

PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers

The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port. [...] https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/ Posted from: this blog via Microsoft Power Automate .

Singing River Health System: Data of 895,000 stolen in ransomware attack

The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. [...] https://www.bleepingcomputer.com/news/security/singing-river-health-system-data-of-895-000-stolen-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Singing River Health System: Data of 895,000 stolen in ransomware attack

The Singing River Health System is warning that it is now estimating that 895,204 people are impacted by a ransomware attack it suffered in August 2023. [...] https://www.bleepingcomputer.com/news/security/singing-river-health-system-data-of-895-000-stolen-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes VPN failures caused by April Windows updates

Today, ​Microsoft fixed a known issue breaking VPN connections across client and server platforms after installing the April 2024 Windows security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-vpn-failures-caused-by-april-windows-updates/ Posted from: this blog via Microsoft Power Automate .

VMware makes Workstation Pro and Fusion Pro free for personal use

VMWare has made Workstation Pro and Fusion Pro free for personal use, allowing home users and students to set up their own virtualized test labs and play with another operating system at little to no cost. [...] https://www.bleepingcomputer.com/news/software/vmware-makes-workstation-pro-and-fusion-pro-free-for-personal-use/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5037771 update released with 30 fixes, changes

Microsoft is rolling out the KB5037771 cumulative update for Windows 11 23H3 with thirty bug fixes and changes, including a fix for a bug breaking VPN connections. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5037771-update-released-with-30-fixes-changes/ Posted from: this blog via Microsoft Power Automate .

Ebury botnet malware infected 400,000 Linux servers since 2009

A malware botnet known as 'Ebury' has infected almost 400,000 Linux servers since 2009, with roughly 100,000 still compromised as of late 2023. [...] https://www.bleepingcomputer.com/news/security/ebury-botnet-malware-infected-400-000-linux-servers-since-2009/ Posted from: this blog via Microsoft Power Automate .

Apple fixes Safari WebKit zero-day flaw exploited at Pwn2Own

Apple has released security updates to fix a zero-day vulnerability in the Safari web browser exploited during this year's Pwn2Own Vancouver hacking competition. [...] https://www.bleepingcomputer.com/news/apple/apple-fixes-safari-webkit-zero-day-flaw-exploited-at-pwn2own/ Posted from: this blog via Microsoft Power Automate .

Apple and Google add alerts for unknown Bluetooth trackers to iOS, Android

On Monday, Apple and Google jointly announced a new privacy feature that warns Android and iOS users when an unknown Bluetooth tracking device travels with them. [...] https://www.bleepingcomputer.com/news/security/apple-and-google-add-alerts-for-unknown-bluetooth-trackers-to-ios-android/ Posted from: this blog via Microsoft Power Automate .

VMware fixes three zero-day bugs exploited at Pwn2Own 2024

VMware fixed four security vulnerabilities in the Workstation and Fusion desktop hypervisors, including three zero-days exploited during the Pwn2Own Vancouver 2024 hacking contest. [...] https://www.bleepingcomputer.com/news/security/vmware-fixes-three-zero-day-bugs-exploited-at-pwn2own-2024/ Posted from: this blog via Microsoft Power Automate .

PyPi package backdoors Macs using the Sliver pen-testing suite

A new package mimicked the popular 'requests' library on the Python Package Index (PyPI) to target macOS devices with the Sliver C2 adversary framework, used for gaining initial access to corporate networks. [...] https://www.bleepingcomputer.com/news/security/pypi-package-backdoors-macs-using-the-sliver-pen-testing-suite/ Posted from: this blog via Microsoft Power Automate .

Apple backports fix for RTKit iOS zero-day to older iPhones

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. [...] https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones/ Posted from: this blog via Microsoft Power Automate .

Apple backports fix for RTKit iOS zero-day to older iPhones

Apple has backported security patches released in March to older iPhones and iPads, fixing an iOS Kernel zero-day tagged as exploited in attacks. [...] https://www.bleepingcomputer.com/news/apple/apple-backports-fix-for-rtkit-ios-zero-day-to-older-iphones/ Posted from: this blog via Microsoft Power Automate .

FCC reveals Royal Tiger, its first tagged robocall threat actor

The Federal Communications Commission (FCC) has named its first officially designated robocall threat actor 'Royal Tiger,' a move aiming to help international partners and law enforcement more easily track individuals and entities behind repeat robocall campaigns. [...] https://www.bleepingcomputer.com/news/security/fcc-reveals-royal-tiger-its-first-tagged-robocall-threat-actor/ Posted from: this blog via Microsoft Power Automate .

INC ransomware source code selling on hacking forums for $300,000

A cybercriminal using the name "salfetka" claims to be selling the source code of INC Ransom, a ransomware-as-a-service (RaaS) operation launched in August 2023. [...] https://www.bleepingcomputer.com/news/security/inc-ransomware-source-code-selling-on-hacking-forums-for-300-000/ Posted from: this blog via Microsoft Power Automate .

Botnet sent millions of emails in LockBit Black ransomware campaign

​Since April, a new large-scale LockBit Black ransomware campaign has sent millions of phishing emails via the Phorpiex botnet. [...] https://www.bleepingcomputer.com/news/security/botnet-sent-millions-of-emails-in-lockbit-black-ransomware-campaign/ Posted from: this blog via Microsoft Power Automate .

Hackers use DNS tunneling for network scanning, tracking victims

Threat actors are using Domain Name System (DNS) tunneling to track when their targets open phishing emails and click on malicious links, and to scan networks for potential vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/hackers-use-dns-tunneling-for-network-scanning-tracking-victims/ Posted from: this blog via Microsoft Power Automate .

Helsinki suffers data breach after hackers exploit unpatched flaw

The City of Helsinki is investigating a data breach in its education division, which it discovered in late April 2024, impacting tens of thousands of students, guardians, and personnel. [...] https://www.bleepingcomputer.com/news/security/helsinki-suffers-data-breach-after-hackers-exploit-unpatched-flaw/ Posted from: this blog via Microsoft Power Automate .

CISA: Black Basta ransomware breached over 500 orgs worldwide

​CISA and the FBI said today that Black Basta ransomware affiliates breached over 500 organizations between April 2022 and May 2024. [...] https://www.bleepingcomputer.com/news/security/cisa-black-basta-ransomware-breached-over-500-orgs-worldwide/ Posted from: this blog via Microsoft Power Automate .

Europol confirms EPE breach, says no operational data stolen

​Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. [...] https://www.bleepingcomputer.com/news/security/europol-confirms-epe-breach-says-no-operational-data-stolen/ Posted from: this blog via Microsoft Power Automate .

The Week in Ransomware - May 10th 2024 - Chipping away at LockBit

After many months of taunting law enforcement and offering a million-dollar reward to anyone who could reveal his identity, the FBI and NCA have done just that, revealing the name of LockBitSupp, the operator of the LockBit ransomware operation. [...] https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-may-10th-2024-chipping-away-at-lockbit/ Posted from: this blog via Microsoft Power Automate .

Dell API abused to steal 49 million customer records in data breach

The threat actor behind the recent Dell data breach revealed they scraped information of 49 million customer records using an partner portal API they accessed as a fake company. [...] https://www.bleepingcomputer.com/news/security/dell-api-abused-to-steal-49-million-customer-records-in-data-breach/ Posted from: this blog via Microsoft Power Automate .

Ascension redirects ambulances after suspected ransomware attack

Ascension, a major U.S. healthcare network, is diverting ambulances from several hospitals due to a suspected ransomware attack that has been causing clinical operation disruptions and system outages since Wednesday. [...] https://www.bleepingcomputer.com/news/security/healthcare-giant-ascension-redirects-ambulances-after-suspected-Black-Basta-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Widely used Telit Cinterion modems open to SMS takeover attacks

Security flaws in Telit Cinterion cellular modems, widely used in sectors including industrial, healthcare, and telecommunications, could allow remote attackers to execute arbitrary code via SMS. [...] https://www.bleepingcomputer.com/news/security/widely-used-telit-cinterion-modems-open-to-sms-takeover-attacks/ Posted from: this blog via Microsoft Power Automate .

Poland says Russian military hackers target its govt networks

Poland says a state-backed threat group linked to Russia's military intelligence service (GRU) has been targeting Polish government institutions throughout the week. [...] https://www.bleepingcomputer.com/news/security/poland-says-russian-military-hackers-target-its-govt-networks/ Posted from: this blog via Microsoft Power Automate .

Monday.com removes "Share Update" feature abused for phishing attacks

Project management platform Monday.com has removed its "Share Update" feature after threat actors abused it in phishing attacks. [...] https://www.bleepingcomputer.com/news/security/mondaycom-removes-share-update-feature-abused-for-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Citrix warns admins to manually mitigate PuTTY SSH client bug

Citrix notified customers this week to manually mitigate a PuTTY SSH client vulnerability that could allow attackers to steal a XenCenter admin's private SSH key. [...] https://www.bleepingcomputer.com/news/security/citrix-warns-admins-to-manually-mitigate-putty-ssh-client-bug/ Posted from: this blog via Microsoft Power Automate .

AT&T delays Microsoft 365 email delivery due to spam wave

AT&T's email servers are blocking connections from Microsoft 365 due to a "high volume" spam wave originating from Microsoft's service. [...] https://www.bleepingcomputer.com/news/technology/att-delays-microsoft-365-email-delivery-due-to-spam-wave/ Posted from: this blog via Microsoft Power Automate .

British Columbia investigating cyberattacks on government networks

The Government of British Columbia is investigating multiple "cybersecurity incidents" that have impacted the Canadian province's government networks. [...] https://www.bleepingcomputer.com/news/security/british-columbia-investigating-cyberattacks-on-government-networks/ Posted from: this blog via Microsoft Power Automate .

University System of Georgia: 800K exposed in 2023 MOVEit attack

The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. [...] https://www.bleepingcomputer.com/news/security/university-system-of-georgia-800k-exposed-in-2023-moveit-attack/ Posted from: this blog via Microsoft Power Automate .

University System of Georgia: 800K exposed in 2023 MOVEit attack

The University System of Georgia (USG) is sending data breach notifications to 800,000 individuals whose data was exposed in the 2023 Clop MOVEit attacks. [...] https://www.bleepingcomputer.com/news/security/university-system-of-georgia-800k-exposed-in-2023-moveit-attack/ Posted from: this blog via Microsoft Power Automate .

Ascension healthcare takes systems offline after cyberattack

​Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." [...] https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Ascension healthcare takes systems offline after cyberattack

​Ascension, one of the largest private healthcare systems in the United States, has taken some of its systems offline to investigate what it describes as a "cyber security event." [...] https://www.bleepingcomputer.com/news/security/ascension-healthcare-takes-systems-offline-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Stack Overflow suspends user for editing posts in OpenAI protest

OpenAI and Stack Overflow recently teamed up to improve AI models. OpenAI will have access to Stack Overflow's API and feedback from developers. In return, OpenAI will link to Stack Overflow's content in ChatGPT. [...] https://www.bleepingcomputer.com/news/technology/stack-overflow-suspends-user-for-editing-posts-in-openai-protest/ Posted from: this blog via Microsoft Power Automate .

Stack Overflow suspends user for editing posts in OpenAI protest

OpenAI and Stack Overflow recently teamed up to improve AI models. OpenAI will have access to Stack Overflow's API and feedback from developers. In return, OpenAI will link to Stack Overflow's content in ChatGPT. [...] https://www.bleepingcomputer.com/news/technology/stack-overflow-suspends-user-for-editing-posts-in-openai-protest/ Posted from: this blog via Microsoft Power Automate .

New BIG-IP Next Central Manager bugs allow device takeover

F5 has fixed two high-severity BIG-IP Next Central Manager vulnerabilities, which can be exploited to gain admin control and create rogue accounts on any managed assets. [...] https://www.bleepingcomputer.com/news/security/new-big-ip-next-central-manager-bugs-allow-device-takeover/ Posted from: this blog via Microsoft Power Automate .

FBI warns of gift card fraud ring targeting retail companies

The FBI warned retail companies in the United States that a financially motivated hacking group has been targeting employees in their gift card departments in phishing attacks since at least January 2024. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-gift-card-fraud-ring-targeting-retail-companies/ Posted from: this blog via Microsoft Power Automate .

City of Wichita breach claimed by LockBit ransomware gang

The LockBit ransomware gang has claimed responsibility for a disruptive cyberattack on the City of Wichita, which has forced the City's authorities to shut down IT systems used for online bill payment, including court fines, water bills, and public transportation. [...] https://www.bleepingcomputer.com/news/security/city-of-wichita-breach-claimed-by-lockbit-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

Microsoft: April Windows Server updates also cause crashes, reboots

Microsoft has confirmed that last month's Windows Server security updates may also cause domain controller reboots after the Local Security Authority Subsystem Service (LSASS) process crashes. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-april-windows-server-updates-also-cause-crashes-reboots/ Posted from: this blog via Microsoft Power Automate .

Massive webshop fraud ring steals credit cards from 850,000 people

A massive network of 75,000 fake online shops called 'BogusBazaar' tricked over 850,000 people in the US and Europe into making purchases, allowing the criminals to steal credit card information and attempt to process an estimated $50 million in fake orders. [...] https://www.bleepingcomputer.com/news/security/massive-webshop-fraud-ring-steals-credit-cards-from-850-000-people/ Posted from: this blog via Microsoft Power Automate .

DocGo discloses cyberattack after hackers steal patient health data

Mobile medical care firm DocGo confirmed it suffered a cyberattack after threat actors breached its systems and stole patient health data. [...] https://www.bleepingcomputer.com/news/security/docgo-discloses-cyberattack-after-hackers-steal-patient-health-data/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit LiteSpeed Cache flaw to create WordPress admins

Hackers have been targeting WordPress sites with an outdated version of the LiteSpeed Cache plugin to create administrator users and gain control of the websites. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-litespeed-cache-flaw-to-create-wordpress-admins/ Posted from: this blog via Microsoft Power Automate .

UK confirms Ministry of Defence payroll data exposed in data breach

The UK Government confirmed today that a threat actor recently breached the country's Ministry of Defence and gained access to part of the Armed Forces payment network. [...] https://www.bleepingcomputer.com/news/security/uk-confirms-ministry-of-defence-payroll-data-exposed-in-data-breach/ Posted from: this blog via Microsoft Power Automate .

New attack leaks VPN traffic using rogue DHCP servers

A new attack dubbed "TunnelVision" can route traffic outside a VPN's encryption tunnel, allowing attackers to snoop on unencrypted traffic while maintaining the appearance of a secure VPN connection. [...] https://www.bleepingcomputer.com/news/security/new-tunnelvision-attack-leaks-vpn-traffic-using-rogue-dhcp-servers/ Posted from: this blog via Microsoft Power Automate .

Over 50,000 Tinyproxy servers vulnerable to critical RCE flaw

Nearly 52,000 internet-exposed Tinyproxy instances are vulnerable to CVE-2023-49606, a recently disclosed critical remote code execution (RCE) flaw. [...] https://www.bleepingcomputer.com/news/security/over-50-000-tinyproxy-servers-vulnerable-to-critical-rce-flaw/ Posted from: this blog via Microsoft Power Automate .

LockBit ransomware admin identified, sanctioned in US, UK, Australia

The FBI, UK National Crime Agency, and Europol have unveiled sweeping indictments and sanctions against the admin of the LockBit ransomware operation, with the identity of the Russian threat actor being revealed for the first time. [...] https://www.bleepingcomputer.com/news/security/lockbit-ransomware-admin-identified-sanctioned-in-us-uk-australia/ Posted from: this blog via Microsoft Power Automate .

Google Chrome is getting native support for YouTube-like video chapters

Google is adding a new feature to Google Chrome that allows publishers to add video chapters to videos embedded on websites, similar to how chapters work on YouTube. [...] https://www.bleepingcomputer.com/news/google/google-chrome-is-getting-native-support-for-youtube-like-video-chapters/ Posted from: this blog via Microsoft Power Automate .

Google Chrome is getting native support for YouTube-like video chapters

Google is adding a new feature to Google Chrome that allows publishers to add video chapters to videos embedded on websites, similar to how chapters work on YouTube. [...] https://www.bleepingcomputer.com/news/google/google-chrome-is-getting-native-support-for-youtube-like-video-chapters/ Posted from: this blog via Microsoft Power Automate .

Microsoft tests using MT/s for memory speed in Windows 11 Task Manager

Microsoft is testing showing memory speeds as MT/s (mega-transfers per second) rather than MHz (megahertz) in the Windows 11 Task Manager. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-tests-using-mt-s-for-memory-speed-in-windows-11-task-manager/ Posted from: this blog via Microsoft Power Automate .

Lockbit's seized site comes alive to tease new police announcements

The NCA, FBI, and Europol have revived a seized LockBit ransomware data leak site to hint at new information being revealed by law enforcement this Tuesday. [...] https://www.bleepingcomputer.com/news/security/lockbits-seized-site-comes-alive-to-tease-new-police-announcements/ Posted from: this blog via Microsoft Power Automate .

Finland warns of Android malware attacks breaching bank accounts

Finland's Transport and Communications Agency (Traficom) has issued a warning about an ongoing Android malware campaign targeting banking accounts. [...] https://www.bleepingcomputer.com/news/security/finland-warns-of-android-malware-attacks-breaching-bank-accounts/ Posted from: this blog via Microsoft Power Automate .

Iranian hackers pose as journalists to push backdoor malware

The Iranian state-backed threat actor tracked as APT42 is employing social engineering attacks, including posing as journalists, to breach corporate networks and cloud environments of Western and Middle Eastern targets. [...] https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/ Posted from: this blog via Microsoft Power Automate .

Android bug can leak DNS traffic with VPN kill switch enabled

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [...] https://www.bleepingcomputer.com/news/security/android-bug-can-leak-dns-traffic-with-vpn-kill-switch-enabled/ Posted from: this blog via Microsoft Power Automate .

Android bug can leak DNS traffic with VPN kill switch enabled

A Mullvad VPN user has discovered that Android devices leak DNS queries when switching VPN servers even though the "Always-on VPN" feature was enabled with the "Block connections without VPN" option. [...] https://www.bleepingcomputer.com/news/security/android-bug-can-leak-dns-traffic-with-vpn-kill-switch-enabled/ Posted from: this blog via Microsoft Power Automate .

NSA warns of North Korean hackers exploiting weak DMARC email policies

The NSA and FBI warned that the APT43 North Korea-linked hacking group exploits weak email Domain-based Message Authentication Reporting and Conformance (DMARC) policies to mask spearphishing attacks. [...] https://www.bleepingcomputer.com/news/security/nsa-warns-of-north-korean-hackers-exploiting-weak-dmarc-email-policies/ Posted from: this blog via Microsoft Power Automate .

Google rolls back reCaptcha update to fix Firefox issues

Google has rolled back a recent release of its reCaptcha captcha script after a bug caused the service to no longer work on Firefox for Windows. [...] https://www.bleepingcomputer.com/news/security/google-rolls-back-recaptcha-update-to-fix-firefox-issues/ Posted from: this blog via Microsoft Power Automate .

NATO and EU condemn Russia's cyberattacks against Germany, Czechia

​NATO and the European Union, with international partners, formally condemned a long-term cyber espionage campaign against European countries conducted by the Russian threat group APT28. [...] https://www.bleepingcomputer.com/news/security/nato-and-eu-condemn-russias-cyberattacks-against-germany-czechia/ Posted from: this blog via Microsoft Power Automate .

Microsoft rolls out passkey auth for personal Microsoft accounts

Microsoft announced that Windows users can now log into their Microsoft consumer accounts using a passkey, allowing users to authenticate using password-less methods such as Windows Hello, FIDO2 security keys, biometric data (facial scans or fingerprints), or device PINs. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-passkey-auth-for-personal-microsoft-accounts/ Posted from: this blog via Microsoft Power Automate .

CEO who sold fake Cisco devices to US military gets 6 years in prison

Onur Aksoy, the CEO of a group of companies controlling multiple online storefronts, was sentenced to six and a half years in prison for selling $100 million worth of counterfeit Cisco network equipment to government, health, education, and military organizations worldwide. [...] https://www.bleepingcomputer.com/news/security/ceo-who-sold-fake-cisco-devices-to-us-military-gets-6-years-in-prison/ Posted from: this blog via Microsoft Power Automate .

Bitwarden launches new MFA Authenticator app for iOS, Android

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...] https://www.bleepingcomputer.com/news/software/bitwarden-launches-new-mfa-authenticator-app-for-ios-android/ Posted from: this blog via Microsoft Power Automate .

Bitwarden launches new MFA Authenticator app for iOS, Android

Bitwarden, the creator of the popular open-source password manager, has just launched a new authenticator app called Bitwarden Authenticator, which is available for iOS and Android devices. [...] https://www.bleepingcomputer.com/news/software/bitwarden-launches-new-mfa-authenticator-app-for-ios-android/ Posted from: this blog via Microsoft Power Automate .

CISA urges software devs to weed out path traversal vulnerabilities

​CISA and the FBI urged software companies today to review their products and eliminate path traversal security vulnerabilities before shipping. [...] https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-path-traversal-vulnerabilities/ Posted from: this blog via Microsoft Power Automate .

Police shuts down 12 fraud call centres, arrests 21 suspects

Law enforcement shut down 12 phone fraud call centers in Albania, Bosnia and Herzegovina, Kosovo, and Lebanon, behind thousands of scam calls daily. [...] https://www.bleepingcomputer.com/news/security/police-shuts-down-12-fraud-call-centres-arrests-21-suspects/ Posted from: this blog via Microsoft Power Automate .

Microsoft warns of "Dirty Stream" attack impacting Android apps

Microsoft has highlighted a novel attack dubbed "Dirty Stream," which could allow malicious Android apps to overwrite files in another application's home directory, potentially leading to arbitrary code execution and secrets theft. [...] https://www.bleepingcomputer.com/news/security/microsoft-warns-of-dirty-stream-attack-impacting-android-apps/ Posted from: this blog via Microsoft Power Automate .

HPE Aruba Networking fixes four critical RCE flaws in ArubaOS

HPE Aruba Networking has issued its April 2024 security advisory detailing critical remote code execution (RCE) vulnerabilities impacting multiple versions of ArubaOS, its proprietary network operating system. [...] https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-four-critical-rce-flaws-in-arubaos/ Posted from: this blog via Microsoft Power Automate .

DropBox says hackers stole customer data, auth secrets from eSignature service

Cloud storage firm DropBox says hackers breached production systems for its DropBox Sign eSignature platform and gained access to authentication tokens, MFA keys, hashed passwords, and customer information. [...] https://www.bleepingcomputer.com/news/security/dropbox-says-hackers-stole-customer-data-auth-secrets-from-esignature-service/ Posted from: this blog via Microsoft Power Automate .

US govt warns of pro-Russian hacktivists targeting water facilities

The US government is warning that pro-Russian hacktivists are seeking out and hacking into unsecured operational technology (OT) systems used to disrupt critical infrastructure operations. [...] https://www.bleepingcomputer.com/news/security/us-govt-warns-of-pro-russian-hacktivists-targeting-water-facilities/ Posted from: this blog via Microsoft Power Automate .

Panda Restaurants discloses data breach after corporate systems hack

Panda Restaurant Group, the parent company of Panda Express, Panda Inn, and Hibachi-San, disclosed a data breach after attackers compromised its corporate systems in March and stole the personal information of an undisclosed number of individuals. [...] https://www.bleepingcomputer.com/news/security/panda-restaurants-discloses-a-data-breach-after-corporate-systems-hack/ Posted from: this blog via Microsoft Power Automate .

French hospital CHC-SV refuses to pay LockBit extortion demand

The Hôpital de Cannes - Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to pay the ransom. [...] https://www.bleepingcomputer.com/news/security/french-hospital-chc-sv-refuses-to-pay-lockbit-extortion-demand/ Posted from: this blog via Microsoft Power Automate .

CISA says GitLab account takeover bug is actively exploited in attacks

​CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. [...] https://www.bleepingcomputer.com/news/security/cisa-says-gitlab-account-takeover-bug-is-actively-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .