Posts

Showing posts from August, 2024

Microsoft is trying to reduce Windows 11's desktop spotlight clutter

Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-is-trying-to-reduce-windows-11s-desktop-spotlight-clutter/ Posted from: this blog via Microsoft Power Automate .

Microsoft is trying to reduce Windows 11's desktop spotlight clutter

Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-is-trying-to-reduce-windows-11s-desktop-spotlight-clutter/ Posted from: this blog via Microsoft Power Automate .

Researchers find SQL injection to bypass airport TSA security checks

Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. [...] https://www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/ Posted from: this blog via Microsoft Power Automate .

New Voldemort malware abuses Google Sheets to store stolen data

A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. [...] https://www.bleepingcomputer.com/news/security/new-voldemort-malware-abuses-google-sheets-to-store-stolen-data/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers exploit Chrome zero-day to deploy rootkit

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-chrome-zero-day-to-deploy-rootkit/ Posted from: this blog via Microsoft Power Automate .

Researcher sued for sharing data stolen by ransomware with media

The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the City's IT network and leaked by the Rhysida ransomware gang. [...] https://www.bleepingcomputer.com/news/security/researcher-sued-for-sharing-data-stolen-by-ransomware-with-media/ Posted from: this blog via Microsoft Power Automate .

Halliburton cyberattack linked to RansomHub ransomware gang

The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. [...] https://www.bleepingcomputer.com/news/security/halliburton-cyberattack-linked-to-ransomhub-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

FBI: RansomHub ransomware breached 210 victims since February

​Since surfacing in February 2024, RansomHub ransomware affiliates have breached over 200 victims from a wide range of critical U.S. infrastructure sectors. [...] https://www.bleepingcomputer.com/news/security/fbi-ransomhub-ransomware-breached-210-victims-since-february/ Posted from: this blog via Microsoft Power Automate .

Fake Palo Alto GlobalProtect used as lure to backdoor enterprises

Threat actors target Middle Eastern organizations with malware disguised as the legitimate Palo Alto GlobalProtect Tool that can steal data and execute remote PowerShell commands to infiltrate internal networks further. [...] https://www.bleepingcomputer.com/news/security/fake-palo-alto-globalprotect-used-as-lure-to-backdoor-enterprises/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5041582 update released with 5 changes and fixes

​Microsoft has released the August 2024 preview update for Windows 10, version 22H2, with fixes for issues causing system freezes and memory leaks. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5041582-update-released-with-5-changes-and-fixes/ Posted from: this blog via Microsoft Power Automate .

Russian APT29 hackers use iOS, Chrome exploits created by spyware vendors

The Russian state-sponsored APT29 hacking group has been observed using the same iOS and Android exploits created by commercial spyware vendors in a series of cyberattacks between November 2023 and July 2024. [...] https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-use-ios-chrome-exploits-created-by-spyware-vendors/ Posted from: this blog via Microsoft Power Automate .

South Korean hackers exploited WPS Office zero-day to deploy malware

The South Korea-aligned cyberespionage group APT-C-60 has been leveraging a zero-day code execution vulnerability in the Windows version of WPS Office to install the SpyGlace backdoor on East Asian targets. [...] https://www.bleepingcomputer.com/news/security/apt-c-60-hackers-exploited-wps-office-zero-day-to-deploy-spyglace-malware/ Posted from: this blog via Microsoft Power Automate .

US offers $2.5 million reward for hacker linked to Angler Exploit Kit

The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. [...] https://www.bleepingcomputer.com/news/legal/us-offers-25-million-reward-for-hacker-linked-to-angler-exploit-kit/ Posted from: this blog via Microsoft Power Automate .

US offers $2.5 million reward for hacker linked to Angler Exploit Kit

The U.S. Department of State and the Secret Service have announced a reward of $2,500,000 for information leading to Belarusian national Volodymyr Kadariya (Владимир Кадария) for cybercrime activities. [...] https://www.bleepingcomputer.com/news/legal/us-offers-25-million-reward-for-hacker-linked-to-angler-exploit-kit/ Posted from: this blog via Microsoft Power Automate .

Employee arrested for locking Windows admins out of 254 servers in extortion plot

A former core infrastructure engineer at an industrial company headquartered in Somerset County, New Jersey, was arrested after locking Windows admins out of 254 servers in a failed extortion plot targeting his employer. [...] https://www.bleepingcomputer.com/news/security/employee-arrested-for-locking-windows-admins-out-of-254-servers-in-extortion-plot/ Posted from: this blog via Microsoft Power Automate .

PoorTry Windows driver evolves into a full-featured EDR wiper

The malicious PoorTry kernel-mode Windows driver used by multiple ransomware gangs to turn off Endpoint Detection and Response (EDR) solutions has evolved into an EDR wiper, deleting files crucial for the operation of security solutions and making restoration harder. [...] https://www.bleepingcomputer.com/news/security/poortry-windows-driver-evolves-into-a-full-featured-edr-wiper/ Posted from: this blog via Microsoft Power Automate .

Iranian hackers work with ransomware gangs to extort breached orgs

An Iran-based hacking group known as Pioneer Kitten is breaching defense, education, finance, and healthcare organizations across the United States and working with affiliates of several ransomware operations to extort the victims. [...] https://www.bleepingcomputer.com/news/security/iranian-hackers-work-with-ransomware-gangs-to-extort-breached-orgs/ Posted from: this blog via Microsoft Power Automate .

Fortra fixes critical FileCatalyst Workflow hardcoded password issue

Fortra is warning of a critical hardcoded password flaw in FileCatalyst Workflow that could allow attackers unauthorized access to an internal database to steal data and gain administrator privileges. [...] https://www.bleepingcomputer.com/news/security/fortra-fixes-critical-filecatalyst-workflow-hardcoded-password-issue/ Posted from: this blog via Microsoft Power Automate .

DICK’s Sporting Goods says confidential data exposed in cyberattack

DICK'S Sporting Goods, the largest chain of sporting goods retail stores in the United States, disclosed that sensitive information was exposed in a cyberattack detected last Wednesday. [...] https://www.bleepingcomputer.com/news/security/dicks-sporting-goods-says-confidential-data-exposed-in-cyberattack/ Posted from: this blog via Microsoft Power Automate .

BlackSuit ransomware stole data of 950,000 from software vendor

Young Consulting is sending data breach notifications to 954,177 people who had their information exposed in a BlackSuit ransomware attack on April 10, 2024. [...] https://www.bleepingcomputer.com/news/security/blacksuit-ransomware-stole-data-of-950-000-from-software-vendor/ Posted from: this blog via Microsoft Power Automate .

US Marshals Service disputes ransomware gang's breach claims

The U.S. Marshals Service (USMS) denies its systems were breached by the Hunters International ransomware gang after being listed as a new victim on the cybercrime group's leak site on Monday. [...] https://www.bleepingcomputer.com/news/security/us-marshals-service-disputes-ransomware-gangs-breach-claims/ Posted from: this blog via Microsoft Power Automate .

Notion exits Russia and will terminate accounts in September

Notion has announced it will exit the Russian market and is terminating all workspaces and accounts identified linked to users in the country. [...] https://www.bleepingcomputer.com/news/software/notion-exits-russia-and-will-terminate-accounts-in-september/ Posted from: this blog via Microsoft Power Automate .

Windows Downdate tool lets you 'unpatch' Windows systems

SafeBreach security researcher Alon Leviev has released his Windows Downdate tool, which can be used for downgrade attacks that reintroduce old vulnerabilities in up-to-date Windows 10, Windows 11, and Windows Server systems. [...] https://www.bleepingcomputer.com/news/microsoft/windows-downdate-tool-lets-you-unpatch-windows-systems/ Posted from: this blog via Microsoft Power Automate .

How to identify unknown assets while pen testing

External Attack Surface Management (EASM) coupled with Penetration Testing as a Service (PTaaS) can help find those blind spots and hidden assets exposed on your network. Learn more from Outpost24 about how combining EASM and PTaaS can help reveal these hidden pitfalls. [...] https://www.bleepingcomputer.com/news/security/how-to-identify-unknown-assets-while-pen-testing/ Posted from: this blog via Microsoft Power Automate .

Chinese Volt Typhoon hackers exploited Versa zero-day to breach ISPs, MSPs

The Chinese state-backed hacking group Volt Typhoon is behind attacks that exploited a zero-day flaw in Versa Director to upload a custom webshell to steal credentials and breach corporate networks. [...] https://www.bleepingcomputer.com/news/security/chinese-volt-typhoon-hackers-exploited-versa-zero-day-to-breach-isps-msps/ Posted from: this blog via Microsoft Power Automate .

Google tags a tenth Chrome zero-day as exploited this year

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. [...] https://www.bleepingcomputer.com/news/security/google-tags-a-tenth-chrome-zero-day-as-exploited-this-year/ Posted from: this blog via Microsoft Power Automate .

Google tags a tenth Chrome zero-day as exploited this year

Today, Google revealed that it patched the tenth zero-day exploited in the wild in 2024 by attackers or security researchers during hacking contests. [...] https://www.bleepingcomputer.com/news/security/google-tags-a-tenth-chrome-zero-day-as-exploited-this-year/ Posted from: this blog via Microsoft Power Automate .

Patelco notifies 726,000 customers of ransomware data breach

Patelco Credit Union warns customers it suffered a data breach after personal data was stolen in a RansomHub ransomware attack earlier this year. [...] https://www.bleepingcomputer.com/news/security/patelco-notifies-726-000-customers-of-ransomware-data-breach/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Exchange Online mistakenly tags emails as malware

Microsoft is investigating an Exchange Online false positive issue causing emails containing images to be wrongly tagged as malicious and sent to quarantine. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-online-mistakenly-tags-emails-as-malware/ Posted from: this blog via Microsoft Power Automate .

Uber fined $325 million for moving driver data from Europe to US

The Dutch Data Protection Authority (Autoriteit Persoonsgegevens, AP) has imposed a fine of  €290,000,000 ($325 million) on Uber Technologies Inc. and Uber B.V. over GDPR violations. [...] https://www.bleepingcomputer.com/news/legal/uber-fined-325-million-for-moving-driver-data-from-europe-to-us/ Posted from: this blog via Microsoft Power Automate .

SonicWall warns of critical access control flaw in SonicOS

SonicWall's SonicOS is vulnerable to a critical access control flaw that could allow attackers to gain access unauthorized access to resources or cause the firewall to crash. [...] https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-access-control-flaw-in-sonicos/ Posted from: this blog via Microsoft Power Automate .

Remote Work: A Ticking Time Bomb Waiting to be Exploited

ThreatLocker has created a list of the top 15 actions to secure an organization if employing a remote or hybrid workforce. Learn more in this free e-book from ThreatLocker. [...] https://www.bleepingcomputer.com/news/security/remote-work-a-ticking-time-bomb-waiting-to-be-exploited/ Posted from: this blog via Microsoft Power Automate .

Seattle-Tacoma Airport IT systems down due to a cyberattack

The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend. [...] https://www.bleepingcomputer.com/news/security/seattle-tacoma-airport-it-systems-down-due-to-a-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Audit finds notable security gaps in FBI's storage media management

An audit from the Department of Justice's Office of the Inspector General (OIG) identified "significant weaknesses" in FBI's inventory management and disposal of electronic storage media containing sensitive and classified information. [...] https://www.bleepingcomputer.com/news/security/audit-finds-notable-security-gaps-in-fbis-storage-media-management/ Posted from: this blog via Microsoft Power Automate .

American Radio Relay League confirms $1 million ransom payment

The American Radio Relay League (ARRL) paid a $1 million ransom for a decryptor that helped restore systems encrypted in a May ransomware attack [...] https://www.bleepingcomputer.com/news/security/american-radio-relay-league-confirms-1-million-ransom-payment/ Posted from: this blog via Microsoft Power Automate .

New Windows 10 22H2 beta fixes memory leaks and crashes

Microsoft has released a new Windows 10 22H2 beta (KB5041582) with memory leak and crash fixes for Insiders in the Beta and Release Preview channels. [...] https://www.bleepingcomputer.com/news/microsoft/new-windows-10-22h2-beta-fixes-memory-leaks-and-crashes/ Posted from: this blog via Microsoft Power Automate .

Hackers now use AppDomain Injection to drop CobaltStrike beacons

A wave of attacks that started in July 2024 rely on a less common technique called AppDomain Manager Injection, which can weaponize any Microsoft .NET application on Windows. [...] https://www.bleepingcomputer.com/news/security/hackers-now-use-appdomain-injection-to-drop-cobaltstrike-beacons/ Posted from: this blog via Microsoft Power Automate .

Russian laundering millions for Lazarus hackers arrested in Argentina

The federal police in Argentina (PFA) have arrested a 29-year-old Russian national in Buenos Aires, who is facing money laundering charges related to cryptocurrency proceeds of the notorious North Korean hackers' Lazarus Group.' [...] https://www.bleepingcomputer.com/news/legal/russian-laundering-millions-for-lazarus-hackers-arrested-in-argentina/ Posted from: this blog via Microsoft Power Automate .

Hackers are exploiting critical bug in LiteSpeed Cache plugin

Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. [...] https://www.bleepingcomputer.com/news/security/hackers-are-exploiting-critical-bug-in-litespeed-cache-plugin/ Posted from: this blog via Microsoft Power Automate .

Qilin ransomware now steals credentials from Chrome browsers

The Qilin ransomware group has been using a new tactic and deploys a custom stealer to steal account credentials stored in Google Chrome browser. [...] https://www.bleepingcomputer.com/news/security/qilin-ransomware-now-steals-credentials-from-chrome-browsers/ Posted from: this blog via Microsoft Power Automate .

U.S. charges Karakurt extortion gang’s “cold case” negotiator

A member of the Russian Karakurt ransomware group has been charged in the U.S. for money laundering, wire fraud, and extortion crimes. [...] https://www.bleepingcomputer.com/news/legal/us-charges-karakurt-extortion-gangs-cold-case-negotiator/ Posted from: this blog via Microsoft Power Automate .

Man sentenced for hacking state registry to fake his own death

A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...] https://www.bleepingcomputer.com/news/legal/man-sentenced-for-hacking-state-registry-to-fake-his-own-death/ Posted from: this blog via Microsoft Power Automate .

Man sentenced for hacking state registry to fake his own death

A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...] https://www.bleepingcomputer.com/news/legal/man-sentenced-for-hacking-state-registry-to-fake-his-own-death/ Posted from: this blog via Microsoft Power Automate .

Man sentenced for hacking state registry to fake his own death

A 39-year old man from Somerset, Kentucky, was sentenced to 81 months in federal prison for identity theft and faking his own death in government registry systems. [...] https://www.bleepingcomputer.com/news/legal/man-sentenced-for-hacking-state-registry-to-fake-his-own-death/ Posted from: this blog via Microsoft Power Automate .

Google fixes ninth Chrome zero-day exploited in attacks this year

​​Today, Google released a new Chrome emergency security update to patch a zero-day vulnerability, the ninth one exploited in attacks this year. [...] https://www.bleepingcomputer.com/news/security/google-fixes-tenth-actively-exploited-chrome-zero-day-in-2024/ Posted from: this blog via Microsoft Power Automate .

Hackers steal banking creds from iOS, Android users via PWA apps

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps/ Posted from: this blog via Microsoft Power Automate .

Hackers steal banking creds from iOS, Android users via PWA apps

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps/ Posted from: this blog via Microsoft Power Automate .

Hackers steal banking creds from iOS, Android users via PWA apps

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps/ Posted from: this blog via Microsoft Power Automate .

Hackers steal banking creds from iOS, Android users via PWA apps

Threat actors started to use progressive web applications to impersonate banking apps and steal credentials from Android and iOS users. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-banking-creds-from-ios-android-users-via-pwa-apps/ Posted from: this blog via Microsoft Power Automate .

Microsoft to rollout Windows Recall to Insiders in October

Microsoft announced today that it will start rolling out its AI-powered Windows Recall feature to Insiders with Copilot+ PCs in October. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-rollout-windows-recall-to-insiders-in-october/ Posted from: this blog via Microsoft Power Automate .

QNAP adds NAS ransomware protection to latest QTS version

​Taiwanese hardware vendor QNAP has added a Security Center with ransomware protection capabilities to the latest version of its QTS operating system for network-attached storage (NAS) devices. [...] https://www.bleepingcomputer.com/news/security/qnap-adds-nas-ransomware-protection-to-latest-qts-version/ Posted from: this blog via Microsoft Power Automate .

Litespeed Cache bug exposes millions of WordPress sites to takeover attacks

A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. [...] https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-millions-of-wordpress-sites-to-takeover-attacks/ Posted from: this blog via Microsoft Power Automate .

Phrack hacker zine publishes new edition after three years

Phrack #71 has been released online and is available to read for free. This issue is the first to be released since 2021, marking a new chapter in the influential online magazine's history. [...] https://www.bleepingcomputer.com/news/security/phrack-hacker-zine-publishes-new-edition-after-three-years/ Posted from: this blog via Microsoft Power Automate .

GitHub Enterprise Server vulnerable to critical auth bypass flaw

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...] https://www.bleepingcomputer.com/news/security/github-enterprise-server-vulnerable-to-critical-auth-bypass-flaw/ Posted from: this blog via Microsoft Power Automate .

CannonDesign confirms Avos Locker ransomware data breach

The Cannon Corporation dba CannonDesign is sending notices of a data breach to more than 13,000 of its clients, informing that hackers breached and stole data from its network in an attack in early 2023. [...] https://www.bleepingcomputer.com/news/security/cannondesign-confirms-avos-locker-ransomware-data-breach/ Posted from: this blog via Microsoft Power Automate .

Microchip Technology discloses cyberattack impacting operations

American chipmaker Microchip Technology Incorporated has disclosed that a cyberattack impacted its systems over the weekend, disrupting operations across multiple manufacturing facilities. [...] https://www.bleepingcomputer.com/news/security/microchip-technology-discloses-cyberattack-impacting-operations/ Posted from: this blog via Microsoft Power Automate .

Microsoft launches unified Teams app for personal, work accounts

Microsoft has launched a new unified Teams application that allows Windows and Mac users to switch between personal, work, and education accounts without installing multiple apps. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-launches-unified-teams-app-for-personal-work-accounts/ Posted from: this blog via Microsoft Power Automate .

Hacker locks Unicoin staff out of Google accounts for 4 days

A hacker compromised Unicoin's Google Workspace (formerly G-Suite) account and changed the passwords for all company employees, locking them out of their corporate accounts for days. [...] https://www.bleepingcomputer.com/news/security/hacker-locks-unicoin-staff-out-of-google-accounts-for-4-days/ Posted from: this blog via Microsoft Power Automate .

US warns of Iranian hackers escalating influence operations

The U.S. government is warning of increased effort from Iran to influence upcoming elections through cyber operations targeting Presidential campaigns and the American public. [...] https://www.bleepingcomputer.com/news/security/us-warns-of-iranian-hackers-escalating-influence-operations/ Posted from: this blog via Microsoft Power Automate .

Windows driver zero-day exploited by Lazarus hackers to install rootkit

The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. [...] https://www.bleepingcomputer.com/news/microsoft/windows-driver-zero-day-exploited-by-lazarus-hackers-to-install-rootkit/ Posted from: this blog via Microsoft Power Automate .

Toyota confirms breach after stolen data leaks on hacking forum

Toyota confirmed that its network was breached after a threat actor leaked an archive of 240GB of data stolen from the company's systems on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/toyota-confirms-breach-after-stolen-data-leaks-on-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

Ransomware rakes in record-breaking $450 million in first half of 2024

Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. [...] https://www.bleepingcomputer.com/news/security/ransomware-rakes-in-record-breaking-450-million-in-first-half-of-2024/ Posted from: this blog via Microsoft Power Automate .

Ransomware rakes in record-breaking $450 million in first half of 2024

Ransomware victims have paid $459,800,000 to cybercriminals in the first half of 2024, setting the stage for a new record this year if ransom payments continue at this level. [...] https://www.bleepingcomputer.com/news/security/ransomware-rakes-in-record-breaking-450-million-in-first-half-of-2024/ Posted from: this blog via Microsoft Power Automate .

CISA warns of Jenkins RCE bug exploited in ransomware attacks

​CISA has added a critical Jenkins vulnerability that can be exploited to gain remote code execution to its catalog of security bugs, warning that it's actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-jenkins-rce-bug-exploited-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Hackers linked to $14M Holograph crypto heist arrested in Italy

Suspected hackers behind the heist of $14,000,000 worth of cryptocurrency from blockchain tech firm Holograph was arrested in Italy after living a lavish lifestyle for weeks in the country. [...] https://www.bleepingcomputer.com/news/legal/hackers-linked-to-14m-holograph-crypto-heist-arrested-in-italy/ Posted from: this blog via Microsoft Power Automate .

FlightAware configuration error leaked user data for years

Flight tracking platform FlightAware is asking some users to reset their account login passwords due to a data security incident that may have exposed personal information. [...] https://www.bleepingcomputer.com/news/security/flightaware-configuration-error-leaked-user-data-for-years/ Posted from: this blog via Microsoft Power Automate .

Windows 11 preview update adds new Power mode options

Windows 11 Build 27686 has a few noteworthy improvements, such as 2TB support for FAT32 storage. It also improves Windows Sandbox and offers greater control over HDR settings, but there's an undocumented change - the ability to set power mode for two power states. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-preview-update-adds-new-power-mode-options/ Posted from: this blog via Microsoft Power Automate .

Chrome will redact credit cards, passwords when you share Android screen

Google will redact your credit card details, passwords and other sensitive information in Chrome when you're sharing or recording your screen on Android. [...] https://www.bleepingcomputer.com/news/google/chrome-will-redact-credit-cards-passwords-when-you-share-android-screen/ Posted from: this blog via Microsoft Power Automate .

Azure domains and Google abused to spread disinformation and malware

A clever disinformation campaign engages several Microsoft Azure and OVH cloud subdomains as well as Google search to promote malware and spam sites. [...] https://www.bleepingcomputer.com/news/security/azure-domains-and-google-abused-to-spread-disinformation-and-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares workaround for Outlook crashing after opening

​​​​Microsoft has shared a workaround for a known issue affecting Microsoft 365 customers and causing classic Outlook to crash after opening or when starting up in Safe mode. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-outlook-crashing-after-opening/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Enable MFA or lose access to admin portals in October

Microsoft warned Entra global admins on Thursday to enable multi-factor authentication (MFA) for their tenants until October 15 to ensure users don't lose access to admin portals. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-enable-mfa-or-lose-access-to-admin-portals-in-october/ Posted from: this blog via Microsoft Power Automate .

National Public Data confirms breach exposing Social Security numbers

Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database with millions of social security numbers and other sensitive personal information. [...] https://www.bleepingcomputer.com/news/security/national-public-data-confirms-breach-exposing-social-security-numbers/ Posted from: this blog via Microsoft Power Automate .

CISA warns critical SolarWinds RCE bug is exploited in attacks

CISA warned on Thursday that attackers are exploiting a recently patched critical vulnerability in SolarWinds' Web Help Desk solution for customer support. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-critical-solarwinds-rce-bug-is-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft Edge PDF reader is getting more Copilot AI features

Microsoft is improving Copilot integration in the Edge browser with AI-powered smart keywords. This will allow the AI to generate important keywords from the PDF and then help you analyze each topic.  [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-pdf-reader-is-getting-more-copilot-ai-features/ Posted from: this blog via Microsoft Power Automate .

Windows 11 will finally give you greater control over HDR features

Microsoft has released Windows 11 Build 27686 with some hidden HDR-related changes. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-will-finally-give-you-greater-control-over-hdr-features/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes FAT32 partition size limit in Windows 11

Microsoft removed today an arbitrary 32GB size limit for FAT32 partitions in the latest Windows 11 Canary build, now allowing for a maximum size of 2TB. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-fat32-partition-size-limit-in-windows-11/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang deploys new malware to kill security software

RansomHub ransomware operators have been spotted deploying new malware to disable Endpoint Detection and Response (EDR) security software in Bring Your Own Vulnerable Driver (BYOVD) attacks [...] https://www.bleepingcomputer.com/news/security/ransomware-gang-deploys-new-malware-to-kill-security-software/ Posted from: this blog via Microsoft Power Automate .

Microsoft disables BitLocker security fix, advises manual mitigation

Microsoft has disabled a fix for a BitLocker security feature bypass vulnerability due to firmware incompatibility issues that were causing patched Windows devices to go into BitLocker recovery mode. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-disables-bitlocker-security-fix-advises-manual-mitigation/ Posted from: this blog via Microsoft Power Automate .

Russian who sold 300,000 stolen credentials gets 40 months in prison

​Georgy Kavzharadze, a 27-year-old Russian national, has been sentenced to 40 months in prison for selling login credentials for over 300,000 accounts on Slilpp, the largest online marketplace of stolen logins, until its seizure in June 2021. [...] https://www.bleepingcomputer.com/news/security/russian-who-sold-300-000-stolen-credentials-gets-40-months-in-prison/ Posted from: this blog via Microsoft Power Automate .

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...] https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled/ Posted from: this blog via Microsoft Power Automate .

Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled

Microsoft warned customers this Tuesday to patch a critical TCP/IP remote code execution (RCE) vulnerability with an increased likelihood of exploitation that impacts all Windows systems with IPv6 enabled. [...] https://www.bleepingcomputer.com/news/microsoft/zero-click-windows-tcp-ip-rce-impacts-all-systems-with-ipv6-enabled/ Posted from: this blog via Microsoft Power Automate .

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. [...] https://www.bleepingcomputer.com/news/security/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/ Posted from: this blog via Microsoft Power Automate .

NIST releases first encryption tools to resist quantum computing

The U.S. National Institute of Standards and Technology (NIST) has released the first three encryption standards designed to resist future cyberattacks based on quantum computing technology. [...] https://www.bleepingcomputer.com/news/security/nist-releases-first-encryption-tools-to-resist-quantum-computing/ Posted from: this blog via Microsoft Power Automate .

Microsoft retires Windows updates causing 0x80070643 errors

Microsoft has retired several Windows security updates released during the January 2024 Patch Tuesday that have been causing 0x80070643 errors when installing Windows Recovery Environment (WinRE) updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-retires-windows-updates-causing-0x80070643-errors/ Posted from: this blog via Microsoft Power Automate .

AutoCanada discloses cyberattack impacting internal IT systems

Hackers targeted AutoCanada in a cyberattack last Sunday that impacted the automobile dealership group's internal IT systems, which may lead to disruptions. [...] https://www.bleepingcomputer.com/news/security/autocanada-discloses-cyberattack-impacting-internal-it-systems/ Posted from: this blog via Microsoft Power Automate .

SolarWinds fixes critical RCE bug affecting all Web Help Desk versions

A critical vulnerability in SolarWinds' Web Help Desk solution for customer support could be exploited to achieve remote code execution, the American business software developer warns in a security advisory today. [...] https://www.bleepingcomputer.com/news/security/solarwinds-fixes-critical-rce-bug-affecting-all-web-help-desk-versions/ Posted from: this blog via Microsoft Power Automate .

Critical SAP flaw allows remote attackers to bypass authentication

SAP has released its security patch package for August 2024, addressing 17 vulnerabilities, including a critical authentication bypass that could allow remote attackers to fully compromise the system. [...] https://www.bleepingcomputer.com/news/security/critical-sap-flaw-allows-remote-attackers-to-bypass-authentication/ Posted from: this blog via Microsoft Power Automate .

Windows Server August updates fix Microsoft 365 Defender issue

The August 2024 Windows Server updates fix a known issue that breaks multiple Microsoft 365 Defender features after installing last month's security updates. [...] https://www.bleepingcomputer.com/news/microsoft/windows-server-august-updates-fix-microsoft-365-defender-issue/ Posted from: this blog via Microsoft Power Automate .

Google: Gemini AI for Android processes sensitive data locally

Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit while keeping the most sensitive data locally on the device. [...] https://www.bleepingcomputer.com/news/google/google-gemini-ai-for-android-processes-sensitive-data-locally/ Posted from: this blog via Microsoft Power Automate .

Google: Gemini AI for Android processes sensitive data locally

Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit while keeping the most sensitive data locally on the device. [...] https://www.bleepingcomputer.com/news/google/google-gemini-ai-for-android-processes-sensitive-data-locally/ Posted from: this blog via Microsoft Power Automate .

Google: Gemini AI for Android processes sensitive data locally

Google says it is taking a privacy-minded approach to the integration of AI features like the Gemini assistant on Android devices, implementing end-to-end protection to secure data in transit while keeping the most sensitive data locally on the device. [...] https://www.bleepingcomputer.com/news/google/google-gemini-ai-for-android-processes-sensitive-data-locally/ Posted from: this blog via Microsoft Power Automate .

Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited

Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-august-2024-patch-tuesday-fixes-9-zero-days-6-exploited/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes issue that sent PCs into BitLocker recovery

Microsoft has fixed a known issue causing some Windows devices to boot into BitLocker recovery after installing last month's Windows security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-issue-that-sent-pcs-into-bitlocker-recovery/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5041580 update released with 14 fixes, security updates

Microsoft has released the KB5041580 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes 14 changes and fixes, including BitLocker fixes and important security updates. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5041580-update-released-with-14-fixes-security-updates/ Posted from: this blog via Microsoft Power Automate .

Nigerian who hacked Texas retirement fund gets 12 years in prison

42-year-old Nigerian national Bamidele Omotosho has been sentenced to 12 years and seven months in prison for his role in a series of cyber scams that resulted in millions of dollars in losses for U.S. citizens. [...] https://www.bleepingcomputer.com/news/security/nigerian-who-hacked-texas-retirement-fund-gets-12-years-in-prison/ Posted from: this blog via Microsoft Power Automate .

3AM ransomware stole data of 464,000 Kootenai Health patients

Kootenai Health has disclosed a data breach impacting over 464,000 patients after their personal information was stolen and leaked by the 3AM ransomware operation. [...] https://www.bleepingcomputer.com/news/security/3am-ransomware-stole-data-of-464-000-kootenai-health-patients/ Posted from: this blog via Microsoft Power Automate .

X faces GDPR complaints for unauthorized use of data for AI training

European privacy advocate NOYB (None of Your Business) has filed nine GDPR complaints about X using the personal data from over 60 million users in Europe to train "Grok," the social media company's large language model. [...] https://www.bleepingcomputer.com/news/artificial-intelligence/x-faces-gdpr-complaints-for-unauthorized-use-of-data-for-ai-training/ Posted from: this blog via Microsoft Power Automate .

FBI disrupts the Dispossessor ransomware operation, seizes servers

The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation. [...] https://www.bleepingcomputer.com/news/security/fbi-disrupts-the-dispossessor-ransomware-operation-seizes-servers/ Posted from: this blog via Microsoft Power Automate .

South Korea says DPRK hackers stole spy plane technical data

South Korea's ruling party, People Power Party (PPP), has issued an announcement stating that North Korean hackers have stolen crucial information about K2 tanks, the country's main battle tank, as well as its "Baekdu" and "Geumgang" spy planes. [...] https://www.bleepingcomputer.com/news/security/south-korea-says-dprk-hackers-stole-spy-plane-technical-data/ Posted from: this blog via Microsoft Power Automate .

Microsoft is killing the Windows Paint 3D app after 8 years

Microsoft announced that the Paint 3D graphics app will be discontinued later this year and removed from the Microsoft Store in November. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-is-killing-the-windows-paint-3d-app-after-8-years/ Posted from: this blog via Microsoft Power Automate .

Hackers posing as Ukraine’s Security Service infect 100 govt PCs

Attackers impersonating the Security Service of Ukraine (SSU) have used malicious spam emails to target and compromise systems belonging to the country's government agencies. [...] https://www.bleepingcomputer.com/news/security/hackers-posing-as-ukraines-security-service-infect-100-govt-pcs/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares Outlook workaround for Gmail sign-in issues

​​Microsoft has shared a temporary fix for a known issue preventing Microsoft 365 customers from signing in or adding Gmail accounts using classic Outlook. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-outlook-workaround-for-gmail-sign-in-issues/ Posted from: this blog via Microsoft Power Automate .

Google deactivates Russian AdSense accounts, sends final payments

Google is notifying Russian YouTubers, bloggers, and publishers that their Adsense accounts are being deactivated and can no longer be used for advertising. [...] https://www.bleepingcomputer.com/news/google/google-deactivates-russian-adsense-accounts-sends-final-payments/ Posted from: this blog via Microsoft Power Automate .

Criminal IP and Maltego Join Forces for Enhanced Cyber Threat Search

AI SPERA announced today that its IP address intelligence engine, Criminal IP, can now be integrated with Maltego's unified user interface and is available on the Maltego's marketplace, [...] https://www.bleepingcomputer.com/news/security/criminal-ip-and-maltego-join-forces-for-enhanced-cyber-threat-search/ Posted from: this blog via Microsoft Power Automate .

Fake X content warnings on Ukraine war, earthquakes used as clickbait

X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. [...] https://www.bleepingcomputer.com/news/security/fake-x-content-warnings-on-ukraine-war-earthquakes-used-as-clickbait/ Posted from: this blog via Microsoft Power Automate .

WWH-Club credit card market admins arrested after cash spending spree

U.S. law enforcement has arrested two suspected admins of the WWH-Club stolen credit card marketplace after they went on a cash spending spree in Florida. [...] https://www.bleepingcomputer.com/news/legal/wwh-club-credit-card-market-admins-arrested-after-cash-spending-spree/ Posted from: this blog via Microsoft Power Automate .

Russia blocks Signal for 'violating' anti-terrorism laws

Russia's telecommunications watchdog Roskomnadzor has restricted access to the Signal encrypted messaging service for what it describes as violations of Russian anti-terrorism and anti-extremism legislation. [...] https://www.bleepingcomputer.com/news/security/russia-blocks-signal-for-violating-anti-terrorism-laws/ Posted from: this blog via Microsoft Power Automate .

CSC ServiceWorks discloses data breach after 2023 cyberattack

​CSC ServiceWorks, a leading provider of commercial laundry services, has disclosed a data breach after the personal information of an undisclosed number of individuals was exposed in a 2023 cyberattack. [...] https://www.bleepingcomputer.com/news/security/csc-serviceworks-discloses-data-breach-after-2023-cyberattack/ Posted from: this blog via Microsoft Power Automate .

New AMD SinkClose flaw helps install nearly undetectable malware

AMD is warning about a high-severity CPU vulnerability named SinkClose that impacts multiple generations of its EPYC, Ryzen, and Threadripper processors. The vulnerability allows attackers with Kernel-level (Ring 0) privileges to gain Ring -2 privileges and install malware that becomes nearly undetectable. [...] https://www.bleepingcomputer.com/news/security/new-amd-sinkclose-flaw-helps-install-nearly-undetectable-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft discloses Office zero-day, still working on a patch

​Microsoft has disclosed a high-severity zero-day vulnerability affecting Office 2016 and later, which is still waiting for a patch. [...] https://www.bleepingcomputer.com/news/security/microsoft-discloses-office-zero-day-still-working-on-a-patch/ Posted from: this blog via Microsoft Power Automate .

Malware force-installs Chrome extensions on 300,000 browsers, patches DLLs

An ongoing and widespread malware campaign force-installed malicious Google Chrome and Microsoft Edge browser extensions in over 300,000 browsers, modifying the browser's executables to hijack homepages and steal browsing history. [...] https://www.bleepingcomputer.com/news/security/malware-force-installs-chrome-extensions-on-300-000-browsers-patches-dlls/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of critical RCE zero-days in end of life IP phones

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of critical RCE zero-days in end of life IP phones

Cisco is warning of multiple critical remote code execution zero-days in the web-based management interface of the end-of-life Small Business SPA 300 and SPA 500 series IP phones. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-critical-rce-zero-days-in-end-of-life-ip-phones/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Exchange 2016 reaches extended end of support in October

​Microsoft reminded today that Exchange 2016 will reach the end of extended support next year on October 14 and shared guidance for admins who need to decommission outdated servers. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-reaches-extended-end-of-support-in-october/ Posted from: this blog via Microsoft Power Automate .

CISA warns about actively exploited Apache OFBiz RCE flaw

The U.S. Cybersecurity & Infrastructure Security Agency is warning of two vulnerabilities exploited in attacks, including a path traversal impacting Apache OFBiz. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-about-actively-exploited-apache-ofbiz-rce-flaw/ Posted from: this blog via Microsoft Power Automate .

Exploit released for Cisco SSM bug allowing admin password changes

Cisco warns that exploit code is now available for a maximum severity vulnerability that lets attackers change any user password on unpatched Cisco Smart Software Manager On-Prem (Cisco SSM On-Prem) license servers. [...] https://www.bleepingcomputer.com/news/security/exploit-released-for-cisco-ssm-bug-allowing-admin-password-changes/ Posted from: this blog via Microsoft Power Automate .

CISA warns of hackers abusing Cisco Smart Install feature

CISA recommends disabling the legacy Cisco Smart Install feature after seeing it abused by threat actors in recent attacks to steal sensitive data, such as system configuration files. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-hackers-abusing-cisco-smart-install-feature/ Posted from: this blog via Microsoft Power Automate .

18-year-old security flaw in Firefox and Chrome exploited in attacks

A vulnerability disclosed 18 years ago, dubbed "0.0.0.0 Day", allows malicious websites to bypass security in Google Chrome, Mozilla Firefox, and Apple Safari and interact with services on a local network. [...] https://www.bleepingcomputer.com/news/security/18-year-old-security-flaw-in-firefox-and-chrome-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

New CMoon USB worm targets Russians in data theft attacks

A new self-spreading worm named 'CMoon,' capable of stealing account credentials and other data, has been distributed in Russia since early July 2024 via a compromised gas supply company website. [...] https://www.bleepingcomputer.com/news/security/new-cmoon-usb-worm-targets-russians-in-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

Windows Update downgrade attack "unpatches" fully-updated systems

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [...] https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully-updated-systems/ Posted from: this blog via Microsoft Power Automate .

Windows Update downgrade attack "unpatches" fully-updated systems

SafeBreach security researcher Alon Leviev discovered a Windows Update downgrade attack that can "unpatch" fully-updated Windows 10, Windows 11, and Windows Server systems to reintroduce old vulnerabilities [...] https://www.bleepingcomputer.com/news/microsoft/windows-update-downgrade-attack-unpatches-fully-updated-systems/ Posted from: this blog via Microsoft Power Automate .

UK IT provider faces $7.7 million fine for 2022 ransomware breach

The UK's Information Commissioner's Office (ICO) has announced a provisional decision to impose a fine of £6.09M ($7.74 million) on Advanced Computer Software Group Ltd (Advanced) for its failure to protect the personal information of tens of thousands when it was hit by ransomware in 2022. [...] https://www.bleepingcomputer.com/news/security/uk-it-provider-faces-77-million-fine-for-2022-ransomware-breach/ Posted from: this blog via Microsoft Power Automate .

macOS Sequoia brings better Gatekeeper, stalkerware protections

Apple's macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. [...] https://www.bleepingcomputer.com/news/apple/macos-sequoia-brings-better-gatekeeper-stalkerware-protections/ Posted from: this blog via Microsoft Power Automate .

Critical Progress WhatsUp RCE flaw now under active exploitation

Threat actors are actively attempting to exploit a recently fixed  Progress WhatsUp Gold remote code execution vulnerability on exposed servers for initial access to corporate networks. [...] https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/ Posted from: this blog via Microsoft Power Automate .

Google Chrome will let you send money to your favourite website

Google has confirmed plans to implement Web Monetization in Chrome, allowing website owners to receive micro-payments as tips or rewards for their content as an additional way to generate revenue. [...] https://www.bleepingcomputer.com/news/google/google-chrome-will-let-you-send-money-to-your-favourite-website/ Posted from: this blog via Microsoft Power Automate .

INTERPOL recovers over $40 million stolen in a BEC attack

A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. [...] https://www.bleepingcomputer.com/news/security/interpol-recovers-over-40-million-stolen-in-a-bec-attack/ Posted from: this blog via Microsoft Power Automate .

Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [...] https://www.bleepingcomputer.com/news/security/samsung-to-pay-1-000-000-for-rces-on-galaxys-secure-vault/ Posted from: this blog via Microsoft Power Automate .

France's Grand Palais discloses cyberattack during Olympic games

The Grand Palais Réunion des musées nationaux (Rmn) in France is warning that it suffered a cyberattack on Saturday night, August 3, 2024. [...] https://www.bleepingcomputer.com/news/security/frances-grand-palais-discloses-cyberattack-during-olympic-games/ Posted from: this blog via Microsoft Power Automate .

Point of entry: Why hackers target stolen credentials for initial access

Stolen credentials are a big problem, commonly used to breach networks in attacks. Learn more from Specops Software about checking the password hygiene of your Active Directory. [...] https://www.bleepingcomputer.com/news/security/point-of-entry-why-hackers-target-stolen-credentials-for-initial-access/ Posted from: this blog via Microsoft Power Automate .

Microsoft Azure outage takes down services across North America

​Microsoft has mitigated an Azure outage that lasted more than two hours and took down multiple services for customers across North and Latin America. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-azure-outage-takes-down-services-across-north-america/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang targets IT workers with new SharpRhino malware

The Hunters International ransomware group is targeting IT workers with a new C# remote access trojan (RAT) called SharpRhino to breach corporate networks. [...] https://www.bleepingcomputer.com/news/security/hunters-international-ransomware-gang-targets-it-workers-with-new-sharprhino-malware/ Posted from: this blog via Microsoft Power Automate .

Crowdstrike: Delta Air Lines refused free help to resolve IT outage

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [...] https://www.bleepingcomputer.com/news/security/crowdstrike-delta-air-lines-refused-free-help-to-resolve-it-outage/ Posted from: this blog via Microsoft Power Automate .

Crowdstrike: Delta Air Lines refused free help to resolve IT outage

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [...] https://www.bleepingcomputer.com/news/security/crowdstrike-delta-air-lines-refused-free-help-to-resolve-it-outage/ Posted from: this blog via Microsoft Power Automate .

Crowdstrike: Delta Air Lines refused free help to resolve IT outage

The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [...] https://www.bleepingcomputer.com/news/security/crowdstrike-delta-air-lines-refused-free-help-to-resolve-it-outage/ Posted from: this blog via Microsoft Power Automate .

Windows Smart App Control, SmartScreen bypass exploited since 2018

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [...] https://www.bleepingcomputer.com/news/microsoft/windows-smart-app-control-smartscreen-bypass-exploited-since-2018/ Posted from: this blog via Microsoft Power Automate .

Windows Smart App Control, SmartScreen bypass exploited since 2018

A design flaw in Windows Smart App Control and SmartScreen that enables attackers to launch programs without triggering security warnings has been under exploitation since at least 2018. [...] https://www.bleepingcomputer.com/news/microsoft/windows-smart-app-control-smartscreen-bypass-exploited-since-2018/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers exploit VPN update flaw to install malware

South Korea's National Cyber Security Center (NCSC) warns that state-backed DPRK hackers hijacked flaws in a VPN's software update to deploy malware and breach networks. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-vpn-update-flaw-to-install-malware/ Posted from: this blog via Microsoft Power Automate .

Keytronic reports losses of over $17 million after ransomware attack

Electronic manufacturing services provider Keytronic has revealed that it suffered losses of over $17 million due to a May ransomware attack. [...] https://www.bleepingcomputer.com/news/security/keytronic-reports-losses-of-over-17-million-after-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

New LianSpy malware hides by blocking Android security feature

A previously undocumented Android malware named 'LightSpy' has been discovered targeting Russian users, posing on phones as an Alipay app or a system service to evade detection. [...] https://www.bleepingcomputer.com/news/security/new-lianspy-malware-hides-by-blocking-android-security-feature/ Posted from: this blog via Microsoft Power Automate .

Countdown is on: Last chance for discount registration at Mandiant’s mWISE 2024

There is only a few days left to get $300 off the standard conference price at mWISE. Learn more from mWise 2024 about how to get the discount and the upcoming cybersecurity sessions. [...] https://www.bleepingcomputer.com/news/security/countdown-is-on-last-chance-for-discount-registration-at-mandiants-mwise-2024/ Posted from: this blog via Microsoft Power Automate .

Surge in Magniber ransomware attacks impact home users worldwide

[...] https://www.bleepingcomputer.com/news/security/surge-in-magniber-ransomware-attacks-impact-home-users-worldwide/ Posted from: this blog via Microsoft Power Automate .

Hackers breach ISP to poison software updates with malware

A Chinese hacking group tracked as StormBamboo has compromised an undisclosed internet service provider (ISP) to poison automatic software updates with malware. [...] https://www.bleepingcomputer.com/news/security/hackers-breach-isp-to-poison-software-updates-with-malware/ Posted from: this blog via Microsoft Power Automate .

Linux kernel impacted by new SLUBStick cross-cache attack

A novel Linux Kernel cross-cache attack named SLUBStick has a 99% success in converting a limited heap vulnerability into an arbitrary memory read-and-write capability, letting the researchers elevate privileges or escape containers. [...] https://www.bleepingcomputer.com/news/security/linux-kernel-impacted-by-new-slubstick-cross-cache-attack/ Posted from: this blog via Microsoft Power Automate .

Google Chrome bug breaks drag and drop from Downloads bubble

A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. [...] https://www.bleepingcomputer.com/news/google/google-chrome-bug-breaks-drag-and-drop-from-downloads-bubble/ Posted from: this blog via Microsoft Power Automate .

Google Chrome bug breaks drag and drop from Downloads bubble

A recent Google Chrome update has broken the drag-and-drop feature in the Downloads bubble that previously allowed you to drag and drop downloaded files onto any website or tab in the browser. [...] https://www.bleepingcomputer.com/news/google/google-chrome-bug-breaks-drag-and-drop-from-downloads-bubble/ Posted from: this blog via Microsoft Power Automate .

US sues TikTok for violating children privacy protection laws

​The U.S. Department of Justice has filed a lawsuit against social media platform TikTok and its parent company, ByteDance, alleging widespread violations of children's privacy laws. [...] https://www.bleepingcomputer.com/news/security/us-sues-tiktok-for-violating-children-privacy-protection-laws/ Posted from: this blog via Microsoft Power Automate .

Google Chrome warns uBlock Origin may soon be disabled

Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled [...] https://www.bleepingcomputer.com/news/google/google-chrome-warns-ublock-origin-may-soon-be-disabled/ Posted from: this blog via Microsoft Power Automate .

Fake AI editor ads on Facebook push password-stealing malware

​A Facebook malvertising campaign targets users searching for AI image editing tools and steals their credentials by tricking them into installing fake apps that mimic legitimate software. [...] https://www.bleepingcomputer.com/news/security/fake-ai-editor-ads-on-facebook-push-password-stealing-malware/ Posted from: this blog via Microsoft Power Automate .

Cryptonator seized for laundering ransom payments, stolen crypto

U.S. and German law enforcement seized the domain of the crypto wallet platform Cryptonator, used by ransomware gangs, darknet marketplaces, and other illicit services, and indicted its operator. [...] https://www.bleepingcomputer.com/news/cryptocurrency/cryptonator-seized-for-laundering-ransom-payments-stolen-crypto/ Posted from: this blog via Microsoft Power Automate .

DuckDuckGo blocked in Indonesia over porn, gambling search results

Privacy-focused search engine DuckDuckGo has been blocked in Indonesia by its government after citizens reportedly complained about pornographic and online gambling content in its search results. [...] https://www.bleepingcomputer.com/news/security/duckduckgo-blocked-in-indonesia-over-porn-gambling-search-results/ Posted from: this blog via Microsoft Power Automate .

Twilio kills off Authy for desktop, forcibly logs out all users

Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. [...] https://www.bleepingcomputer.com/news/security/twilio-kills-off-authy-for-desktop-forcibly-logs-out-all-users/ Posted from: this blog via Microsoft Power Automate .

Tech support scam ring leader gets 7 years in prison, $6M fine

The leader of a tech support fraud scheme was sentenced to seven years in prison after tricking at least 6,500 victims and generating more than $6 million. [...] https://www.bleepingcomputer.com/news/legal/tech-support-scam-ring-leader-gets-7-years-in-prison-6m-fine/ Posted from: this blog via Microsoft Power Automate .

StackExchange abused to spread malicious PyPi packages as answers

Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. [...] https://www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/ Posted from: this blog via Microsoft Power Automate .

StackExchange abused to spread malicious PyPi packages as answers

Threat actors uploaded malicious Python packages to the PyPI repository and promoted them through the StackExchange online question and answer platform. [...] https://www.bleepingcomputer.com/news/security/stackexchange-abused-to-spread-malicious-pypi-packages-as-answers/ Posted from: this blog via Microsoft Power Automate .

Hackers abuse free TryCloudflare to deliver remote access malware

Researchers are warning of threat actors increasingly abusing the Cloudflare Tunnel service in malware campaigns that usually deliver remote access trojans (RATs). [...] https://www.bleepingcomputer.com/news/security/hackers-abuse-free-trycloudflare-to-deliver-remote-access-malware/ Posted from: this blog via Microsoft Power Automate .

UK takes down major 'Russian Coms' caller ID spoofing platform

The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls. [...] https://www.bleepingcomputer.com/news/security/uk-takes-down-russian-comms-caller-id-spoofing-platform-used-to-scam-170-000-people/ Posted from: this blog via Microsoft Power Automate .

Sitting Ducks DNS attacks let hackers hijack over 35,000 domains

Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming a domain without having access to the owner's account at the DNS provider or registrar. [...] https://www.bleepingcomputer.com/news/security/sitting-ducks-dns-attacks-let-hackers-hijack-over-35-000-domains/ Posted from: this blog via Microsoft Power Automate .

Cencora confirms patient health info stolen in February attack

Pharmaceutical giant Cencora has confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyberattack. [...] https://www.bleepingcomputer.com/news/security/cencora-confirms-patient-health-info-stolen-in-february-attack/ Posted from: this blog via Microsoft Power Automate .

FBI warns of scammers posing as crypto exchange employees

The Federal Bureau of Investigation (FBI) warns of scammers posing as employees of cryptocurrency exchanges to steal funds from unsuspecting victims. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-of-scammers-posing-as-crypto-exchange-employees/ Posted from: this blog via Microsoft Power Automate .