Posts

Showing posts from June, 2024

Google Chrome to let Isolated Web App access sensitive USB devices

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. [...] https://www.bleepingcomputer.com/news/google/google-chrome-to-let-isolated-web-app-access-sensitive-usb-devices/ Posted from: this blog via Microsoft Power Automate .

Google Chrome to let Isolated Web App access sensitive USB devices

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. [...] https://www.bleepingcomputer.com/news/google/google-chrome-to-let-isolated-web-app-access-sensitive-usb-devices/ Posted from: this blog via Microsoft Power Automate .

Google Chrome to let Isolated Web App access sensitive USB devices

Google is working on a new Unrestricted WebUSB feature, which allows trusted isolated web apps to bypass security restrictions in the WebUSB API. [...] https://www.bleepingcomputer.com/news/google/google-chrome-to-let-isolated-web-app-access-sensitive-usb-devices/ Posted from: this blog via Microsoft Power Automate .

Juniper releases out-of-cycle fix for max severity auth bypass flaw

Juniper Networks has released an emergency update to address a maximum severity vulnerability that leads to authentication bypass in Session Smart Router (SSR), Session Smart Conductor, and WAN Assurance Router products. [...] https://www.bleepingcomputer.com/news/security/juniper-releases-out-of-cycle-fix-for-max-severity-auth-bypass-flaw/ Posted from: this blog via Microsoft Power Automate .

Dev rejects CVE severity, makes his GitHub repo read-only

The popular open source project, 'ip' had its GitHub repository archived, or made "read-only" by its developer as a result of a dubious CVE report filed for his project. Unfortunately, open-source developers have recently been met with an uptick in debatable or outright bogus CVEs filed for their projects. [...] https://www.bleepingcomputer.com/news/security/dev-rejects-cve-severity-makes-his-github-repo-read-only/ Posted from: this blog via Microsoft Power Automate .

Microsoft resumes rollout of Windows 11 KB5039302 update for most users

Microsoft has resumed the rollout of the June Windows 11 KB5039302 update, now blocking the update only for those using virtualization software. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-resumes-rollout-of-windows-11-kb5039302-update-for-most-users/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit critical D-Link DIR-859 router flaw to steal passwords

Hackers are exploiting a critical vulnerability that affects all D-Link DIR-859 WiFi routers to collect account information from the device, including passwords. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-d-link-dir-859-router-flaw-to-steal-passwords/ Posted from: this blog via Microsoft Power Automate .

Meet Brain Cipher — The new ransomware behind Indonesia's data center attack

The new Brain Cipher ransomware operation has begun targeting organizations worldwide, gaining media attention for a recent attack on Indonesia's temporary National Data Center. [...] https://www.bleepingcomputer.com/news/security/meet-brain-cipher-the-new-ransomware-behind-indonesia-data-center-attack/ Posted from: this blog via Microsoft Power Automate .

Infosys McCamish says LockBit stole data of 6 million people

Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals. [...] https://www.bleepingcomputer.com/news/security/infosys-mccamish-says-lockbit-stole-data-of-6-million-people/ Posted from: this blog via Microsoft Power Automate .

Dairy giant Agropur says data breach exposed customer info

Agropur, one of the largest dairy cooperatives in North America, is notifying customers of a data breach after some of its shared online directories were exposed. [...] https://www.bleepingcomputer.com/news/security/dairy-giant-agropur-says-data-breach-exposed-customer-info/ Posted from: this blog via Microsoft Power Automate .

TeamViewer links corporate cyberattack to Russian state hackers

RMM software developer TeamViewer says a Russian state-sponsored hacking group known as Midnight Blizzard is believed to be behind a breach of their corporate network this week. [...] https://www.bleepingcomputer.com/news/security/teamviewer-links-corporate-cyberattack-to-russian-state-hackers/ Posted from: this blog via Microsoft Power Automate .

Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator

The recent large scale supply chain attack conducted via multiple CDNs, namely Polyfill.io, BootCDN, Bootcss, and Staticfile that affected up to tens of millions of websites has been traced to a common operator. Researchers discovered a public GitHub repository with leaked API keys helping them draw a conclusion. [...] https://www.bleepingcomputer.com/news/security/polyfillio-bootcdn-bootcss-staticfile-attack-traced-to-1-operator/ Posted from: this blog via Microsoft Power Automate .

U.S. indicts Russian GRU hacker, offers $10 million reward

The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. [...] https://www.bleepingcomputer.com/news/security/us-indicts-russian-gru-hacker-offers-10-million-reward/ Posted from: this blog via Microsoft Power Automate .

U.S. indicts Russian GRU hacker, offers $10 million reward

The U.S. indicted Russian national Amin Timovich Stigal for his alleged role in cyberattacks targeting Ukrainian government computer networks in an operation from the Russian foreign military intelligence agency (GRU) prior to invading the country. [...] https://www.bleepingcomputer.com/news/security/us-indicts-russian-gru-hacker-offers-10-million-reward/ Posted from: this blog via Microsoft Power Automate .

TeamViewer's corporate network was breached in alleged APT hack

The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday, with a cybersecurity firm claiming it was by an APT hacking group. [...] https://www.bleepingcomputer.com/news/security/teamviewers-corporate-network-was-breached-in-alleged-apt-hack/ Posted from: this blog via Microsoft Power Automate .

Microsoft pulls Windows 11 KB5039302 update causing reboot loops

Microsoft pulled the June Windows 11 KB5039302 update after finding that it causes some devices to restart repeatedly. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-june-windows-11-kb5039302-update-causing-repeated-restarts/ Posted from: this blog via Microsoft Power Automate .

Critical GitLab bug lets attackers run pipelines as any user

A critical vulnerability is affecting certain versions of GitLab Community and Enterprise Edition products, which could be exploited to run pipelines as any user. [...] https://www.bleepingcomputer.com/news/security/critical-gitlab-bug-lets-attackers-run-pipelines-as-any-user/ Posted from: this blog via Microsoft Power Automate .

Polyfill claims it has been 'defamed', returns after domain shut down

The owners of Polyfill.io have relaunched the JavaScript CDN service on a new domain after polyfill.io was shut down as researchers exposed it was delivering malicious code on upwards of 100,000 websites.. The Polyfill service claims that it has been "maliciously defamed" and been subject to "media messages slandering Polyfill." [...] https://www.bleepingcomputer.com/news/security/polyfill-claims-it-has-been-defamed-returns-after-domain-shut-down/ Posted from: this blog via Microsoft Power Automate .

Cloudflare: We never authorized polyfill.io to use our name

Cloudflare, a lead provider of content delivery network (CDN) services, cloud security, and DDoS protection has warned that it has not authorized the use of its name or logo on the Polyfill.io website, which has recently been caught injecting malware on more than 100,000 websites in a significant supply chain attack. [...] https://www.bleepingcomputer.com/news/security/cloudflare-we-never-authorized-polyfillio-to-use-our-name/ Posted from: this blog via Microsoft Power Automate .

Chinese Cyberspies Employ Ransomware in Attacks for Diversion

Cyberespionage groups have been using ransomware as a tactic to make attack attribution more challenging, distract defenders, or for a financial reward as a secondary goal to data theft. [...] https://www.bleepingcomputer.com/news/security/chinese-cyberspies-employ-ransomware-in-attacks-for-diversion/ Posted from: this blog via Microsoft Power Automate .

LockBit lied: Stolen data is from a bank, not US Federal Reserve

Recently-disrupted LockBit ransomware group, in what appears to be a desperate attempt to make a comeback, claimed this week that it had hit US Federal Reserve, the central bank of the United States. Except, the rumor has been quashed. [...] https://www.bleepingcomputer.com/news/security/lockbit-lied-stolen-data-is-from-a-bank-not-us-federal-reserve/ Posted from: this blog via Microsoft Power Automate .

Exploit for critical Fortra FileCatalyst Workflow SQLi flaw released

The Fortra FileCatalyst Workflow is vulnerable to an SQL injection vulnerability that could allow remote unauthenticated attackers to create rogue admin users and manipulate data on the application database. [...] https://www.bleepingcomputer.com/news/security/exploit-for-critical-fortra-filecatalyst-workflow-sqli-flaw-released/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5039299 update released with 10 changes or fixes

The June 2024 optional update for Windows 10 is now available. Today's update brings KB5039299 for Windows 10 version 22H2 and older, with up to nine bug fixes or changes. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5039299-update-released-with-10-changes-or-fixes/ Posted from: this blog via Microsoft Power Automate .

Snowblind malware abuses Android security feature to bypass security

A novel Android attack vector from a piece of malware tracked as Snowblind is abusing a security feature to bypass existing anti-tampering protections in apps that handle sensitive user data. [...] https://www.bleepingcomputer.com/news/security/snowblind-malware-abuses-android-security-feature-to-bypass-security/ Posted from: this blog via Microsoft Power Automate .

Plugins on WordPress.org backdoored in supply chain attack

A threat actor modified the source code of at least five plugins hosted on WordPress.org to include malicious PHP scripts that create new accounts with administrative privileges on websites running them. [...] https://www.bleepingcomputer.com/news/security/plugins-on-wordpressorg-backdoored-in-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Neiman Marcus confirms data breach after Snowflake account hack

Luxury retailer Neiman Marcus confirmed it suffered a data breach after hackers attempted to sell the company's database stolen in recent Snowflake data theft attacks. [...] https://www.bleepingcomputer.com/news/security/neiman-marcus-confirms-data-breach-after-snowflake-account-hack/ Posted from: this blog via Microsoft Power Automate .

FBI warns of fake law firms targeting crypto scam victims

The FBI is warning of cybercriminals posing as law firms and lawyers that offer cryptocurrency recovery services to victims of investment scams and steal funds and personal information. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-law-firms-targeting-crypto-scam-victims/ Posted from: this blog via Microsoft Power Automate .

P2PInfect botnet targets REdis servers with new ransomware module

P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. [...] https://www.bleepingcomputer.com/news/security/p2pinfect-botnet-targets-redis-servers-with-new-ransomware-module/ Posted from: this blog via Microsoft Power Automate .

Chemical facilities warned of possible data theft in CISA CSAT breach

CISA is warning that its Chemical Security Assessment Tool (CSAT) environment was breached in January after hackers deployed a webshell on its Ivanti device, potentially exposing sensitive security assessments and plans. [...] https://www.bleepingcomputer.com/news/security/chemical-facilities-warned-of-possible-data-theft-in-cisa-csat-breach/ Posted from: this blog via Microsoft Power Automate .

Chrome for Android tests feature that securely verifies your ID with sites

Google is testing a new feature called "Digital Credential API" for Chrome on Android that will allow websites to request identity information from mobile wallets using Android's IdentityCredential system. [...] https://www.bleepingcomputer.com/news/google/chrome-for-android-tests-feature-that-securely-verifies-your-id-with-sites/ Posted from: this blog via Microsoft Power Automate .

Chrome for Android tests feature that securely verifies your ID with sites

Google is testing a new feature called "Digital Credential API" for Chrome on Android that will allow websites to request identity information from mobile wallets using Android's IdentityCredential system. [...] https://www.bleepingcomputer.com/news/google/chrome-for-android-tests-feature-that-securely-verifies-your-id-with-sites/ Posted from: this blog via Microsoft Power Automate .

New attack uses MSC files and Windows XSS flaw to breach networks

A novel command execution technique dubbed 'GrimResource' uses specially crafted MSC (Microsoft Saved Console) and an unpatched Windows XSS flaw to perform code execution via the Microsoft Management Console. [...] https://www.bleepingcomputer.com/news/security/new-grimresource-attack-uses-msc-files-and-windows-xss-flaw-to-breach-networks/ Posted from: this blog via Microsoft Power Automate .

Four FIN9 hackers indicted for cyberattacks causing $71M in losses

Four Vietnamese nationals linked to the international cybercrime group FIN9 have been indicted for their involvement in a series of computer intrusions that caused over $71 million in losses to companies in the U.S. [...] https://www.bleepingcomputer.com/news/security/four-fin9-hackers-indicted-for-cyberattacks-causing-71m-in-losses/ Posted from: this blog via Microsoft Power Automate .

CoinStats says North Korean hackers breached 1,590 crypto wallets

CoinStats suffered a massive security breach that compromised 1,590 cryptocurrency wallets, with the attack suspected to have been carried out by North Korean threat actors. [...] https://www.bleepingcomputer.com/news/cryptocurrency/coinstats-says-north-korean-hackers-breached-1-590-crypto-wallets/ Posted from: this blog via Microsoft Power Automate .

Microsoft Photos update brings requested features to Windows 11

Microsoft's updated Photos app is now available for Windows 11 in the Windows Insider Program, bringing requested interface changes and better image quality. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-photos-update-brings-requested-features-to-windows-11/ Posted from: this blog via Microsoft Power Automate .

Ratel RAT targets outdated Android phones in ransomware attacks

An open-source Android malware named 'Ratel RAT' is widely deployed by multiple cybercriminals to attack outdated devices, some aiming to lock them down with a ransomware module that demands payment on Telegram. [...] https://www.bleepingcomputer.com/news/security/ratel-rat-targets-outdated-android-phones-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Los Angeles Unified confirms student data stolen in Snowflake account hack

The Los Angeles Unified School District has confirmed a data breach after threat actors stole student and employee data by breaching the company's Snowflake account. [...] https://www.bleepingcomputer.com/news/security/los-angeles-unified-confirms-student-data-stolen-in-snowflake-account-hack/ Posted from: this blog via Microsoft Power Automate .

US sanctions 12 Kaspersky Lab execs for working in Russian tech sector

The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned twelve Kaspersky Lab executives for operating in the technology sector of Russia. [...] https://www.bleepingcomputer.com/news/security/us-sanctions-12-kaspersky-lab-execs-for-working-in-russian-tech-sector/ Posted from: this blog via Microsoft Power Automate .

Change Healthcare lists the medical data stolen in ransomware attack

UnitedHealth has confirmed for the first time what types of medical and patient data were stolen in the massive Change Healthcare ransomware attack, stating that data breach notifications will be mailed in July. [...] https://www.bleepingcomputer.com/news/security/change-healthcare-lists-the-medical-data-stolen-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Tor Browser 13.5 brings Android enhancements, better bridge management

The Tor Project has released Tor Browser 13.5, bringing several improvements and enhancements for Android and desktop versions. [...] https://www.bleepingcomputer.com/news/security/tor-browser-135-brings-android-enhancements-better-bridge-management/ Posted from: this blog via Microsoft Power Automate .

CDK warns: threat actors are calling customers, posing as support

CDK Global has cautioned customers about unscrupulous actors calling them and posing as CDK agents or affiliates to gain unauthorized systems access. The warning follows ongoing cyberattacks that have hit CDK, a software-as-a-service (SaaS) platform that thousands of US car dealerships rely upon. [...] https://www.bleepingcomputer.com/news/security/cdk-warns-threat-actors-are-calling-customers-posing-as-support/ Posted from: this blog via Microsoft Power Automate .

Biden bans Kaspersky antivirus software in US over security concerns

Today, the Biden administration has announced an upcoming ban of Kaspersky antivirus software and the pushing of software updates to US companies and consumers, giving customers until September 29, 2024, to find alternative security software. [...] https://www.bleepingcomputer.com/news/security/biden-bans-kaspersky-antivirus-software-in-us-over-security-concerns/ Posted from: this blog via Microsoft Power Automate .

Phoenix UEFI vulnerability impacts hundreds of Intel PC models

A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. [...] https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/ Posted from: this blog via Microsoft Power Automate .

CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites

A vulnerability dubbed "CosmicSting" impacting Adobe Commerce and Magento websites remains largely unpatched nine days after the security update has been made available, leaving millions of sites open to catastrophic attacks. [...] https://www.bleepingcomputer.com/news/security/cosmicsting-flaw-impacts-75-percent-of-adobe-commerce-magento-sites/ Posted from: this blog via Microsoft Power Automate .

Linux version of RansomHub ransomware targets VMware ESXi VMs

The RansomHub ransomware operation is using a Linux encryptor designed specifically to encrypt VMware ESXi environments in corporate attacks. [...] https://www.bleepingcomputer.com/news/security/linux-version-of-ransomhub-ransomware-targets-vmware-esxi-vms/ Posted from: this blog via Microsoft Power Automate .

Phoenix UEFI vulnerability impacts hundreds of Intel PC models

A newly discovered vulnerability in Phoenix SecureCore UEFI firmware tracked as CVE-2024-0762 impacts devices running numerous Intel CPUs, with Lenovo already releasing new firmware updates to resolve the flaw. [...] https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/ Posted from: this blog via Microsoft Power Automate .

UNC3886 hackers use Linux rootkits to hide on VMware ESXi VMs

A suspected Chinese threat actor tracked as UNC3886 uses publicly available open-source rootkits named 'Reptile' and 'Medusa' to remain hidden on VMware ESXi virtual machines, allowing them to conduct credential theft, command execution, and lateral movement. [...] https://www.bleepingcomputer.com/news/security/unc3886-hackers-use-linux-rootkits-to-hide-on-vmware-esxi-vms/ Posted from: this blog via Microsoft Power Automate .

SolarWinds Serv-U path-traversal flaw actively exploited in attacks

Threat actors are actively exploiting a SolarWinds Serv-U path-traversal vulnerability, leveraging publicly available proof-of-concept (PoC) exploits. [...] https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

T-Mobile denies it was hacked, links leaked data to vendor breach

T-Mobile has denied it was breached or that source code was stolen after a threat actor claimed to be selling stolen data from the telecommunications company. [...] https://www.bleepingcomputer.com/news/security/t-mobile-denies-it-was-hacked-links-leaked-data-to-vendor-breach/ Posted from: this blog via Microsoft Power Automate .

Crown Equipment confirms a cyberattack disrupted manufacturing

Forklift manufacturer Crown Equipment confirmed today that it suffered a cyberattack earlier this month that disrupted manufacturing at its plants. [...] https://www.bleepingcomputer.com/news/security/crown-equipment-confirms-a-cyberattack-disrupted-manufacturing/ Posted from: this blog via Microsoft Power Automate .

Advance Auto Parts confirms data breach exposed employee information

Advance Auto Parts has confirmed it suffered a data breach after a threat actor attempted to sell stolen data on a hacking forum earlier this month. [...] https://www.bleepingcomputer.com/news/security/advance-auto-parts-confirms-data-breach-exposed-employee-information/ Posted from: this blog via Microsoft Power Automate .

CDK Global cyberattack impacts thousands of US car dealerships

Car dealership software-as-a-service provider CDK Global was hit by a massive cyberattack, causing the company to shut down its systems and leaving clients unable to operate their business normally. [...] https://www.bleepingcomputer.com/news/security/cdk-global-cyberattack-impacts-thousands-of-us-car-dealerships/ Posted from: this blog via Microsoft Power Automate .

"Researchers" exploit Kraken exchange bug, steal $3 million in crypto

The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds. [...] https://www.bleepingcomputer.com/news/security/researchers-exploit-kraken-exchange-bug-steal-3-million-in-crypto/ Posted from: this blog via Microsoft Power Automate .

Microsoft says bug causes Windows apps to display Open With dialogs

Microsoft has confirmed that Windows 10 apps will mistakenly display an "How do you want to open this file?" dialog box when attempting to right-click on the program's icon and perform a registered task. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-bug-causes-windows-apps-to-display-open-with-dialogs/ Posted from: this blog via Microsoft Power Automate .

AMD investigates breach after data for sale on hacking forum

AMD is investigating whether it suffered a cyberattack after a threat actor put allegedly stolen data up for sale on a hacking forum, claiming it contains AMD employee information, financial documents, and confidential information. [...] https://www.bleepingcomputer.com/news/security/amd-investigates-breach-after-data-for-sale-on-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [...] https://www.bleepingcomputer.com/news/security/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms/ Posted from: this blog via Microsoft Power Automate .

ONNX phishing service targets Microsoft 365 accounts at financial firms

A new phishing-as-a-service (PhaaS) platform called ONNX Store is targeting Microsoft 365 accounts for employees at financial firms using QR codes in PDF attachments. [...] https://www.bleepingcomputer.com/news/security/onnx-phishing-service-targets-microsoft-365-accounts-at-financial-firms/ Posted from: this blog via Microsoft Power Automate .

VMware fixes critical vCenter RCE vulnerability, patch now

VMware has issued a security advisory addressing critical vulnerabilities in vCenter Server, including remote code execution and local privilege escalation flaws. [...] https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/ Posted from: this blog via Microsoft Power Automate .

Scathing report on Medibank cyberattack highlights unenforced MFA

A scathing report by Australia's Information Commissioner details how misconfigurations and missed alerts allowed a hacker to breach Medibank and steal data from over 9 million people. [...] https://www.bleepingcomputer.com/news/security/scathing-report-on-medibank-cyberattack-highlights-unenforced-mfa/ Posted from: this blog via Microsoft Power Automate .

FTC files complaint against Adobe for deceptive cancellation practices

The Federal Trade Commission has filed a complaint in US federal court against Adobe and two executives, Maninder Sawhney and David Wadhwani, for deceptive practices related to their subscription plans. [...] https://www.bleepingcomputer.com/news/legal/ftc-files-complaint-against-adobe-for-deceptive-cancellation-practices/ Posted from: this blog via Microsoft Power Automate .

Two men guilty of breaching law enforcement portal in blackmail scheme

Two men have pleaded guilty to hacking into a federal law enforcement database to steal personal information of those they were extorting. [...] https://www.bleepingcomputer.com/news/security/two-men-guilty-of-breaching-law-enforcement-portal-in-blackmail-scheme/ Posted from: this blog via Microsoft Power Automate .

Fake Google Chrome errors trick you into running malicious PowerShell scripts

A new malware distribution campaign uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. [...] https://www.bleepingcomputer.com/news/security/fake-google-chrome-errors-trick-you-into-running-malicious-powershell-scripts/ Posted from: this blog via Microsoft Power Automate .

Empire Market owners charged for enabling $430M in dark web transactions

Two men have been charged in a Chicago federal court for operating "Empire Market," a dark web marketplace that facilitated over $430 million in illegal transactions between February 2018 and August 2020. [...] https://www.bleepingcomputer.com/news/legal/empire-market-owners-charged-for-enabling-430m-in-dark-web-transactions/ Posted from: this blog via Microsoft Power Automate .

Panera Bread likely paid a ransom in March ransomware attack

Panera Bread, an American chain of fast food restaurants, most likely paid a ransom after being hit by a ransomware attack, suggests language used an internal email sent to employees. [...] https://www.bleepingcomputer.com/news/security/panera-bread-likely-paid-a-ransom-in-march-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Hackers use F5 BIG-IP malware to stealthily steal data for years

A group of suspected Chinese cyberespionage actors named 'Velvet Ant' are deploying custom malware on F5 BIG-IP appliances to gain a persistent connection to the internal network and steal data. [...] https://www.bleepingcomputer.com/news/security/hackers-use-f5-big-ip-malware-to-stealthily-steal-data-for-years/ Posted from: this blog via Microsoft Power Automate .

Alleged Scattered Spider sim-swapper arrested in Spain

A 22-year-old British national allegedly linked to the Scattered Spider hacking group and responsible for attacks on 45 U.S. companies has been arrested in Palma de Mallorca, Spain. [...] https://www.bleepingcomputer.com/news/legal/alleged-scattered-spider-sim-swapper-arrested-in-spain/ Posted from: this blog via Microsoft Power Automate .

New ARM 'TIKTAG' attack impacts Google Chrome, Linux systems

A new speculative execution attack named "TIKTAG" targets ARM's Memory Tagging Extension (MTE) to leak data with over a 95% chance of success, allowing hackers to bypass the security feature. [...] https://www.bleepingcomputer.com/news/security/new-arm-tiktag-attack-impacts-google-chrome-linux-systems/ Posted from: this blog via Microsoft Power Automate .

Microsoft: New Outlook security changes coming to personal accounts

Microsoft has announced new cybersecurity enhancements for Outlook personal email accounts as part of its 'Secure Future Initiative,' including the deprecation of basic authentication (username + password) by September 16, 2024. [...] https://www.bleepingcomputer.com/news/security/microsoft-new-outlook-security-changes-coming-to-personal-accounts/ Posted from: this blog via Microsoft Power Automate .

Keytronic confirms data breach after ransomware gang leaks stolen files

PCBA manufacturing giant Keytronic is warning it suffered a data breach after the Black Basta ransomware gang leaked 530GB of the company's stolen data two weeks ago. [...] https://www.bleepingcomputer.com/news/security/keytronic-confirms-data-breach-after-ransomware-gang-leaks-stolen-files/ Posted from: this blog via Microsoft Power Automate .

Mozilla Firefox can now secure access to passwords with device credentials

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics [...] https://www.bleepingcomputer.com/news/security/mozilla-firefox-can-now-secure-access-to-passwords-with-device-credentials/ Posted from: this blog via Microsoft Power Automate .

Mozilla Firefox can now secure access to passwords with device credentials

Mozilla Firefox finally allows you to further protect local access to stored credentials in the browser's password manager using your device's login, including a password, fingerprint, pin, or other biometrics [...] https://www.bleepingcomputer.com/news/security/mozilla-firefox-can-now-secure-access-to-passwords-with-device-credentials/ Posted from: this blog via Microsoft Power Automate .

London hospitals cancel over 800 operations after ransomware attack

NHS England revealed today that multiple London hospitals impacted by last week's Synnovis ransomware attack were forced to cancel hundreds of planned operations and appointments. [...] https://www.bleepingcomputer.com/news/security/london-hospitals-cancel-over-800-operations-after-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

CISA warns of Windows bug exploited in ransomware attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a high-severity Windows vulnerability abused in ransomware attacks as a zero-day to its catalog of actively exploited security bugs. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-bug-exploited-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes Copilot app ‘incorrectly’ added on Windows PCs

Microsoft says it removed a Copilot app that was "incorrectly" added to Windows 10 and Windows 11 systems in April due to buggy Microsoft Edge updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-copilot-app-incorrectly-added-on-windows-pcs/ Posted from: this blog via Microsoft Power Automate .

Truist Bank confirms breach after stolen data shows up on hacking forum

Leading U.S. commercial bank Truist confirmed its systems were breached in an October 2023 cyberattack after a threat actor posted some of the company's data for sale on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/truist-bank-confirms-data-breach-after-stolen-data-shows-up-on-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

Ascension hacked after employee downloaded malicious file

Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. [...] https://www.bleepingcomputer.com/news/security/ascension-hacked-after-employee-downloaded-malicious-file/ Posted from: this blog via Microsoft Power Automate .

Ascension hacked after employee downloaded malicious file

Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee who downloaded a malicious file onto a company device. [...] https://www.bleepingcomputer.com/news/security/ascension-hacked-after-employee-downloaded-malicious-file/ Posted from: this blog via Microsoft Power Automate .

New York Times warns freelancers of GitHub repo data breach

The New York Times notified an undisclosed number of contributors that some of their sensitive personal information was stolen and leaked after its GitHub repositories were breached in January 2024. [...] https://www.bleepingcomputer.com/news/security/new-york-times-warns-freelancers-of-github-repo-data-breach/ Posted from: this blog via Microsoft Power Automate .

Toronto District School Board hit by a ransomware attack

The Toronto District School Board (TDSB) is warning that it suffered a ransomware attack on its software testing environment and is now investigating whether any personal information was exposed. [...] https://www.bleepingcomputer.com/news/security/toronto-district-school-board-hit-by-a-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Exploit for Veeam Recovery Orchestrator auth bypass available, patch now

A proof-of-concept (PoC) exploit for a critical Veeam Recovery Orchestrator authentication bypass vulnerability tracked as CVE-2024-29855 has been released, elevating the risk of being exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/exploit-for-veeam-recovery-orchestrator-auth-bypass-available-patch-now/ Posted from: this blog via Microsoft Power Automate .

Phishing emails abuse Windows search protocol to push malicious scripts

A new phishing campaign uses HTML attachments that abuse the Windows search protocol (search-ms URI) to push batch files hosted on remote servers that deliver malware. [...] https://www.bleepingcomputer.com/news/security/phishing-emails-abuse-windows-search-protocol-to-push-malicious-scripts/ Posted from: this blog via Microsoft Power Automate .

AWS adds passkeys support, warns root users must enable MFA

Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. [...] https://www.bleepingcomputer.com/news/security/aws-adds-passkeys-support-warns-root-users-must-enable-mfa/ Posted from: this blog via Microsoft Power Automate .

AWS adds passkeys support, warns root users must enable MFA

Amazon Web Services (AWS) has introduced FIDO2 passkeys as a new method for multi-factor authentication (MFA) to enhance account security and usability. [...] https://www.bleepingcomputer.com/news/security/aws-adds-passkeys-support-warns-root-users-must-enable-mfa/ Posted from: this blog via Microsoft Power Automate .

Google warns of actively exploited Pixel firmware zero-day

Google has released patches for 50 security vulnerabilities impacting its Pixel devices and warned that one of them had already been targeted in attacks as a zero-day. [...] https://www.bleepingcomputer.com/news/security/google-warns-of-actively-exploited-pixel-firmware-zero-day/ Posted from: this blog via Microsoft Power Automate .

CISA warns of criminals impersonating its employees in phone calls

Today, the Cybersecurity and Infrastructure Security Agency (CISA) warned that criminals are impersonating its employees in phone calls and attempting to deceive potential victims into transferring money. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-criminals-impersonating-its-employees-in-phone-calls/ Posted from: this blog via Microsoft Power Automate .

New phishing toolkit uses PWAs to steal login credentials

A new phishing kit has been released that allows red teamers and cybercriminals to create progressive web Apps (PWAs) that display convincing corporate login forms to steal credentials. [...] https://www.bleepingcomputer.com/news/security/new-phishing-toolkit-uses-pwas-to-steal-login-credentials/ Posted from: this blog via Microsoft Power Automate .

Life360 says hacker tried to extort them after Tile data breach

Safety and location services company Life360 says it was the target of an extortion attempt after a threat actor breached and stole sensitive information from a Tile customer support platform. [...] https://www.bleepingcomputer.com/news/security/life360-says-hacker-tried-to-extort-them-after-tile-data-breach/ Posted from: this blog via Microsoft Power Automate .

New Windows Server KB5039227 and KB5039217 updates fix LSASS crashes

Microsoft has released the Windows Server 2022 KB5039227 and Windows Server 2019 KB5039217 cumulative updates with security fixes and fixes for a variety of bugs. [...] https://www.bleepingcomputer.com/news/microsoft/new-windows-server-kb5039227-and-kb5039217-updates-fix-lsass-crashes/ Posted from: this blog via Microsoft Power Automate .

JetBrains warns of IntelliJ IDE bug exposing GitHub access tokens

JetBrains warned customers to patch a critical vulnerability that impacts users of its IntelliJ integrated development environment (IDE) apps and exposes GitHub access tokens. [...] https://www.bleepingcomputer.com/news/security/jetbrains-warns-of-intellij-ide-bug-exposing-github-access-tokens/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5039211 update released with new feature, 12 fixes

Microsoft has released the KB5039211 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 12 changes, including a Snipping Tool feature that allows you to edit Android photos in Windows. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5039211-update-released-with-new-feature-12-fixes/ Posted from: this blog via Microsoft Power Automate .

Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs

Today is Microsoft's June 2024 Patch Tuesday, which includes security updates for 51 flaws, eighteen remote code execution flaws, and one publicly disclosed zero-day vulnerability. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2024-patch-tuesday-fixes-51-flaws-18-rces/ Posted from: this blog via Microsoft Power Automate .

City of Cleveland shuts down IT systems after cyberattack

The City of Cleveland, Ohio, is currently dealing with a cyberattack that has forced it to take citizen-facing services offline, including the public offices and facilities at Erieview and the City Hall. [...] https://www.bleepingcomputer.com/news/security/city-of-cleveland-shuts-down-it-systems-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers breached 20,000 FortiGate systems worldwide

The Dutch Military Intelligence and Security Service (MIVD) warned today that the impact of a Chinese cyber-espionage campaign unveiled earlier this year is "much larger than previously known." [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-breached-20-000-fortigate-systems-worldwide/ Posted from: this blog via Microsoft Power Automate .

Arm warns of actively exploited flaw in Mali GPU kernel drivers

Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. [...] https://www.bleepingcomputer.com/news/security/arm-warns-of-actively-exploited-flaw-in-mali-gpu-kernel-drivers/ Posted from: this blog via Microsoft Power Automate .

Gitloker attacks abuse GitHub notifications to push malicious oAuth apps

Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. [...] https://www.bleepingcomputer.com/news/security/gitloker-attacks-abuse-github-notifications-to-push-malicious-oauth-apps/ Posted from: this blog via Microsoft Power Automate .

Apple enters AI arms race with new Apple Intelligence feature

Apple unveiled its new 'Apple Intelligence' feature today at its 2024 Worldwide Developer Conference, finally unveiling its generative AI strategy that will power new personalized experiences on Apple devices. [...] https://www.bleepingcomputer.com/news/apple/apple-enters-ai-arms-race-with-new-apple-intelligence-feature/ Posted from: this blog via Microsoft Power Automate .

Apple enters AI arms race with new Apple Intelligence feature

Apple unveiled its new 'Apple Intelligence' feature today at its 2024 Worldwide Developer Conference, finally unveiling its generative AI strategy that will power new personalized experiences on Apple devices. [...] https://www.bleepingcomputer.com/news/apple/apple-enters-ai-arms-race-with-new-apple-intelligence-feature/ Posted from: this blog via Microsoft Power Automate .

Netgear WNR614 flaws allow device takeover, no fix available

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [...] https://www.bleepingcomputer.com/news/security/netgear-wnr614-flaws-allow-device-takeover-no-fix-available/ Posted from: this blog via Microsoft Power Automate .

Netgear WNR614 flaws allow device takeover, no fix available

Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [...] https://www.bleepingcomputer.com/news/security/netgear-wnr614-flaws-allow-device-takeover-no-fix-available/ Posted from: this blog via Microsoft Power Automate .

Cylance confirms data breach linked to 'third-party' platform

Cybersecurity company Cylance confirmed the legitimacy of data being sold on a hacking forum, stating that it is old data stolen from a "third-party platform." [...] https://www.bleepingcomputer.com/news/security/cylance-confirms-data-breach-linked-to-third-party-platform/ Posted from: this blog via Microsoft Power Automate .

London hospitals face blood shortage after Synnovis ransomware attack

England's NHS Blood and Transplant (NHSBT) has issued an urgent call to O Positive and O Negative blood donors to book appointments and donate after last week's cyberattack on pathology provider Synnovis impacted multiple hospitals in London. [...] https://www.bleepingcomputer.com/news/security/london-hospitals-face-blood-shortage-after-synnovis-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

23andMe data breach under investigation in UK and Canada

Privacy authorities in Canada and the United Kingdom have launched a joint investigation to assess the scope of sensitive customer information exposed in last year's 23andMe data breach. [...] https://www.bleepingcomputer.com/news/security/23andme-data-breach-under-investigation-in-uk-and-canada/ Posted from: this blog via Microsoft Power Automate .

Brave says May 2024 was its biggest growth month ever

Brave browser experienced its most significant growth month ever in May 2024, now used by more than 78.95 million monthly users, up 7.3%. [...] https://www.bleepingcomputer.com/news/technology/brave-says-may-2024-was-its-biggest-growth-month-ever/ Posted from: this blog via Microsoft Power Automate .

Malicious VSCode extensions with 229M installs found on Microsoft marketplace

A group of Israeli researchers exploring the limits of VSCode security have managed to "infect" over 100 organizations with a typosquatting Dracula extension that was weaponized with risky code. [...] https://www.bleepingcomputer.com/news/security/malicious-vscode-extensions-with-229m-installs-found-on-microsoft-marketplace/ Posted from: this blog via Microsoft Power Automate .

New York Times source code stolen using exposed GitHub token

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. [...] https://www.bleepingcomputer.com/news/security/new-york-times-source-code-stolen-using-exposed-github-token/ Posted from: this blog via Microsoft Power Automate .

DDoS attacks target EU political parties as elections begin

Hacktivists are conducting DDoS attacks on European political parties that represent and promote strategies opposing their interests, according to a report by Cloudflare. [...] https://www.bleepingcomputer.com/news/security/ddos-attacks-target-eu-political-parties-as-elections-begin/ Posted from: this blog via Microsoft Power Automate .

LastPass says 12-hour outage caused by bad Chrome extension update

LastPass says its almost 12-hour outage yesterday was caused by a bad update to its Google Chrome extension. [...] https://www.bleepingcomputer.com/news/security/lastpass-says-12-hour-outage-caused-by-bad-chrome-extension-update/ Posted from: this blog via Microsoft Power Automate .

Apple to unveil new 'Passwords' password manager app for iPhones, Macs

Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [...] https://www.bleepingcomputer.com/news/security/apple-to-unveil-new-passwords-password-manager-app-for-iphones-macs/ Posted from: this blog via Microsoft Power Automate .

Apple to unveil new 'Passwords' password manager app for iPhones, Macs

Apple will reportedly unveil a standalone password manager named 'Passwords' as part of iOS 18, iPadOS 18, and macOS 15 during the upcoming Apple Worldwide Developers Conference. [...] https://www.bleepingcomputer.com/news/security/apple-to-unveil-new-passwords-password-manager-app-for-iphones-macs/ Posted from: this blog via Microsoft Power Automate .

Christie's starts notifying clients of RansomHub data breach

British auction house Christie's is notifying individuals whose data was stolen by the RansomHub ransomware gang in a recent network breach. [...] https://www.bleepingcomputer.com/news/security/christies-starts-notifying-clients-of-ransomhub-data-breach/ Posted from: this blog via Microsoft Power Automate .

Microsoft makes Windows Recall opt-in, secures data with Windows Hello

Following massive customer pushback after it announced the new AI-powered Recall for Copilot+ PCs last month, Microsoft says it will update the feature to be more secure and require customers to opt in to enable it. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-makes-windows-recall-opt-in-secures-data-with-windows-hello/ Posted from: this blog via Microsoft Power Automate .

PHP fixes critical RCE flaw impacting all versions for Windows

A new PHP for Windows remote code execution (RCE) vulnerability has been disclosed, impacting all releases since version 5.x, potentially impacting a massive number of servers worldwide. [...] https://www.bleepingcomputer.com/news/security/php-fixes-critical-rce-flaw-impacting-all-versions-for-windows/ Posted from: this blog via Microsoft Power Automate .

Los Angeles Unified School District investigates data theft claims

Los Angeles Unified School District (LAUSD) officials are investigating a threat actor's claims that they're selling stolen databases containing records belonging to millions of students and thousands of teachers. [...] https://www.bleepingcomputer.com/news/security/los-angeles-unified-school-district-investigates-data-theft-claims/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit 2018 ThinkPHP flaws to install ‘Dama’ web shells

Chinese threat actors are targeting ThinkPHP applications vulnerable to CVE-2018-20062 and CVE-2019-9082 to install a persistent web shell named Dama. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-2018-thinkphp-flaws-to-install-dama-web-shells/ Posted from: this blog via Microsoft Power Automate .

Ukraine says hackers abuse SyncThing data sync tool to steal data

The Computer Emergency Response Team of Ukraine (CERT-UA) reports about a new campaign dubbed "SickSync," launched by the UAC-0020 (Vermin) hacking group in attacks on the Ukrainian defense forces. [...] https://www.bleepingcomputer.com/news/security/ukraine-says-hackers-abuse-syncthing-data-sync-tool-to-steal-data/ Posted from: this blog via Microsoft Power Automate .

New Fog ransomware targets US education sector via breached VPNs

A new ransomware operation named 'Fog' launched in early May 2024, using compromised VPN credentials to breach the networks of educational organizations in the U.S. [...] https://www.bleepingcomputer.com/news/security/new-fog-ransomware-targets-us-education-sector-via-breached-vpns/ Posted from: this blog via Microsoft Power Automate .

New Gitloker attacks wipe GitHub repos in extortion scheme

Attackers are targeting GitHub repositories, wiping their contents, and asking the victims to reach out on Telegram for more information. [...] https://www.bleepingcomputer.com/news/security/new-gitloker-attacks-wipe-github-repos-in-extortion-scheme/ Posted from: this blog via Microsoft Power Automate .

Google Chrome reduced cookie requests to improve performance

Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. [...] https://www.bleepingcomputer.com/news/google/google-chrome-reduced-cookie-requests-to-improve-performance/ Posted from: this blog via Microsoft Power Automate .

Google Chrome reduced cookie requests to improve performance

Google shared details on a recently introduced Chrome feature that changes how cookies are requested, with early tests showing increased performance across all platforms. [...] https://www.bleepingcomputer.com/news/google/google-chrome-reduced-cookie-requests-to-improve-performance/ Posted from: this blog via Microsoft Power Automate .

Advance Auto Parts stolen data for sale after Snowflake attack

Threat actors claim to be selling 3TB of data from Advance Auto Parts, a leading automotive aftermarket parts provider, stolen after breaching the company's Snowflake account. [...] https://www.bleepingcomputer.com/news/security/advance-auto-parts-stolen-data-for-sale-after-snowflake-attack/ Posted from: this blog via Microsoft Power Automate .

Check-in terminals used by thousands of hotels leak guest info

Ariane Systems self check-in systems installed at thousands of hotels worldwide are vulnerable to a kiosk mode bypass flaw that could allow access to guests' personal information and the keys for other rooms. [...] https://www.bleepingcomputer.com/news/security/check-in-terminals-used-by-thousands-of-hotels-leak-guest-info/ Posted from: this blog via Microsoft Power Automate .

Club Penguin fans breached Disney Confluence server, stole 2.5GB of data

Club Penguin fans hacked a Disney Confluence server to steal information about their favorite game but wound up walking away with 2.5 GB of internal corporate data, BleepingComputer has learned. [...] https://www.bleepingcomputer.com/news/security/club-penguin-fans-breached-disney-confluence-server-stole-25gb-of-data/ Posted from: this blog via Microsoft Power Automate .

Chinese hacking groups team up in cyber espionage campaign

Chinese state-sponsored actors have been targeting a government agency since at least March 2023 in a cyberespionage campaign that researchers track as Crimson Palace [...] https://www.bleepingcomputer.com/news/security/chinese-hacking-groups-team-up-in-cyber-espionage-campaign/ Posted from: this blog via Microsoft Power Automate .

Qilin ransomware gang linked to attack on London hospitals

A ransomware attack that hit pathology services provider Synnovis on Monday and impacted several major NHS hospitals in London has now been linked to the Qilin ransomware operation. [...] https://www.bleepingcomputer.com/news/security/qilin-ransomware-gang-linked-to-attack-on-london-hospitals/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2024.2 released with 18 new tools, Y2038 changes

Kali Linux has released version 2024.2, the first version of 2024, with eighteen new tools and fixes for the Y2038 bug. [...] https://www.bleepingcomputer.com/news/linux/kali-linux-20242-released-with-18-new-tools-y2038-changes/ Posted from: this blog via Microsoft Power Automate .

Australian mining company discloses breach after BianLian leaks data

Northern Minerals issued an announcement earlier today warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. [...] https://www.bleepingcomputer.com/news/security/australian-mining-company-discloses-breach-after-bianlian-leaks-data/ Posted from: this blog via Microsoft Power Automate .

TikTok fixes zero-day bug used to hijack high-profile accounts

Over the past week, attackers have hijacked high-profile TikTok accounts belonging to multiple companies and celebrities, exploiting a zero-day vulnerability in the social media's direct messages feature. [...] https://www.bleepingcomputer.com/news/security/tiktok-fixes-zero-day-bug-used-to-hijack-high-profile-accounts/ Posted from: this blog via Microsoft Power Automate .

FBI warns of fake remote work ads used for cryptocurrency fraud

Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-remote-work-ads-used-for-cryptocurrency-fraud/ Posted from: this blog via Microsoft Power Automate .

ARRL says it was hacked by an "international cyber group"

American Radio Relay League (ARRL) has shared more information about a May cyberattack that took its Logbook of the World offline and caused some members to become frustrated over the lack of information. [...] https://www.bleepingcomputer.com/news/security/american-radio-relay-league-says-it-was-hacked-by-an-international-cyber-group/ Posted from: this blog via Microsoft Power Automate .

FBI warns of fake remote work ads used for cryptocurrency fraud

Today, the FBI issued a warning about scammers using fake remote job ads to steal cryptocurrency from job seekers across the United States while posing as recruiters for legitimate companies. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-remote-work-ads-used-for-cryptocurrency-fraud/ Posted from: this blog via Microsoft Power Automate .

Microsoft announces first Windows 10 Beta build since 2021

Microsoft has reopened the Windows 10 beta channel and is asking Insiders to join or switch to receive a new beta build in the coming weeks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-first-windows-10-beta-build-since-2021/ Posted from: this blog via Microsoft Power Automate .

New V3B phishing kit targets customers of 54 European banks

Cybercriminals are promoting a new phishing kit named 'V3B' on Telegram, which currently targets customers of 54 major financial institutes in Ireland, the Netherlands, Finland, Austria, Germany, France, Belgium, Greece, Luxembourg, and Italy. [...] https://www.bleepingcomputer.com/news/security/new-v3b-phishing-kit-targets-customers-of-54-european-banks/ Posted from: this blog via Microsoft Power Automate .

Zyxel issues emergency RCE patch for end-of-life NAS devices

Zyxel Networks has released an emergency security update to address three critical vulnerabilities impacting older NAS devices that have reached end-of-life. [...] https://www.bleepingcomputer.com/news/security/zyxel-issues-emergency-rce-patch-for-end-of-life-nas-devices/ Posted from: this blog via Microsoft Power Automate .

Microsoft deprecates Windows NTLM authentication protocol

Microsoft has officially deprecated NTLM authentication on Windows and Windows servers, stating that developers should transition to Kerberos or Negotiation authentication to prevent problems in the future. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-deprecates-windows-ntlm-authentication-protocol/ Posted from: this blog via Microsoft Power Automate .

Data firm execs convicted for helping fraudsters target the elderly

A former senior executive and former sales manager of Epsilon Data Management LLC (Epsilon) were convicted of selling data of millions of Americans to perpetrators of mail fraud schemes. [...] https://www.bleepingcomputer.com/news/legal/data-firm-execs-convicted-for-helping-fraudsters-target-the-elderly/ Posted from: this blog via Microsoft Power Automate .

Microsoft India’s X account hijacked in Roaring Kitty crypto scam

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. [...] https://www.bleepingcomputer.com/news/security/microsoft-indias-x-account-hijacked-in-roaring-kitty-crypto-scam-to-push-wallet-drainers/ Posted from: this blog via Microsoft Power Automate .

Microsoft India’s X account hijacked in Roaring Kitty crypto scam

The official Microsoft India account on Twitter, with over 211,000 followers, was hijacked by cryptocurrency scammers to impersonate Roaring Kitty, the handle used by notorious meme stock trader Keith Gill. [...] https://www.bleepingcomputer.com/news/security/microsoft-indias-x-account-hijacked-in-roaring-kitty-crypto-scam-to-push-wallet-drainers/ Posted from: this blog via Microsoft Power Automate .

Cox fixed an API auth bypass exposing millions of modems to attacks

​Cox Communications has fixed an authorization bypass vulnerability that enabled remote attackers to abuse exposed backend APIs to reset millions of modems' settings and steal customers' sensitive personal information. [...] https://www.bleepingcomputer.com/news/security/cox-fixed-an-api-auth-bypass-exposing-millions-of-modems-to-attacks/ Posted from: this blog via Microsoft Power Automate .

361 million stolen accounts leaked on Telegram added to HIBP

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised. [...] https://www.bleepingcomputer.com/news/security/361-million-stolen-accounts-leaked-on-telegram-added-to-hibp/ Posted from: this blog via Microsoft Power Automate .

Azure Service Tags tagged as security risk, Microsoft disagrees

​Security researchers at Tenable discovered what they describe as a high-severity vulnerability in Azure Service Tag that could allow attackers to access customers' private data. [...] https://www.bleepingcomputer.com/news/microsoft/azure-service-tags-tagged-as-security-risk-microsoft-disagrees/ Posted from: this blog via Microsoft Power Automate .

Exploit for critical Progress Telerik auth bypass released, patch now

Researchers have published a proof-of-concept (PoC) exploit script demonstrating a chained remote code execution (RCE) vulnerability on Progress Telerik Report Servers. [...] https://www.bleepingcomputer.com/news/security/exploit-for-critical-progress-telerik-auth-bypass-released-patch-now/ Posted from: this blog via Microsoft Power Automate .

Verizon users report blurry photos in Android messaging apps

Verizon customers using Android phones report that they receive blurry images through text messages on different services and apps, with no response from Verizon as to why. [...] https://www.bleepingcomputer.com/news/mobile/verizon-users-report-blurry-photos-in-android-messaging-apps/ Posted from: this blog via Microsoft Power Automate .

Police dismantle pirated TV streaming network that made $5.7 million

Spanish police have dismantled a network of illegal media content distribution that, since the start of its operations in 2015, has made over $5,700,000. [...] https://www.bleepingcomputer.com/news/legal/police-dismantle-pirated-tv-streaming-network-that-made-57-million/ Posted from: this blog via Microsoft Power Automate .

AI platform Hugging Face says hackers stole auth tokens from Spaces

AI platform Hugging Face says that its Spaces platform was breached, allowing hackers to access authentication secrets for its members. [...] https://www.bleepingcomputer.com/news/security/ai-platform-hugging-face-says-hackers-stole-auth-tokens-from-spaces/ Posted from: this blog via Microsoft Power Automate .

Kaspersky releases free tool that scans Linux for known threats

Kaspersky has released a new virus removal tool named KVRT for the Linux platform, allowing users to scan their systems and remove malware and other known threats for free. [...] https://www.bleepingcomputer.com/news/software/kaspersky-releases-free-tool-that-scans-linux-for-known-threats/ Posted from: this blog via Microsoft Power Automate .

Google Chrome change that weakens ad blockers begins June 3rd

Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. [...] https://www.bleepingcomputer.com/news/google/google-chrome-change-that-weakens-ad-blockers-begins-june-3rd/ Posted from: this blog via Microsoft Power Automate .

Google Chrome change that weakens ad blockers begins June 3rd

Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. [...] https://www.bleepingcomputer.com/news/google/google-chrome-change-that-weakens-ad-blockers-begins-june-3rd/ Posted from: this blog via Microsoft Power Automate .

Google Chrome change that weakens ad blockers begins June 3rd

Google is continuing with its plan to phase out Manifest V2 extensions in Chrome starting in early June 2024, weakening the abilities of ad blockers. [...] https://www.bleepingcomputer.com/news/google/google-chrome-change-that-weakens-ad-blockers-begins-june-3rd/ Posted from: this blog via Microsoft Power Automate .