Posts

Showing posts from July, 2024

Credit card users get mysterious shopify-charge.com charges

People worldwide report seeing mysterious $1 or $0 charges from Shopify-charge.com appearing on their credit card bills, even when they did not attempt to purchase anything. [...] https://www.bleepingcomputer.com/news/security/credit-card-users-get-mysterious-shopify-chargecom-charges/ Posted from: this blog via Microsoft Power Automate .

DigiCert to delay cert revocations for critical infrastructure

DigiCert urges critical infrastructure operators to request a delay if they cannot reissue their certificates, as required by an ongoing certificate mass-revocation process announced on Tuesday. [...] https://www.bleepingcomputer.com/news/security/digicert-to-delay-cert-revocations-for-critical-infrastructure/ Posted from: this blog via Microsoft Power Automate .

OneBlood's virtual machines encrypted in ransomware attack

OneBlood, a large not-for-profit blood center that serves hospitals and patients in the United States, is dealing with an IT systems outage caused by a ransomware attack. [...] https://www.bleepingcomputer.com/news/security/onebloods-virtual-machines-encrypted-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Google ads push fake Google Authenticator site installing malware

Google has fallen victim to its own ad platform, allowing threat actors to create fake Google Authenticator ads that push the DeerStealer information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/google-ads-push-fake-google-authenticator-site-installing-malware/ Posted from: this blog via Microsoft Power Automate .

World leading silver producer Fresnillo discloses cyberattack

​Fresnillo PLC, the world's largest silver producer and a top global producer of gold, copper, and zinc, said attackers gained access to data stored on its systems during a recent cyberattack. [...] https://www.bleepingcomputer.com/news/security/world-leading-silver-producer-fresnillo-discloses-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Fraud ring pushes 600+ fake web shops via Facebook ads

A malicious fraud campaign dubbed "ERIAKOS" promotes more than 600 fake web shops through Facebook advertisements to steal visitors' personal and financial information. [...] https://www.bleepingcomputer.com/news/security/fraud-ring-pushes-600-plus-fake-web-shops-via-facebook-ads/ Posted from: this blog via Microsoft Power Automate .

Microsoft says massive Azure outage was caused by DDoS attack

Microsoft confirmed today that a nine-hour outage on Tuesday that took down and disrupted multiple Microsoft 365 and Azure services worldwide was triggered by a distributed denial-of-service (DDoS) attack. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-massive-azure-outage-was-caused-by-ddos-attack/ Posted from: this blog via Microsoft Power Automate .

Massive SMS stealer campaign infects Android devices in 113 countries

A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. [...] https://www.bleepingcomputer.com/news/security/massive-sms-stealer-campaign-infects-android-devices-in-113-countries/ Posted from: this blog via Microsoft Power Automate .

Massive SMS stealer campaign infects Android devices in 113 countries

A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware and steal one-time 2FA passwords (OTPs) for over 600 services. [...] https://www.bleepingcomputer.com/news/security/massive-sms-stealer-campaign-infects-android-devices-in-113-countries/ Posted from: this blog via Microsoft Power Automate .

CISA warns of VMware ESXi bug exploited in ransomware attacks

CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-vmware-esxi-bug-exploited-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Dark Angels ransomware extorts record-breaking $75 million ransom

A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. [...] https://www.bleepingcomputer.com/news/security/dark-angels-ransomware-extorts-record-breaking-75-million-ransom/ Posted from: this blog via Microsoft Power Automate .

Google Chrome adds app-bound encryption to block infostealer malware

Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. [...] https://www.bleepingcomputer.com/news/security/google-chrome-adds-app-bound-encryption-to-block-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

Columbus investigates whether data was stolen in ransomware attack

The City of Columbus, Ohio, says it's investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City's services. [...] https://www.bleepingcomputer.com/news/security/columbus-investigates-whether-data-was-stolen-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

DigiCert mass-revoking TLS certificates due to domain validation bug

DigiCert is warning that it will be mass-revoking SSL/TLS certificates due to a bug in how the company verified if a customer owned or operated a domain and requires impacted customers to reissue certificates within 24 hours. [...] https://www.bleepingcomputer.com/news/security/digicert-mass-revoking-tls-certificates-due-to-domain-validation-bug/ Posted from: this blog via Microsoft Power Automate .

Is your password policy working? Key cybersecurity KPIs to measure

Are your password policies having a positive impact on the cybersecurity posture of your org? Learn more from Specops Software about how to align password policies with wider cybersecurity KPIs. [...] https://www.bleepingcomputer.com/news/security/is-your-password-policy-working-key-cybersecurity-kpis-to-measure/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 and Azure outage takes down multiple services

Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-365-and-azure-outage-takes-down-multiple-services/ Posted from: this blog via Microsoft Power Automate .

UK govt links 2021 Electoral Commission breach to Exchange server

The United Kingdom's Information Commissioner's Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/uk-govt-links-2021-electoral-commission-breach-to-exchange-server/ Posted from: this blog via Microsoft Power Automate .

Android spyware 'Mandrake' hidden in apps on Google Play since 2022

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [...] https://www.bleepingcomputer.com/news/security/android-spyware-mandrake-hidden-in-apps-on-google-play-since-2022/ Posted from: this blog via Microsoft Power Automate .

Android spyware 'Mandrake' hidden in apps on Google Play since 2022

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [...] https://www.bleepingcomputer.com/news/security/android-spyware-mandrake-hidden-in-apps-on-google-play-since-2022/ Posted from: this blog via Microsoft Power Automate .

Android spyware 'Mandrake' hidden in apps on Google Play since 2022

A new version of the Android spyware 'Mandrake' has been found in five applications downloaded 32,000 times from Google Play, the platform's official app store. [...] https://www.bleepingcomputer.com/news/security/android-spyware-mandrake-hidden-in-apps-on-google-play-since-2022/ Posted from: this blog via Microsoft Power Automate .

New Specula tool uses Outlook for remote code execution in Windows

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. [...] https://www.bleepingcomputer.com/news/security/new-specula-tool-uses-outlook-for-remote-code-execution-in-windows/ Posted from: this blog via Microsoft Power Automate .

New Specula tool uses Outlook for remote code execution in Windows

Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named "Specula," released today by cybersecurity firm TrustedSec. [...] https://www.bleepingcomputer.com/news/security/new-specula-tool-uses-outlook-for-remote-code-execution-in-windows/ Posted from: this blog via Microsoft Power Automate .

Apple iOS 18.1 Beta previews Apple Intelligence for the first time

Apple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released for testing in the public previews. [...] https://www.bleepingcomputer.com/news/apple/apple-ios-181-beta-previews-apple-intelligence-for-the-first-time/ Posted from: this blog via Microsoft Power Automate .

Apple iOS 18.1 Beta previews Apple Intelligence for the first time

Apple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released for testing in the public previews. [...] https://www.bleepingcomputer.com/news/apple/apple-ios-181-beta-previews-apple-intelligence-for-the-first-time/ Posted from: this blog via Microsoft Power Automate .

Former Avaya employee gets 4 years for $88M license piracy scheme

Three individuals who orchestrated a massive-scale pirate operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have received imprisonment sentences. [...] https://www.bleepingcomputer.com/news/legal/former-avaya-employee-gets-4-years-for-88m-license-piracy-scheme/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks

Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-ransomware-gangs-exploit-vmware-esxi-auth-bypass-in-attacks/ Posted from: this blog via Microsoft Power Automate .

HealthEquity says data breach impacts 4.3 million people

HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. [...] https://www.bleepingcomputer.com/news/security/healthequity-says-data-breach-impacts-43-million-people/ Posted from: this blog via Microsoft Power Automate .

Proofpoint settings exploited to send millions of phishing emails daily

A massive phishing campaign dubbed "EchoSpoofing" exploited a security gap in Proofpoint's email protection service to dispatch millions of spoofed emails impersonating big entities like Disney, Nike, IBM, and Coca-Cola, to target Fortune 100 companies. [...] https://www.bleepingcomputer.com/news/security/proofpoint-settings-exploited-to-send-millions-of-phishing-emails-daily/ Posted from: this blog via Microsoft Power Automate .

Misconfigured Selenium Grid servers abused for Monero mining

Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency. [...] https://www.bleepingcomputer.com/news/security/misconfigured-selenium-grid-servers-abused-for-monero-mining/ Posted from: this blog via Microsoft Power Automate .

X begins training Grok AI with your posts, here's how to disable

X has quietly begun training its Grok AI chat platform using members' public posts without first alerting anyone that it is doing it by default. Here's how to block Grok from using your data. [...] https://www.bleepingcomputer.com/news/security/x-begins-training-grok-ai-with-your-posts-heres-how-to-disable/ Posted from: this blog via Microsoft Power Automate .

X begins training Grok AI with your posts, here's how to disable

X has quietly begun training its Grok AI chat platform using members' public posts without first alerting anyone that it is doing it by default. Here's how to block Grok from using your data. [...] https://www.bleepingcomputer.com/news/security/x-begins-training-grok-ai-with-your-posts-heres-how-to-disable/ Posted from: this blog via Microsoft Power Automate .

Windows 11 taskbar has a hidden "End Task" feature, how to turn it on

Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-taskbar-has-a-hidden-end-task-feature-how-to-turn-it-on/ Posted from: this blog via Microsoft Power Automate .

WhatsApp for Windows lets Python, PHP scripts execute with no warning

A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the recipient opens them. [...] https://www.bleepingcomputer.com/news/security/whatsapp-for-windows-lets-python-php-scripts-execute-with-no-warning/ Posted from: this blog via Microsoft Power Automate .

Windows 11 taskbar has a hidden "End Task" feature, how to turn it on

Microsoft has added a feature to Windows 11 that allows you to end tasks directly from the taskbar. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-taskbar-has-a-hidden-end-task-feature-how-to-turn-it-on/ Posted from: this blog via Microsoft Power Automate .

Crypto exchange Gemini discloses third-party data breach

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [...] https://www.bleepingcomputer.com/news/security/crypto-exchange-gemini-discloses-third-party-data-breach/ Posted from: this blog via Microsoft Power Automate .

Crypto exchange Gemini discloses third-party data breach

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House (ACH) service provider, whose name was not disclosed. [...] https://www.bleepingcomputer.com/news/security/crypto-exchange-gemini-discloses-third-party-data-breach/ Posted from: this blog via Microsoft Power Automate .

Google fixes Chrome Password Manager bug that hides credentials

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. [...] https://www.bleepingcomputer.com/news/google/google-fixes-chrome-password-manager-bug-that-hides-credentials/ Posted from: this blog via Microsoft Power Automate .

FBCS data breach impact now reaches 4.2 million people

Debt collection agency Financial Business and Consumer Solutions (FBCS) has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. [...] https://www.bleepingcomputer.com/news/security/fbcs-data-breach-impact-now-reaches-42-million-people/ Posted from: this blog via Microsoft Power Automate .

July Windows Server updates break Remote Desktop connections

Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. [...] https://www.bleepingcomputer.com/news/microsoft/july-windows-server-updates-break-remote-desktop-connections/ Posted from: this blog via Microsoft Power Automate .

Acronis warns of Cyber Infrastructure default password abused in attacks

​Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. [...] https://www.bleepingcomputer.com/news/security/acronis-warns-of-cyber-infrastructure-default-password-abused-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Russian ransomware gangs account for 69% of all ransom proceeds

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. [...] https://www.bleepingcomputer.com/news/security/russian-ransomware-gangs-account-for-69-percent-of-all-ransom-proceeds/ Posted from: this blog via Microsoft Power Automate .

PKfail Secure Boot bypass lets attackers install UEFI malware

Hundreds of UEFI products from 10 vendors are susceptible to compromise due to a critical firmware supply-chain issue known as PKfail, which allows attackers to bypass Secure Boot and install malware. [...] https://www.bleepingcomputer.com/news/security/pkfail-secure-boot-bypass-lets-attackers-install-uefi-malware/ Posted from: this blog via Microsoft Power Automate .

Critical ServiceNow RCE flaws actively exploited to steal credentials

Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. [...] https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5040527 update fixes Windows Backup failures

Microsoft has released the optional KB5040527 preview cumulative update for Windows 11 23H2 and 22H2, which includes fixes for Windows Backup and upgrade failures. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5040527-update-fixes-windows-backup-failures/ Posted from: this blog via Microsoft Power Automate .

US offers $10M for tips on DPRK hacker linked to Maui ransomware attacks

The U.S. State Department is offering a reward of up to $10 million for information that could lead to the identification or location of a North Korean military hacker. [...] https://www.bleepingcomputer.com/news/security/us-offers-10m-for-tips-on-dprk-hacker-linked-to-maui-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Progress warns of critical RCE bug in Telerik Report Server

Progress Software has warned customers to patch a critical remote code execution security flaw in the Telerik Report Server that can be used to compromise vulnerable devices. [...] https://www.bleepingcomputer.com/news/security/progress-warns-of-critical-rce-bug-in-telerik-report-server/ Posted from: this blog via Microsoft Power Automate .

Why Multivendor Cybersecurity Stacks Are Increasingly Obsolete

Multivendor tech stacks are costly and complex to integrate and manage. Learn more from Cynet about how an All-in-One approach reduces costs for MSPs and SMEs, while offering increased security. [...] https://www.bleepingcomputer.com/news/security/why-multivendor-cybersecurity-stacks-are-increasingly-obsolete/ Posted from: this blog via Microsoft Power Automate .

Over 3,000 GitHub accounts used by malware distribution service

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/over-3-000-github-accounts-used-by-malware-distribution-service/ Posted from: this blog via Microsoft Power Automate .

CrowdStrike: 'Content Validator' bug let faulty update pass checks

CrowdStrike released a Preliminary Post Incident Review (PIR) on the faulty Falcon update explaining that a bug allowed bad data to pass its Content Validator and cause millions of Windows systems to crash on July 19, 2024. [...] https://www.bleepingcomputer.com/news/security/crowdstrike-content-validator-bug-let-faulty-update-pass-checks/ Posted from: this blog via Microsoft Power Automate .

BreachForums v1 database leak is an OPSEC test for hackers

The entire database for the notorious BreachForums v1 hacking forum was released on Telegram Tuesday night, exposing a treasure trove of data, including members' information, private messages, cryptocurrency addresses, and every post on the forum. [...] https://www.bleepingcomputer.com/news/security/breachforums-v1-database-leak-is-an-opsec-test-for-hackers/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers deploy new Macma macOS backdoor version

The Chinese hacking group tracked as 'Evasive Panda' was spotted using new versions of the Macma backdoor and the Nightdoor Windows malware. [...] https://www.bleepingcomputer.com/news/security/evasive-panda-hackers-deploy-new-macma-macos-backdoor-version/ Posted from: this blog via Microsoft Power Automate .

Hamster Kombat’s 250 million players targeted in malware attacks

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/hamster-kombats-250-million-players-targeted-in-android-windows-malware-attacks/ Posted from: this blog via Microsoft Power Automate .

Hamster Kombat’s 250 million players targeted in malware attacks

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/hamster-kombats-250-million-players-targeted-in-android-windows-malware-attacks/ Posted from: this blog via Microsoft Power Automate .

Hamster Kombat’s 250 million players targeted in malware attacks

Threat actors are taking advantage of the massive popularity of the Hamster Kombat game, targeting players with fake Android and Windows software that install spyware and information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/hamster-kombats-250-million-players-targeted-in-android-windows-malware-attacks/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5040525 fixes WDAC issues causing app failures, memory leak

Microsoft has released the July 2024 preview update for Windows 10, version 22H2, with fixes for Windows Defender Application Control (WDAC) issues causing app crashes and system memory exhaustion. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5040525-fixes-wdac-issues-causing-app-failures-memory-leak/ Posted from: this blog via Microsoft Power Automate .

DeFi exchange dYdX v3 website hacked in DNS hijack attack

Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [...] https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/ Posted from: this blog via Microsoft Power Automate .

DeFi exchange dYdX v3 website hacked in DNS hijack attack

Decentralized finance (DeFi) crypto exchange dYdX announced on Tuesday that the website for its older v3 trading platform has been compromised. [...] https://www.bleepingcomputer.com/news/security/defi-exchange-dydx-v3-website-hacked-in-dns-hijack-attack/ Posted from: this blog via Microsoft Power Automate .

BreachForums v1 hacking forum data leak exposes members’ info

The private member information of the BreachForums v1 hacking forum from 2022 has been leaked online, allowing threat actors and researchers to gain insight into its users. [...] https://www.bleepingcomputer.com/news/security/breachforums-v1-hacking-forum-data-leak-exposes-members-info/ Posted from: this blog via Microsoft Power Automate .

FrostyGoop malware attack cut off heat in Ukraine during winter

Russian-linked malware was used in a January 2024 cyberattack to cut off the heating of over 600 apartment buildings in Lviv, Ukraine, for two days during sub-zero temperatures. [...] https://www.bleepingcomputer.com/news/security/frostygoop-malware-attack-cut-off-heat-in-ukraine-during-winter/ Posted from: this blog via Microsoft Power Automate .

Verizon to pay $16 million in TracFone data breach settlement

Verizon Communications has agreed to a $16,000,000 settlement with the Federal Communications Commission (FCC) in the U.S. concerning three data breach incidents its wholly-owned subsidiary, TracFone Wireless, suffered after its acquisition in 2021. [...] https://www.bleepingcomputer.com/news/security/verizon-to-pay-16-million-in-tracfone-data-breach-settlement/ Posted from: this blog via Microsoft Power Automate .

Fake CrowdStrike repair manual pushes new infostealer malware

CrowdStrike is warning that a fake recovery manual to repair Windows devices is installing a new information-stealing malware called Daolpu. [...] https://www.bleepingcomputer.com/news/security/fake-crowdstrike-repair-manual-pushes-new-daolpu-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

Greece’s Land Registry agency breached in wave of 400 cyberattacks

The Land Registry agency in Greece has announced that it suffered a limited-scope data breach following a wave of 400 cyberattacks targeting its IT infrastructure over the last week. [...] https://www.bleepingcomputer.com/news/security/greeces-land-registry-agency-breached-in-wave-of-400-cyberattacks/ Posted from: this blog via Microsoft Power Automate .

Google rolls back decision to kill third-party cookies in Chrome

Google has scrapped its plan to kill third-party cookies in Chrome and will instead introduce a new browser experience to allows users to limit how these cookies are used. [...] https://www.bleepingcomputer.com/news/security/google-rolls-back-decision-to-kill-third-party-cookies-in-chrome/ Posted from: this blog via Microsoft Power Automate .

Police infiltrates, takes down DigitalStress DDoS-for-hire service

DDoS-for-hire service DigitalStress was taken down on July 2 in a joint law enforcement operation led by the United Kingdom's National Crime Agency (NCA). [...] https://www.bleepingcomputer.com/news/security/police-infiltrates-takes-down-digitalstress-ddos-for-hire-service/ Posted from: this blog via Microsoft Power Automate .

Telegram zero-day allowed sending malicious Android APKs as videos

A Telegram for Android zero-day vulnerability dubbed 'EvilVideo' allowed attackers to send malicious Android APK payloads disguised as video files. [...] https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sending-malicious-android-apks-as-videos/ Posted from: this blog via Microsoft Power Automate .

Spain arrests three for using DDoSia hacktivist platform

The Spanish authorities have arrested three individuals for using DDoSia, a distributed denial of service platform operated by pro-Russian hacktivists, to conduct DDoS attacks against governments and organizations in NATO countries. [...] https://www.bleepingcomputer.com/news/security/spain-arrests-three-for-using-ddosia-hacktivist-platform/ Posted from: this blog via Microsoft Power Automate .

Microsoft releases Windows repair tool to remove CrowdStrike driver

Microsoft has released a custom WinPE recovery tool to find and remove the faulty CrowdStrike update that crashed an estimated 8.5 million Windows devices on Friday. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-repair-tool-to-remove-crowdstrike-driver/ Posted from: this blog via Microsoft Power Automate .

Fake CrowdStrike updates target companies with malware, data wipers

Threat actors are exploiting the massive business disruption from CrowdStrike's glitchy update on Friday to target companies with data wipers and remote access tools. [...] https://www.bleepingcomputer.com/news/security/fake-crowdstrike-updates-target-companies-with-malware-data-wipers/ Posted from: this blog via Microsoft Power Automate .

UK arrests suspected Scattered Spider hacker linked to MGM attack

UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective.  [...] https://www.bleepingcomputer.com/news/security/uk-arrests-suspected-scattered-spider-hacker-linked-to-mgm-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms CrowdStrike update also hit Windows 365 PCs

Microsoft says the faulty CrowdStrike Falcon update, which caused widespread outages by crashing Windows systems worldwide, also resulted in Windows 365 Cloud PCs getting stuck in reboot loops, rendering them unusable. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-365-cloud-pcs-stuck-restarting-after-crowdstrike-update/ Posted from: this blog via Microsoft Power Automate .

MediSecure: Ransomware gang stole data of 12.9 million people

MediSecure, an Australian prescription delivery service provider, revealed that roughly 12.9 million people had their personal and health information stolen in an April ransomware attack. [...] https://www.bleepingcomputer.com/news/security/medisecure-ransomware-gang-stole-data-of-129-million-people/ Posted from: this blog via Microsoft Power Automate .

CrowdStrike update crashes Windows systems, causes outages worldwide

A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. [...] https://www.bleepingcomputer.com/news/security/crowdstrike-update-crashes-windows-systems-causes-outages-worldwide/ Posted from: this blog via Microsoft Power Automate .

Russians plead guilty to involvement in LockBit ransomware attacks

Two Russian nations have pleaded guilty to involvement in many LockBit ransomware attacks, which targeted victims worldwide and across the United States. [...] https://www.bleepingcomputer.com/news/security/russians-plead-guilty-to-involvement-in-lockbit-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Major Microsoft 365 outage caused by Azure configuration change

Microsoft says an Azure configuration change caused a major Microsoft 365 outage on Thursday, affecting customers across the Central US region. [...] https://www.bleepingcomputer.com/news/microsoft/major-microsoft-365-outage-caused-by-azure-configuration-change/ Posted from: this blog via Microsoft Power Automate .

Revolver Rabbit gang registers 500,000 domains for malware campaigns

A cybercriminal gang that researchers track as Revolver Rabbit has registered more than 500,000 domain names for infostealer campaigns that target Windows and macOS systems. [...] https://www.bleepingcomputer.com/news/security/revolver-rabbit-gang-registers-500-000-domains-for-malware-campaigns/ Posted from: this blog via Microsoft Power Automate .

SolarWinds fixes 8 critical bugs in access rights audit software

SolarWinds has fixed eight critical vulnerabilities in its Access Rights Manager (ARM) software, six of which allowed attackers to gain remote code execution (RCE) on vulnerable devices. [...] https://www.bleepingcomputer.com/news/security/solarwinds-fixes-8-critical-bugs-in-access-rights-audit-software/ Posted from: this blog via Microsoft Power Automate .

Critical Cisco bug lets hackers add root users on SEG devices

Cisco has fixed a critical severity vulnerability that lets attackers add new users with root privileges and permanently crash Security Email Gateway (SEG) appliances using emails with malicious attachments. [...] https://www.bleepingcomputer.com/news/security/critical-cisco-bug-lets-hackers-add-root-users-on-seg-devices/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows 11 23H2 now available for all eligible devices

Microsoft says the Windows 11 2023 Update has entered the broad deployment phase and is now available to all seekers on eligible systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-23h2-now-available-for-all-eligible-devices/ Posted from: this blog via Microsoft Power Automate .

Notorious FIN7 hackers sell EDR killer to other threat actors

The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. [...] https://www.bleepingcomputer.com/news/security/notorious-fin7-hackers-sell-edr-killer-to-other-threat-actors/ Posted from: this blog via Microsoft Power Automate .

Exchange Online adds Inbound DANE with DNSSEC for security boost

Microsoft is rolling out inbound SMTP DANE with DNSSEC for Exchange Online in public preview, a new capability to boost email integrity and security. [...] https://www.bleepingcomputer.com/news/microsoft/exchange-online-adds-inbound-dane-with-dnssec-for-security-boost/ Posted from: this blog via Microsoft Power Automate .

Cisco SSM On-Prem bug lets hackers change any user's password

Cisco has fixed a maximum severity vulnerability that allows attackers to change any user's password on vulnerable Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers, including administrators. [...] https://www.bleepingcomputer.com/news/security/cisco-ssm-on-prem-bug-lets-hackers-change-any-users-password/ Posted from: this blog via Microsoft Power Automate .

Over 400,000 Life360 user phone numbers leaked via unsecured API

A threat actor has leaked a database containing the personal information of 442,519 Life360 customers collected by abusing a flaw in the login API. [...] https://www.bleepingcomputer.com/news/security/over-400-000-life360-user-phone-numbers-leaked-via-unsecured-android-api/ Posted from: this blog via Microsoft Power Automate .

Yacht giant MarineMax data breach impacts 123,000 individuals

MarineMax, self-described as the world's largest recreational boat and yacht retailer, is notifying over 123,000 customers whose personal information was stolen in a March security breach claimed by the Rhysida ransomware gang. [...] https://www.bleepingcomputer.com/news/security/yacht-giant-marinemax-data-breach-impacts-123-000-individuals/ Posted from: this blog via Microsoft Power Automate .

Kaspersky offers free security software for six months in U.S. goodbye

Kaspersky is offering free security products for six months and tips for staying safe as a parting gift to consumers in the United States. [...] https://www.bleepingcomputer.com/news/security/kaspersky-offers-free-security-software-for-six-months-in-us-goodbye/ Posted from: this blog via Microsoft Power Automate .

CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks

​CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Email addresses of 15 million Trello users leaked on hacking forum

A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [...] https://www.bleepingcomputer.com/news/security/email-addresses-of-15-million-trello-users-leaked-on-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

Microsoft announces new Windows 'checkpoint' cumulative updates

Microsoft will introduce checkpoint cumulative updates starting in late 2024 for systems running devices running Windows Server 2025 and Windows 11, version 24H2 or later. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-new-windows-checkpoint-cumulative-updates/ Posted from: this blog via Microsoft Power Automate .

Microsoft links Scattered Spider hackers to Qilin ransomware attacks

Microsoft says the Scattered Spider cybercrime gang has added Qilin ransomware to its arsenal and is now using it in attacks. [...] https://www.bleepingcomputer.com/news/security/microsoft-links-scattered-spider-hackers-to-qilin-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft finally fixes Outlook alerts bug caused by December updates

Microsoft has finally fixed a known Outlook issue, confirmed in February, which was triggering incorrect security alerts after installing the December security updates for Outlook Desktop. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-finally-fixes-outlook-alerts-bug-caused-by-december-updates/ Posted from: this blog via Microsoft Power Automate .

Kaspersky is shutting down its business in the United States

Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. [...] https://www.bleepingcomputer.com/news/security/kaspersky-is-shutting-down-its-business-in-the-united-states/ Posted from: this blog via Microsoft Power Automate .

New BugSleep malware implant deployed in MuddyWater attacks

The Iranian-backed MuddyWatter hacking group has partially switched to using a new custom-tailored malware implant to steal files and run commands on compromised systems. [...] https://www.bleepingcomputer.com/news/security/new-bugsleep-malware-implant-deployed-in-muddywater-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares temp fix for Windows 11 Photos not launching

Microsoft has provided a temporary workaround for a known issue preventing the Microsoft Photos app from launching on some Windows 11 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-windows-11-photos-not-launching/ Posted from: this blog via Microsoft Power Automate .

SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks

The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. [...] https://www.bleepingcomputer.com/news/security/sexi-ransomware-rebrands-to-apt-inc-continues-vmware-esxi-attacks/ Posted from: this blog via Microsoft Power Automate .

Facebook ads for Windows desktop themes push info-stealing malware

Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [...] https://www.bleepingcomputer.com/news/security/facebook-ads-for-windows-themes-push-sys01-info-stealing-malware/ Posted from: this blog via Microsoft Power Automate .

Banks in Singapore to phase out one-time passwords in 3 months

The Monetary Authority of Singapore (MAS) has announced a new requirement impacting all major retail banks in the country to phase out the use of one-time passwords (OTPs) within the next three months. [...] https://www.bleepingcomputer.com/news/security/banks-in-singapore-to-phase-out-one-time-passwords-in-3-months/ Posted from: this blog via Microsoft Power Automate .

Critical Exim bug bypasses security filters on 1.5 million mail servers

Censys warns that over 1.5 million Exim mail transfer agent (MTA) instances are unpatched against a critical vulnerability that lets threat actors bypass security filters. [...] https://www.bleepingcomputer.com/news/security/critical-exim-bug-bypasses-security-filters-on-15-million-mail-servers/ Posted from: this blog via Microsoft Power Automate .

Rite Aid confirms data breach after June ransomware attack

Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. [...] https://www.bleepingcomputer.com/news/security/rite-aid-confirms-data-breach-after-june-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

DNS hijacks target crypto platforms registered with Squarespace

A wave of coordinated DNS hijacking attacks targets decentralized finance (DeFi) cryptocurrency domains using the Squarespace registrar, redirecting visitors to phishing sites hosting wallet drainers. [...] https://www.bleepingcomputer.com/news/security/dns-hijacks-target-crypto-platforms-registered-with-squarespace/ Posted from: this blog via Microsoft Power Automate .

Netgear warns users to patch auth bypass, XSS router flaws

Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. [...] https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-auth-bypass-xss-router-flaws/ Posted from: this blog via Microsoft Power Automate .

Massive AT&T data breach exposes call logs of 109 million customers

AT&T is warning of a massive data breach where threat actors stole the call logs for approximately 109 million customers, or nearly all of its mobile customers, from an online database on the company's Snowflake account. [...] https://www.bleepingcomputer.com/news/security/massive-atandt-data-breach-exposes-call-logs-of-109-million-customers/ Posted from: this blog via Microsoft Power Automate .

ARRL finally confirms ransomware gang stole data in cyberattack

The American Radio Relay League (ARRL) finally confirmed that some of its employees' data was stolen in a May ransomware attack initially described as a "serious incident." [...] https://www.bleepingcomputer.com/news/security/arrl-finally-confirms-ransomware-gang-stole-data-in-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Signal downplays encryption key flaw, fixes it after X drama

Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. [...] https://www.bleepingcomputer.com/news/security/signal-downplays-encryption-key-flaw-fixes-it-after-x-drama/ Posted from: this blog via Microsoft Power Automate .

Google increases bug bounty rewards five times, up to $151K

Google has announced a fivefold increase in payouts for bugs found in its systems and applications reported through its Vulnerability Reward Program, with a new maximum bounty of $151,515 for a single security flaw. [...] https://www.bleepingcomputer.com/news/security/google-increases-bug-bounty-rewards-five-times-up-to-151k/ Posted from: this blog via Microsoft Power Automate .

Dallas County: Data of 200,000 exposed in 2023 ransomware attack

Dallas County is notifying over 200,000 people that the Play ransomware attack, which occurred in October 2023, exposed their personal data to cybercriminals. [...] https://www.bleepingcomputer.com/news/security/dallas-county-data-of-200-000-exposed-in-2023-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

CRYSTALRAY hacker expands to 1,500 breached systems using SSH-Snake tool

A new threat actor known as CRYSTALRAY has significantly broadened its targeting scope with new tactics and exploits, now counting over 1,500 victims whose credentials were stolen and cryptominers deployed. [...] https://www.bleepingcomputer.com/news/security/crystalray-hacker-expands-to-1-500-breached-systems-using-ssh-snake-tool/ Posted from: this blog via Microsoft Power Automate .

Huione Guarantee exposed as a $11 billion marketplace for cybercrime

The seemingly legitimate online marketplace Huione Guarantee is being used as a platform for laundering money from online scams, especially "pig butchering" investment fraud, researchers say. [...] https://www.bleepingcomputer.com/news/security/huione-guarantee-exposed-as-a-11-billion-marketplace-for-cybercrime/ Posted from: this blog via Microsoft Power Automate .

Huione Guarantee exposed as a $11 billion marketplace for cybercrime

The seemingly legitimate online marketplace Huione Guarantee is being used as a platform for laundering money from online scams, especially "pig butchering" investment fraud, researchers say. [...] https://www.bleepingcomputer.com/news/security/huione-guarantee-exposed-as-a-11-billion-marketplace-for-cybercrime/ Posted from: this blog via Microsoft Power Automate .

GitLab: Critical bug lets attackers run pipelines as other users

GitLab warned today that a critical vulnerability in its product's GitLab Community and Enterprise editions allows attackers to run pipeline jobs as any other user. [...] https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-bug-that-lets-attackers-run-pipelines-as-an-arbitrary-user/ Posted from: this blog via Microsoft Power Automate .

ViperSoftX malware covertly runs PowerShell using AutoIT scripting

The latest variants of the ViperSoftX info-stealing malware use the common language runtime (CLR) to load and execute PowerShell commands within AutoIt scripts to evade detection. [...] https://www.bleepingcomputer.com/news/security/vipersoftx-malware-covertly-runs-powershell-using-autoit-scripting/ Posted from: this blog via Microsoft Power Automate .

CISA urges devs to weed out OS command injection vulnerabilities

​CISA and the FBI urged software companies on Wednesday to review their products and eliminate path OS command injection vulnerabilities before shipping. [...] https://www.bleepingcomputer.com/news/security/cisa-urges-devs-to-weed-out-os-command-injection-vulnerabilities/ Posted from: this blog via Microsoft Power Automate .

Japan warns of attacks linked to North Korean Kimsuky hackers

Japan's Computer Emergency Response Team Coordination Center (JPCERT/CC) is warning that Japanese organizations are being targeted in attacks by the North Korean 'Kimsuky' threat actors. [...] https://www.bleepingcomputer.com/news/security/japan-warns-of-attacks-linked-to-north-korean-kimsuky-hackers/ Posted from: this blog via Microsoft Power Automate .

Windows MSHTML zero-day used in malware attacks for over a year

Microsoft fixed a Windows zero-day vulnerability that has been actively exploited in attacks for eighteen months to launch malicious scripts while bypassing built-in security features. [...] https://www.bleepingcomputer.com/news/security/windows-mshtml-zero-day-used-in-malware-attacks-for-over-a-year/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows 11 bug causing reboot loops, taskbar freezes

Microsoft has fixed a known issue causing restart loops and taskbar problems on Windows 11 systems after installing the June KB5039302 preview update. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-11-bug-causing-reboot-loops-taskbar-freezes/ Posted from: this blog via Microsoft Power Automate .

US and partners disrupt bot farm pushing Russian propaganda

Almost a thousand Twitter accounts controlled by a large bot farm pushing Russian propaganda and domains used to register the bots were taken down in a joint international law enforcement operation led by the U.S. Justice Department. [...] https://www.bleepingcomputer.com/news/security/us-and-partners-disrupt-bot-farm-pushing-russian-propaganda/ Posted from: this blog via Microsoft Power Automate .

New Blast-RADIUS attack bypasses widely-used RADIUS authentication

Blast-RADIUS, an authentication bypass in the widely used RADIUS/UDP protocol, enables threat actors to breach networks and devices in man-in-the-middle MD5 collision attacks. [...] https://www.bleepingcomputer.com/news/security/new-blast-radius-attack-bypasses-widely-used-radius-authentication/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5040427 update released with Copilot changes, 12 other fixes

Microsoft has released the KB5040427 cumulative update for Windows 10 21H2 and Windows 10 22H2 with 13 changes, including Microsoft Copilot now behaving like an app, providing more flexibility on how it is displayed. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5040427-update-released-with-copilot-changes-12-other-fixes/ Posted from: this blog via Microsoft Power Automate .

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days

Today is Microsoft's July 2024 Patch Tuesday, which includes security updates for 142 flaws, including two actively exploited and two publicly disclosed zero-days. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-july-2024-patch-tuesday-fixes-142-flaws-4-zero-days/ Posted from: this blog via Microsoft Power Automate .

Hackers target WordPress calendar plugin used by 150,000 sites

Hackers are trying to exploit a vulnerability in the Modern Events Calendar WordPress plugin that is present on more than 150,000 websites to upload arbitrary files to a vulnerable site and execute code remotely. [...] https://www.bleepingcomputer.com/news/security/hackers-target-wordpress-calendar-plugin-used-by-150-000-sites/ Posted from: this blog via Microsoft Power Automate .

City of Philadelphia says over 35,000 hit in May 2023 breach

The City of Philadelphia revealed that a May 2024 disclosed in October impacted more than 35,000 individuals' personal and protected health information. [...] https://www.bleepingcomputer.com/news/security/city-of-philadelphia-says-over-35-000-hit-in-may-2023-breach/ Posted from: this blog via Microsoft Power Automate .

Chinese APT40 hackers hijack SOHO routers to launch attacks

An advisory by CISA and multiple international cybersecurity agencies highlights the tactics, techniques, and procedures (TTPs) of APT40 (aka "Kryptonite Panda"), a state-sponsored Chinese cyber-espionage actor. [...] https://www.bleepingcomputer.com/news/security/chinese-apt40-hackers-hijack-soho-routers-to-launch-attacks/ Posted from: this blog via Microsoft Power Automate .

Hackers leak 39,000 print-at-home Ticketmaster tickets for 154 events

In an ongoing extortion campaign against Ticketmaster, threat actors have leaked almost 39,000 print-at-home tickets for 150 upcoming concerts and events, including Pearl Jam, Phish, Tate McCrae, and Foo Fighters. [...] https://www.bleepingcomputer.com/news/security/hackers-leak-39-000-print-at-home-ticketmaster-tickets-for-154-events/ Posted from: this blog via Microsoft Power Automate .

Computer maker Zotac exposed customers' RMA info on Google Search

Computer hardware maker Zotac has exposed return merchandise authorization (RMA) requests and related documents online for an unknown period, exposing sensitive customer information. [...] https://www.bleepingcomputer.com/news/security/computer-maker-zotac-exposed-customers-rma-info-on-google-search/ Posted from: this blog via Microsoft Power Automate .

Neiman Marcus data breach: 31 million email addresses found exposed

A May 2024 data breach disclosed by American luxury retailer and department store chain Neiman Marcus last month has exposed more than 31 million customer email addresses, according to Have I Been Pwned founder Troy Hunt, who analyzed the stolen data. [...] https://www.bleepingcomputer.com/news/security/neiman-marcus-data-breach-31-million-email-addresses-found-exposed/ Posted from: this blog via Microsoft Power Automate .

Avast releases free decryptor for DoNex ransomware and past variants

Antivirus company Avast have discovered a weakness in the cryptographic scheme of the DoNex ransomware family and released a decryptor so victims can recover their files for free. [...] https://www.bleepingcomputer.com/news/security/avast-releases-free-decryptor-for-donex-ransomware-and-past-variants/ Posted from: this blog via Microsoft Power Automate .

Russia forces Apple to remove dozens of VPN apps from App Store

Apple has removed 25 virtual private network (VPN) apps from the Russian App Store at the request of Roskomnadzor, Russia's telecommunications watchdog. [...] https://www.bleepingcomputer.com/news/technology/russia-forces-apple-to-remove-dozens-of-vpn-apps-from-app-store/ Posted from: this blog via Microsoft Power Automate .

Notepad finally gets spellcheck, autocorrect for all Windows 11 users

Microsoft has finally released a spell check and autocorrect feature in Notepad for all Windows 11 users, forty-one years after the program was introduced in 1983. [...] https://www.bleepingcomputer.com/news/microsoft/notepad-finally-gets-spellcheck-autocorrect-for-all-windows-11-users/ Posted from: this blog via Microsoft Power Automate .

RCE bug in widely used Ghostscript library now exploited in attacks

A remote code execution vulnerability in the Ghostscript document conversion toolkit, widely used on Linux systems, is currently being exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/rce-bug-in-widely-used-ghostscript-library-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

CloudSorcerer hackers abuse cloud services to steal Russian govt data

A new advanced persistent threat (APT) group named CloudSorcerer abuses public cloud services to steal data from Russian government organizations in cyberespionage attacks. [...] https://www.bleepingcomputer.com/news/security/cloudsorcerer-hackers-abuse-cloud-services-to-steal-russian-govt-data/ Posted from: this blog via Microsoft Power Automate .

Roblox vendor data breach exposes dev conference attendee info

Roblox announced late last week that it suffered a data breach impacting attendees of the 2022, 2023, and 2024 Roblox Developer Conference attendees. [...] https://www.bleepingcomputer.com/news/security/roblox-vendor-data-breach-exposes-dev-conference-attendee-info/ Posted from: this blog via Microsoft Power Automate .

Shopify denies it was hacked, links stolen data to third-party app

E-commerce platform Shopify denies it suffered a data breach after a threat actor began selling customer data they claim was stolen from the company's network. [...] https://www.bleepingcomputer.com/news/security/shopify-denies-it-was-hacked-links-stolen-data-to-third-party-app/ Posted from: this blog via Microsoft Power Automate .

Cloudflare blames recent outage on BGP hijacking incident

Internet giant Cloudflare reports that its DNS resolver service, 1.1.1.1, was recently unreachable or degraded for some of its customers because of a combination of Border Gateway Protocol (BGP) hijacking and a route leak. [...] https://www.bleepingcomputer.com/news/security/cloudflare-blames-recent-outage-on-bgp-hijacking-incident/ Posted from: this blog via Microsoft Power Automate .

Hackers leak alleged Taylor Swift tickets, amp up Ticketmaster extortion

Hackers have leaked what they claim is Ticketmaster barcode data for 166,000 Taylor Swift Eras Tour tickets, warning that more events would be leaked if a $2 million extortion demand is not paid. [...] https://www.bleepingcomputer.com/news/security/hackers-leak-alleged-taylor-swift-tickets-amp-up-ticketmaster-extortion/ Posted from: this blog via Microsoft Power Automate .

New Eldorado ransomware targets Windows, VMware ESXi VMs

A new ransomware-as-a-service (RaaS) called Eldorado emerged in March and comes with locker variants for VMware ESXi and Windows. [...] https://www.bleepingcomputer.com/news/security/new-eldorado-ransomware-targets-windows-vmware-esxi-vms/ Posted from: this blog via Microsoft Power Automate .

Ethereum mailing list breach exposes 35,000 to crypto draining attack

A threat actor compromised Ethereum's mailing list provider and sent to over 35,000 addresses a phishing email with a link to a malicious site running a crypto drainer. [...] https://www.bleepingcomputer.com/news/security/ethereum-mailing-list-breach-exposes-35-000-to-crypto-draining-attack/ Posted from: this blog via Microsoft Power Automate .

Hackers attack HFS servers to drop malware and Monero miners

Hackers are targeting older versions of the HTTP File Server (HFS) from Rejetto to drop malware and cryptocurrency mining software. [...] https://www.bleepingcomputer.com/news/security/hackers-attack-hfs-servers-to-drop-malware-and-monero-miners/ Posted from: this blog via Microsoft Power Automate .

HealthEquity data breach exposes protected health information

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. [...] https://www.bleepingcomputer.com/news/security/healthequity-data-breach-exposes-protected-health-information/ Posted from: this blog via Microsoft Power Automate .

HealthEquity data breach exposes protected health information

Healthcare fintech firm HealthEquity is warning that it suffered a data breach after a partner's account was compromised and used to access the Company's systems to steal protected health information. [...] https://www.bleepingcomputer.com/news/security/healthequity-data-breach-exposes-protected-health-information/ Posted from: this blog via Microsoft Power Automate .

OVHcloud blames record-breaking DDoS attack on MikroTik botnet

OVHcloud, a global cloud services provider and one of the largest of its kind in Europe, says it mitigated a record-breaking distributed denial of service (DDoS) attack earlier this year that reached an unprecedented packet rate of 840 million packets per second (Mpps). [...] https://www.bleepingcomputer.com/news/security/ovhcloud-blames-record-breaking-ddos-attack-on-mikrotik-botnet/ Posted from: this blog via Microsoft Power Automate .

Hackers abused API to verify millions of Authy MFA phone numbers

Twilio has confirmed that an unsecured API endpoint allowed threat actors to verify the phone numbers of millions of Authy multi-factor authentication users, potentially making them vulnerable to SMS phishing and SIM swapping attacks. [...] https://www.bleepingcomputer.com/news/security/hackers-abused-api-to-verify-millions-of-authy-mfa-phone-numbers/ Posted from: this blog via Microsoft Power Automate .

Formula 1 governing body discloses data breach after email hacks

FIA (Fédération Internationale de l'Automobile), the auto racing governing body since the 1950s, says attackers gained access to personal data after compromising several FIA email accounts in a phishing attack. [...] https://www.bleepingcomputer.com/news/security/formula-1-governing-body-discloses-data-breach-after-email-hacks/ Posted from: this blog via Microsoft Power Automate .

Europol takes down 593 Cobalt Strike servers used by cybercriminals

Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used by cybercriminals to infiltrate victims' networks. [...] https://www.bleepingcomputer.com/news/security/europol-takes-down-593-cobalt-strike-servers-used-by-cybercriminals/ Posted from: this blog via Microsoft Power Automate .

Proton launches free, privacy-focused Google Docs alternative

Proton has launched 'Docs in Proton Drive,' a free and open-source end-to-end encrypted web-based document editing and collaboration tool. [...] https://www.bleepingcomputer.com/news/software/proton-launches-free-privacy-focused-google-docs-alternative/ Posted from: this blog via Microsoft Power Automate .

Xbox is down worldwide with users unable to login, play games

The Xbox gaming service is currently down due to a major outage, impacting customers worldwide and preventing them from signing into their accounts and playing games. [...] https://www.bleepingcomputer.com/news/technology/xbox-is-down-worldwide-with-users-unable-to-login-play-games/ Posted from: this blog via Microsoft Power Automate .

Google now pays $250,000 for KVM zero-day vulnerabilities

Google has launched kvmCTF, a new vulnerability reward program (VRP) first announced in October 2023 to improve the security of the Kernel-based Virtual Machine (KVM) hypervisor that comes with $250,000 bounties for full VM escape exploits. [...] https://www.bleepingcomputer.com/news/security/google-now-pays-250-000-for-kvm-zero-day-vulnerabilities/ Posted from: this blog via Microsoft Power Automate .

Patelco shuts down banking systems following ransomware attack

Patelco Credit Union has disclosed it experienced a ransomware attack that led to the proactive shutdown of several of its customer-facing banking systems to contain the incident's impact. [...] https://www.bleepingcomputer.com/news/security/patelco-shuts-down-banking-systems-following-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Affirm says cardholders impacted by Evolve Bank data breach

Buy now, pay later loan company Affirm is warning that holders of its payment cards had their personal information exposed due to a data breach at its third-party issuer, Evolve Bank & Trust (Evolve). [...] https://www.bleepingcomputer.com/news/security/affirm-says-cardholders-impacted-by-evolve-bank-data-breach/ Posted from: this blog via Microsoft Power Automate .

Google Pixel 6 series phones bricked after factory reset

Multiple owners of Google Pixel 6 series phones (6, 6a, 6 Pro) have been reporting in the past week that their devices were "bricked" after they performed a factory reset. [...] https://www.bleepingcomputer.com/news/google/google-pixel-6-series-phones-bricked-after-factory-reset/ Posted from: this blog via Microsoft Power Automate .

Prudential Financial now says 2.5 million impacted by data breach

Prudential Financial, a global financial services company, has revealed that over 2.5 million people had their personal information compromised in a February data breach. [...] https://www.bleepingcomputer.com/news/security/prudential-financial-now-says-25-million-impacted-by-data-breach/ Posted from: this blog via Microsoft Power Automate .

CDK Global says all dealers will be back online by Thursday

CDK Global says that its dealer management system (DMS), impacted by a massive IT outage following a June 18th ransomware attack, will be back online by Thursday for all car dealerships. [...] https://www.bleepingcomputer.com/news/security/cdk-global-says-all-dealers-will-be-back-online-by-thursday/ Posted from: this blog via Microsoft Power Automate .

Australian charged for ‘Evil Twin’ WiFi attack on plane

An Australian man was charged by Australia's Federal Police (AFP) for allegedly conducting an 'evil twin' WiFi attack on various domestic flights and airports in Perth, Melbourne, and Adelaide to steal other people's email or social media credentials. [...] https://www.bleepingcomputer.com/news/security/australian-charged-for-evil-twin-wifi-attack-on-plane/ Posted from: this blog via Microsoft Power Automate .

Latest Intel CPUs impacted by new Indirector side-channel attack

Modern Intel processors, including chips from the Raptor Lake and the Alder Lake generations are susceptible to a new type of a high-precision Branch Target Injection (BTI) attack dubbed 'Indirector,' which could be used to steal sensitive information from the CPU. [...] https://www.bleepingcomputer.com/news/security/latest-intel-cpus-impacted-by-new-indirector-side-channel-attack/ Posted from: this blog via Microsoft Power Automate .

New regreSSHion OpenSSH RCE bug gives root on Linux servers

A new OpenSSH unauthenticated remote code execution (RCE) vulnerability dubbed "regreSSHion" gives root privileges on glibc-based Linux systems. [...] https://www.bleepingcomputer.com/news/security/new-regresshion-openssh-rce-bug-gives-root-on-linux-servers/ Posted from: this blog via Microsoft Power Automate .

Router maker's support portal responds with MetaMask phishing

BleepingComputer has verified that the helpdesk portal of a router manufacturer is currently sending MetaMask phishing emails in response to newly filed support tickets, in what appears to be a compromise. [...] https://www.bleepingcomputer.com/news/security/router-makers-support-portal-responds-with-metamask-phishing/ Posted from: this blog via Microsoft Power Automate .