Posts

Showing posts from September, 2024

The Playstation Network is suffering a global outage

The PlayStation Network is suffering a global outage, with subscribers confirming that they can no longer play online games or access the company's website. [...] https://www.bleepingcomputer.com/news/gaming/playstation-network-is-down/ Posted from: this blog via Microsoft Power Automate .

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/ Posted from: this blog via Microsoft Power Automate .

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/ Posted from: this blog via Microsoft Power Automate .

Microsoft overhauls security for publishing Edge extensions

Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/ Posted from: this blog via Microsoft Power Automate .

Microsoft Defender adds detection of unsecure Wi-Fi networks

Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they're connected to unsecured Wi-Fi networks. [...] https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/ Posted from: this blog via Microsoft Power Automate .

Microsoft Defender adds detection of unsecure Wi-Fi networks

Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they're connected to unsecured Wi-Fi networks. [...] https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/ Posted from: this blog via Microsoft Power Automate .

T-Mobile pays $31.5 million FCC settlement over 4 data breaches

The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers. [...] https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/ Posted from: this blog via Microsoft Power Automate .

Man charged for selling forged license keys for network switches

The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...] https://www.bleepingcomputer.com/news/legal/man-charged-for-selling-forged-license-keys-for-network-switches/ Posted from: this blog via Microsoft Power Automate .

Verizon outage: iPhones, Android devices stuck in SOS mode

A widespread Verizon outage is causing iPhones and Android devices to enter SOS mode, preventing them from making mobile calls unless they use WiFi calling. [...] https://www.bleepingcomputer.com/news/technology/iphones-android-devices-stuck-in-sos-mode-after-verizon-outage/ Posted from: this blog via Microsoft Power Automate .

Media giant AFP hit by cyberattack impacting news delivery services

Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...] https://www.bleepingcomputer.com/news/security/media-giant-afp-hit-by-cyberattack-impacting-news-delivery-services/ Posted from: this blog via Microsoft Power Automate .

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...] https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover/ Posted from: this blog via Microsoft Power Automate .

Ireland fines Meta €91 million for storing passwords in plaintext

The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. [...] https://www.bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext/ Posted from: this blog via Microsoft Power Automate .

Iranian hackers charged for ‘hack-and-leak’ plot to influence election

The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. [...] https://www.bleepingcomputer.com/news/security/iranian-hackers-charged-for-hack-and-leak-plot-to-influence-election/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Windows Recall now can be removed, is more secure

​Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-recall-now-can-be-removed-is-more-secure/ Posted from: this blog via Microsoft Power Automate .

Embargo ransomware escalates attacks to cloud environments

Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. [...] https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5043145 update released with 13 changes and fixes

​​Microsoft released the September 2024 preview update (KB5043145) for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5043145-update-released-with-13-changes-and-fixes/ Posted from: this blog via Microsoft Power Automate .

CUPS flaws enable Linux remote code execution, but there’s a catch

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. [...] https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/ Posted from: this blog via Microsoft Power Automate .

CUPS flaws enable Linux remote code execution, but there’s a catch

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. [...] https://www.bleepingcomputer.com/news/security/cups-flaws-enable-linux-remote-code-execution-but-theres-a-catch/ Posted from: this blog via Microsoft Power Automate .

New RomCom malware variant 'SnipBot' spotted in data theft attacks

A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. [...] https://www.bleepingcomputer.com/news/security/new-romcom-malware-variant-snipbot-spotted-in-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

Kia dealer portal flaw could let attackers hack millions of cars

A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate. [...] https://www.bleepingcomputer.com/news/security/kia-dealer-portal-flaw-could-let-attackers-hack-millions-of-cars/ Posted from: this blog via Microsoft Power Automate .

Tails OS merges with Tor Project for better privacy, security

The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship. [...] https://www.bleepingcomputer.com/news/software/tails-os-merges-with-tor-project-for-better-privacy-security/ Posted from: this blog via Microsoft Power Automate .

US sanctions crypto exchanges used by Russian ransomware gangs

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned PM2BTC and Cryptex, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. [...] https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-exchanges-used-by-russian-ransomware-gangs/ Posted from: this blog via Microsoft Power Automate .

Fake WalletConnect app on Google Play steals Android users’ crypto

A crypto draining app mimicking the legitimate 'WalletConnect' project has been distributed over Google Play for five months getting more than 10,000 downloads. [...] https://www.bleepingcomputer.com/news/security/fake-walletconnect-app-on-google-play-steals-android-users-crypto/ Posted from: this blog via Microsoft Power Automate .

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. [...] https://www.bleepingcomputer.com/news/security/hpe-aruba-networking-fixes-three-critical-rce-flaws-impacting-its-access-points/ Posted from: this blog via Microsoft Power Automate .

Mozilla accused of tracking users in Firefox without consent

European digital rights group NOYB (None Of Your Business) has filed a privacy complaint with the Austrian data protection watchdog (DSB) against Mozilla, alleging the company uses a Firefox privacy feature (enabled without consent) to track users' online behavior. [...] https://www.bleepingcomputer.com/news/technology/mozilla-accused-of-tracking-users-in-firefox-without-consent/ Posted from: this blog via Microsoft Power Automate .

CISA: Hackers target industrial systems using “unsophisticated methods”

​CISA warned today of threat actors trying to breach critical infrastructure networks by targeting Internet-exposed industrial devices using "unsophisticated" methods like brute force attacks and default credentials. [...] https://www.bleepingcomputer.com/news/security/cisa-hackers-target-industrial-systems-using-unsophisticated-methods/ Posted from: this blog via Microsoft Power Automate .

The "Llama" is freed: Winamp goes open source after 27 years

The iconic Winamp media player has fulfilled a promise made in May to go open-source and has now published its complete source code on GitHub. [...] https://www.bleepingcomputer.com/news/software/the-llama-is-freed-winamp-goes-open-source-after-27-years/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5043131 update released with 9 changes and fixes

​​Microsoft has released the September 2024 non-security preview update for Windows 10, version 22H2, with fixes for bugs causing Edge web browser freezes and media playback issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5043131-update-released-with-9-changes-and-fixes/ Posted from: this blog via Microsoft Power Automate .

AutoCanada says ransomware attack "may" impact employee data

AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. [...] https://www.bleepingcomputer.com/news/security/autocanada-says-ransomware-attack-may-impact-employee-data/ Posted from: this blog via Microsoft Power Automate .

Kansas water plant cyberattack forces switch to manual operations

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. [...] https://www.bleepingcomputer.com/news/security/kansas-water-plant-cyberattack-forces-switch-to-manual-operations/ Posted from: this blog via Microsoft Power Automate .

U.S. govt agency CMS says data breach impacted 3.1 million people

The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. [...] https://www.bleepingcomputer.com/news/healthcare/us-govt-agency-cms-says-data-breach-impacted-31-million-people/ Posted from: this blog via Microsoft Power Automate .

Infostealer malware bypasses Chrome’s new cookie-theft defenses

Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. [...] https://www.bleepingcomputer.com/news/security/infostealer-malware-bypasses-chromes-new-cookie-theft-defenses/ Posted from: this blog via Microsoft Power Automate .

Hackers deploy AI-written malware in targeted attacks

While cybercriminals have used generative AI technology to create convincing emails, government agencies have warned about the potential abuse of AI tools to creating malicious software, despite the safeguards and restrictions that vendors implemented. [...] https://www.bleepingcomputer.com/news/security/hackers-deploy-ai-written-malware-in-targeted-attacks/ Posted from: this blog via Microsoft Power Automate .

Generative AI Security: Getting ready for Salesforce Einstein Copilot

Salesforce's Einstein Copilot can provide insights and perform tasks help streamline daily processes. However, it also comes with risks that you should takes steps to mitigate. Learn more from Varonis on how to prepare for Salesforce Einstein Copilot, [...] https://www.bleepingcomputer.com/news/security/generative-ai-security-getting-ready-for-salesforce-einstein-copilot/ Posted from: this blog via Microsoft Power Automate .

US proposes ban on connected vehicle tech from China, Russia

Today, the Biden administration announced new proposed measures to defend the United States' national security from potential threats linked to connected vehicle technologies originating from China and Russia. [...] https://www.bleepingcomputer.com/news/security/us-proposes-ban-on-connected-vehicle-tech-from-china-russia/ Posted from: this blog via Microsoft Power Automate .

Telegram now shares users’ IP and phone number on legal requests

Telegram will now share users' phone numbers and IP addresses with law enforcement if they are found to be violating the platform's rules following a valid legal request. [...] https://www.bleepingcomputer.com/news/security/telegram-now-shares-users-ip-and-phone-number-on-legal-requests/ Posted from: this blog via Microsoft Power Automate .

New Mallox ransomware Linux variant based on leaked Kryptina code

An affiliate of the Mallox ransomware operation, also known as TargetCompany, was spotted using a slightly modified version of the Kryptina ransomware to attack Linux systems. [...] https://www.bleepingcomputer.com/news/security/new-mallox-ransomware-linux-variant-based-on-leaked-kryptina-code/ Posted from: this blog via Microsoft Power Automate .

Kaspersky deletes itself, installs UltraAV antivirus without warning

Starting Thursday, Kaspersky deleted its anti-malware software from computers across the United States and replaced it with UltraAV's antivirus solution without warning. [...] https://www.bleepingcomputer.com/news/security/kaspersky-deletes-itself-installs-ultraav-antivirus-without-warning/ Posted from: this blog via Microsoft Power Automate .

Android malware 'Necro' infects 11 million devices via Google Play

A new version of the Necro Trojan malware for Android was installed on 11 million devices through Google Play in malicious SDK supply chain attacks. [...] https://www.bleepingcomputer.com/news/security/android-malware-necro-infects-11-million-devices-via-google-play/ Posted from: this blog via Microsoft Power Automate .

New Google Chrome feature will translate complex pages in real time

Google is testing a new API that uses machine learning models to offer real-time language translation for inputted text and to make it easier to translate web pages. [...] https://www.bleepingcomputer.com/news/google/new-google-chrome-feature-will-translate-complex-pages-in-real-time/ Posted from: this blog via Microsoft Power Automate .

Global infostealer malware operation targets crypto users, gamers

A massive infostealer malware operation encompassing thirty campaigns targeting a broad spectrum of demographics and system platforms has been uncovered, attributed to a cybercriminal group named "Marko Polo." [...] https://www.bleepingcomputer.com/news/security/global-infostealer-malware-operation-targets-crypto-users-gamers/ Posted from: this blog via Microsoft Power Automate .

Microsoft ends development of Windows Server Update Services (WSUS)

Microsoft has officially announced that Windows Server Update Services (WSUS) is now deprecated, but plans to maintain current functionality and continue publishing updates through the channel. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-officially-deprecates-windows-server-update-services-wsus/ Posted from: this blog via Microsoft Power Automate .

Windows Server 2025 previews security updates without restarts

​Microsoft announced today that Hotpatching is now available in public preview for Windows Server 2025, allowing installation of security updates without restarting. [...] https://www.bleepingcomputer.com/news/microsoft/windows-server-2025-hotpatching-in-public-preview-installs-security-updates-without-restarts/ Posted from: this blog via Microsoft Power Automate .

Disney ditching Slack after massive July data breach

The Walt Disney Company is reportedly ditching Slack after a July data breach exposed over 1TB of confidential messages and files posted to the company's internal communication channels. [...] https://www.bleepingcomputer.com/news/security/disney-ditching-slack-after-massive-july-data-breach/ Posted from: this blog via Microsoft Power Automate .

macOS Sequoia change breaks networking for VPN, antivirus software

Users of macOS 15 'Sequoia' are reporting network connection errors when using certain endpoint detection and response (EDR) or virtual private network (VPN) solutions, and web browsers. [...] https://www.bleepingcomputer.com/news/apple/macos-sequoia-change-breaks-networking-for-vpn-antivirus-software/ Posted from: this blog via Microsoft Power Automate .

Clickbaity or genius? 'BF cheated on you' QR codes pop up across UK

A new wave of QR codes has popped up across UK claiming to share a video of a boyfriend who "cheated" on a girl named Emily last night. Clickbaity or genius? [...] https://www.bleepingcomputer.com/news/security/clickbaity-or-genius-bf-cheated-on-you-qr-codes-pop-up-across-uk/ Posted from: this blog via Microsoft Power Automate .

Suspects behind $230 million cryptocurrency theft arrested in Miami

Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services. [...] https://www.bleepingcomputer.com/news/security/suspects-behind-230-million-cryptocurrency-theft-arrested-in-miami/ Posted from: this blog via Microsoft Power Automate .

Microsoft Edge will flag extensions causing performance issues

Microsoft is testing a new feature in the Edge browser called the "extension performance detector," which warns you when browser extensions cause performance issues on web pages you visit. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-will-flag-extensions-causing-performance-issues/ Posted from: this blog via Microsoft Power Automate .

Microsoft Edge will flag extensions causing performance issues

Microsoft is testing a new feature in the Edge browser called the "extension performance detector," which warns you when browser extensions cause performance issues on web pages you visit. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-edge-will-flag-extensions-causing-performance-issues/ Posted from: this blog via Microsoft Power Automate .

Tor says it’s "still safe" amid reports of police deanonymizing users

The Tor Project is attempting to assure users that the network is still safe after a recent investigative report warned that law enforcement from Germany and other countries are working together to deanonymize users through timing attacks. [...] https://www.bleepingcomputer.com/news/security/tor-says-its-still-safe-amid-reports-of-police-deanonymizing-users/ Posted from: this blog via Microsoft Power Automate .

Ivanti warns of another critical CSA flaw exploited in attacks

Today, Ivanti warned that threat actors are exploiting another Cloud Services Appliance (CSA) security flaw in attacks targeting a limited number of customers. [...] https://www.bleepingcomputer.com/news/security/ivanti-warns-of-another-critical-csa-flaw-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Clever 'GitHub Scanner' campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new "issue" on an open source repository falsely claiming that the project contains a "security vulnerability." [...] https://www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/ Posted from: this blog via Microsoft Power Automate .

Discord rolls out end-to-end encryption for audio, video calls

Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. [...] https://www.bleepingcomputer.com/news/security/discord-rolls-out-end-to-end-encryption-for-audio-video-calls/ Posted from: this blog via Microsoft Power Automate .

Discord rolls out end-to-end encryption for audio, video calls

Discord has introduced the DAVE protocol, a custom end-to-end encryption (E2EE) protocol designed to protect audio and video calls on the platform from unauthorized interceptions. [...] https://www.bleepingcomputer.com/news/security/discord-rolls-out-end-to-end-encryption-for-audio-video-calls/ Posted from: this blog via Microsoft Power Automate .

Europol takes down "Ghost" encrypted messaging platform used for crime

Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. [...] https://www.bleepingcomputer.com/news/security/europol-takes-down-ghost-encrypted-messaging-platform-used-for-crime/ Posted from: this blog via Microsoft Power Automate .

Europol takes down "Ghost" encrypted messaging platform used for crime

Europol and law enforcement from nine countries successfully dismantled an encrypted communications platform called "Ghost," which was used by organized crime such as drug trafficking and money laundering. [...] https://www.bleepingcomputer.com/news/security/europol-takes-down-ghost-encrypted-messaging-platform-used-for-crime/ Posted from: this blog via Microsoft Power Automate .

X hacking spree fuels "$HACKED" crypto token pump-and-dump

An X account hacking spree has fueled a successful pump-and-dump scheme for the $HACKED Solana token, with people rushing to buy the coin. [...] https://www.bleepingcomputer.com/news/security/x-hacking-spree-fuels-hacked-crypto-token-pump-and-dump/ Posted from: this blog via Microsoft Power Automate .

GitLab releases fix for critical SAML authentication bypass flaw

GitLab has released security updates to address a critical SAML authentication bypass vulnerability impacting self-managed installations of the GitLab Community Edition (CE) and Enterprise Edition (EE). [...] https://www.bleepingcomputer.com/news/security/gitlab-releases-fix-for-critical-saml-authentication-bypass-flaw/ Posted from: this blog via Microsoft Power Automate .

Chinese botnet infects 260,000 SOHO routers, IP cameras with malware

The FBI and cybersecurity researchers have disrupted a massive Chinese botnet called "Raptor Train" that infected over 260,000 networking devices to target critical infrastructure in the US and in other countries. [...] https://www.bleepingcomputer.com/news/security/flax-typhoon-hackers-infect-260-000-routers-ip-cameras-with-botnet-malware/ Posted from: this blog via Microsoft Power Automate .

Russian security firm Dr.Web disconnects all servers after breach

On Tuesday, Russian anti-malware company Doctor Web (Dr.Web) disclosed a security breach after its systems were targeted in a cyberattack over the weekend. [...] https://www.bleepingcomputer.com/news/security/russian-security-firm-drweb-disconnects-all-servers-after-breach/ Posted from: this blog via Microsoft Power Automate .

Temu denies breach after hacker claims theft of 87 million data records

Temu denies it was hacked or suffered a data breach after a threat actor claimed to be selling a stolen database containing 87 million records of customer information. [...] https://www.bleepingcomputer.com/news/security/temu-denies-breach-after-hacker-claims-theft-of-87-million-data-records/ Posted from: this blog via Microsoft Power Automate .

Broadcom fixes critical RCE bug in VMware vCenter Server

Broadcom has fixed a critical VMware vCenter Server vulnerability that attackers can exploit to gain remote code execution on unpatched servers via a network packet. [...] https://www.bleepingcomputer.com/news/security/broadcom-fixes-critical-rce-bug-in-vmware-vcenter-server/ Posted from: this blog via Microsoft Power Automate .

Construction firms breached in brute force attacks on accounting software

Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to breach corporate networks. [...] https://www.bleepingcomputer.com/news/security/construction-firms-breached-in-brute-force-attacks-on-accounting-software/ Posted from: this blog via Microsoft Power Automate .

Cloudflare outage cuts off access to websites in some regions

A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and not others. [...] https://www.bleepingcomputer.com/news/technology/cloudflare-outage-cuts-off-access-to-websites-in-some-regions/ Posted from: this blog via Microsoft Power Automate .

Ransomware gangs now abuse Microsoft Azure tool for data theft

Ransomware gangs like BianLian and Rhysida increasingly use Microsoft's Azure Storage Explorer and AzCopy to steal data from breached networks and store it in Azure Blob storage. [...] https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-abuse-microsoft-azure-tool-for-data-theft/ Posted from: this blog via Microsoft Power Automate .

Over 1,000 ServiceNow instances found leaking corporate KB data

Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external users and potential threat actors. [...] https://www.bleepingcomputer.com/news/security/over-1-000-servicenow-instances-found-leaking-corporate-kb-data/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bug crashing Microsoft 365 apps when typing

​Microsoft has fixed a known issue that causes Microsoft 365 apps like Outlook, Word, Excel, and OneNote to crash while typing or spell-checking a text. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-crashing-microsoft-365-apps-when-typing/ Posted from: this blog via Microsoft Power Automate .

CISA warns of Windows flaw used in infostealer malware attacks

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-flaw-used-in-infostealer-malware-attacks/ Posted from: this blog via Microsoft Power Automate .

CISA warns of Windows flaw used in infostealer malware attacks

​CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the Void Banshee APT hacking group. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-windows-flaw-used-in-infostealer-malware-attacks/ Posted from: this blog via Microsoft Power Automate .

Exploit code released for critical Ivanti RCE flaw, patch now

A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly released, making it crucial to update devices. [...] https://www.bleepingcomputer.com/news/security/exploit-code-released-for-critical-ivanti-rce-flaw-patch-now/ Posted from: this blog via Microsoft Power Automate .

Microsoft rolls out Office LTSC 2024 for Windows and Mac

​Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows and macOS users, is now available for commercial and government customers. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-office-ltsc-2024-for-windows-and-mac/ Posted from: this blog via Microsoft Power Automate .

US cracks down on spyware vendor Intellexa with more sanctions

Today, the U.S. Department of the Treasury has sanctioned five executives and one entity linked to the Intellexa Consortium for developing and distributing Predator commercial spyware. [...] https://www.bleepingcomputer.com/news/security/us-cracks-down-on-spyware-vendor-intellexa-with-more-sanctions/ Posted from: this blog via Microsoft Power Automate .

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers

D-Link has fixed critical vulnerabilities in three popular wireless router models that allow remote attackers to execute arbitrary code or access the devices using hardcoded credentials. [...] https://www.bleepingcomputer.com/news/security/d-link-fixes-critical-rce-hardcoded-password-flaws-in-wifi-6-routers/ Posted from: this blog via Microsoft Power Automate .

Malware locks browser in kiosk mode to steal Google credentials

A malware campaign uses the unusual method of locking users in their browser's kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware. [...] https://www.bleepingcomputer.com/news/security/malware-locks-browser-in-kiosk-mode-to-steal-google-credentials/ Posted from: this blog via Microsoft Power Automate .

Port of Seattle hit by Rhysida ransomware in August attack

Port of Seattle, the United States government agency overseeing Seattle's seaport and airport, confirmed on Friday that the Rhysida ransomware operation was behind a cyberattack impacting its systems over the last three weeks. [...] https://www.bleepingcomputer.com/news/security/port-of-seattle-says-rhysida-ransomware-was-behind-august-attack/ Posted from: this blog via Microsoft Power Automate .

TfL requires in-person password resets for 30,000 employees after hack

​Transport for London (TfL) says that all staff (roughly 30,000 employees) must attend in-person appointments to verify their identities and reset passwords following a cybersecurity incident disclosed almost two weeks ago. [...] https://www.bleepingcomputer.com/news/security/tfl-requires-in-person-password-resets-for-30-000-employees-after-hack/ Posted from: this blog via Microsoft Power Automate .

23andMe to pay $30 million in genetics data breach settlement

DNA testing giant 23andMe has agreed to pay $30 million to settle a lawsuit over a data breach that exposed the personal information of 6.4 million customers in 2023. [...] https://www.bleepingcomputer.com/news/security/23andme-to-pay-30-million-in-genetics-data-breach-settlement/ Posted from: this blog via Microsoft Power Automate .

Ivanti warns high severity CSA flaw is now exploited in attacks

Ivanti confirmed on Friday that a high severity vulnerability in its Cloud Services Appliance (CSA) solution is now actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/ivanti-warns-high-severity-csa-flaw-is-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

New Linux malware Hadooken targets Oracle WebLogic servers

Hackers are targeting Oracle WebLogic servers to infect them with a new Linux malware named "Hadooken, which launches a cryptominer and a tool for distributed denial-of-service (DDoS) attacks. [...] https://www.bleepingcomputer.com/news/security/new-linux-malware-hadooken-targets-oracle-weblogic-servers/ Posted from: this blog via Microsoft Power Automate .

RansomHub claims Kawasaki cyberattack, threatens to leak stolen data

Kawasaki Motors Europe has announced that it's recovering from a cyberattack that disrupted service disruptions as the RansomHub ransomware gang threatens to leak stolen data. [...] https://www.bleepingcomputer.com/news/security/ransomhub-claims-kawasaki-cyberattack-threatens-to-leak-stolen-data/ Posted from: this blog via Microsoft Power Automate .

New Vo1d malware infects 1.3 million Android TV streaming boxes

[...] https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ Posted from: this blog via Microsoft Power Automate .

New Vo1d malware infects 1.3 million Android TV streaming boxes

[...] https://www.bleepingcomputer.com/news/security/new-vo1d-malware-infects-13-million-android-tv-streaming-boxes/ Posted from: this blog via Microsoft Power Automate .

FBI: Reported cryptocurrency losses reached $5.6 billion in 2023

The FBI says that 2023 was a record year for cryptocurrency fraud, with total losses exceeding $5.6 billion, based on nearly 70,000 reports received through the Internet Crime Complaint Center (IC3). [...] https://www.bleepingcomputer.com/news/security/fbi-reported-cryptocurrency-losses-reached-56-billion-in-2023/ Posted from: this blog via Microsoft Power Automate .

Fortinet confirms data breach after hacker claims to steal 440GB of files

Cybersecurity giant Fortinet has confirmed it suffered a data breach after a threat actor claimed to steal 440GB of files from the company's Microsoft Sharepoint server. [...] https://www.bleepingcomputer.com/news/security/fortinet-confirms-data-breach-after-hacker-claims-to-steal-440gb-of-files/ Posted from: this blog via Microsoft Power Automate .

UK arrests teen linked to Transport for London cyber attack

U.K.'s National Crime Agency says it arrested a 17-year-old teenager who is suspected of being connected to the cyberattack on Transport for London, the city's public transportation agency. [...] https://www.bleepingcomputer.com/news/security/uk-arrests-teen-linked-to-transport-for-london-cyber-attack/ Posted from: this blog via Microsoft Power Automate .

Transport for London confirms customer data stolen in cyberattack

Transport for London (TfL) has determined that the cyberattack on September 1 impacts customer data, including names, contact details, email addresses, and home addresses. [...] https://www.bleepingcomputer.com/news/security/transport-for-london-confirms-customer-data-stolen-in-cyberattack/ Posted from: this blog via Microsoft Power Automate .

GitLab warns of critical pipeline execution vulnerability

GitLab has released critical updates to address multiple vulnerabilities, the most severe of them (CVE-2024-6678) allowing an attacker to trigger pipelines as arbitrary users under certain conditions. [...] https://www.bleepingcomputer.com/news/security/gitlab-warns-of-critical-pipeline-execution-vulnerability/ Posted from: this blog via Microsoft Power Automate .

Fake password manager coding test used to hack Python developers

Members of the North Korean hacker group Lazarus posing as recruiters are baiting Python developers with coding test project for password management products that include malware. [...] https://www.bleepingcomputer.com/news/security/fake-password-manager-coding-test-used-to-hack-python-developers/ Posted from: this blog via Microsoft Power Automate .

Adobe fixes Acrobat Reader zero-day with public PoC exploit

A cybersecurity researcher is urging users to upgrade Adobe Acrobat Reader after a fix was released yesterday for a remote code execution zero-day with a public in-the-wild proof-of-concept exploit. [...] https://www.bleepingcomputer.com/news/security/adobe-fixes-acrobat-reader-zero-day-with-public-poc-exploit/ Posted from: this blog via Microsoft Power Automate .

Criminal IP and IPLocation.io Join Forces for Enhanced IP Analysis

AI SPERA announced today that its IP address intelligence engine, Criminal IP, has integrated with IPLocation.io. Learn more from Criminal IP about how this brings additional insights to Criminal IP's threat intelligence database. [...] https://www.bleepingcomputer.com/news/security/criminal-ip-and-iplocationio-join-forces-for-enhanced-ip-analysis/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers linked to cybercrime syndicate arrested in Singapore

Six Chinese nationals and a Singaporean have been arrested on Monday in Singapore for their alleged role in malicious cyber activities committed in connection with a "global syndicate." [...] https://www.bleepingcomputer.com/news/legal/chinese-hackers-linked-to-PlugX-malware-arrested-in-singapore/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows Server performance issues from August updates

​Microsoft says this month's Patch Tuesday cumulative updates also fix a known issue causing Windows Server 2019 boot problems, freezes, and performance issues after installing the August 2024 security updates. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-performance-issues-from-august-updates/ Posted from: this blog via Microsoft Power Automate .

New PIXHELL acoustic attack leaks secrets from LCD screen noise

A novel acoustic attack named 'PIXHELL' can leak secrets from air-gapped and audio-gapped systems, and without requiring speakers, through the LCD monitors they connect to. [...] https://www.bleepingcomputer.com/news/security/new-pixhell-acoustic-attack-leaks-secrets-from-lcd-screen-noise/ Posted from: this blog via Microsoft Power Automate .

Ivanti fixes maximum severity RCE bug in Endpoint Management software

Ivanti has fixed a maximum severity vulnerability in its Endpoint Management software (EPM) that can let unauthenticated attackers gain remote code execution on the core server. [...] https://www.bleepingcomputer.com/news/security/ivanti-fixes-maximum-severity-rce-bug-in-endpoint-management-software/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows Smart App Control zero-day exploited since 2018

​Microsoft has fixed a Windows Smart App Control and SmartScreen flaw that has been exploited in attacks as a zero-day since at least 2018. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-smart-app-control-zero-day-exploited-since-2018/ Posted from: this blog via Microsoft Power Automate .

Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws

Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including four actively exploited and one publicly disclosed zero-days. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-september-2024-patch-tuesday-fixes-4-zero-days-79-flaws/ Posted from: this blog via Microsoft Power Automate .

Wix.com to block Russian users starting September 12

Wix.com has announced it will stop providing services to Russian users on September 12, 2024, with all accounts from Russia, including free and premium, to be blocked and their websites taken down. [...] https://www.bleepingcomputer.com/news/legal/wixcom-to-block-russian-users-starting-september-12/ Posted from: this blog via Microsoft Power Automate .

Flipper Zero releases Firmware 1.0 after three years of development

After three years of development, the Flipper Zero team has announced the release of the first major firmware version for the portable, customizable digital hacking device. [...] https://www.bleepingcomputer.com/news/hardware/flipper-zero-releases-firmware-10-after-three-years-of-development/ Posted from: this blog via Microsoft Power Automate .

NoName ransomware gang deploying RansomHub malware in recent attacks

The NoName ransomware gang has been trying to build a reputation for more than three years targeting small and medium-sized businesses worldwide with its encryptors and may now be working as a RansomHub affiliate. [...] https://www.bleepingcomputer.com/news/security/noname-ransomware-gang-deploying-ransomhub-malware-in-recent-attacks/ Posted from: this blog via Microsoft Power Automate .

Critical SonicWall SSLVPN bug exploited in ransomware attacks

Ransomware affiliates exploit a critical security vulnerability in SonicWall SonicOS firewall devices to breach victims' networks. [...] https://www.bleepingcomputer.com/news/security/critical-sonicwall-sslvpn-bug-exploited-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

Quad7 botnet targets more SOHO and VPN routers, media servers

The Quad7 botnet is expanding its targeting scope with the addition of new clusters and custom implants that now also target Zyxel VPN appliances and Ruckus wireless routers. [...] https://www.bleepingcomputer.com/news/security/quad7-botnet-targets-more-soho-and-vpn-routers-media-servers/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers use new data theft malware in govt attacks

New attacks attributed to China-based cyber espionage group Mustang Panda show that the threat actor switched to new strategies and malware called FDMTP and PTSOCKET to download payloads and steal information from breached networks. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-use-new-data-theft-malware-in-govt-attacks/ Posted from: this blog via Microsoft Power Automate .

Highline Public Schools closes schools following cyberattack

Highline Public Schools, a K-12 district in Washington state, has shut down all schools and canceled school activities after its technology systems were compromised in a cyberattack. [...] https://www.bleepingcomputer.com/news/security/highline-public-schools-closes-schools-following-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Meta fixes easily bypassed WhatsApp ‘View Once’ privacy feature

A privacy flaw in WhatsApp, an instant messenger with over 2 billion users worldwide, is being exploited by attackers to bypass the app's "View once" feature and view messages again. [...] https://www.bleepingcomputer.com/news/security/meta-fixes-easily-bypassed-whatsapp-view-once-privacy-feature/ Posted from: this blog via Microsoft Power Automate .

Payment gateway data breach affects 1.7 million credit card owners

Payment gateway provider Slim CD has disclosed a data breach that compromised credit card and personal data belonging to almost 1.7 million individuals. [...] https://www.bleepingcomputer.com/news/security/payment-gateway-data-breach-affects-17-million-credit-card-owners/ Posted from: this blog via Microsoft Power Automate .

How to defend against brute force and password spray attacks

While not very sophisticated, brute force password attacks pose a significant threat to an organization's security. Learn more from Specops Software about these types of attacks and how to defend against them. [...] https://www.bleepingcomputer.com/news/security/how-to-defend-against-brute-force-and-password-spray-attacks/ Posted from: this blog via Microsoft Power Automate .

Progress LoadMaster vulnerable to 10/10 severity RCE flaw

Progress Software has issued an emergency fix for a maximum (10/10) severity vulnerability impacting its LoadMaster and LoadMaster Multi-Tenant (MT) Hypervisor products that allows attackers to remotely execute commands on the device. [...] https://www.bleepingcomputer.com/news/security/progress-loadmaster-vulnerable-to-10-10-severity-rce-flaw/ Posted from: this blog via Microsoft Power Automate .

New RAMBO attack steals data using RAM in air-gapped computers

A novel side-channel attack dubbed  "RAMBO" (Radiation of Air-gapped Memory Bus for Offense) generates electromagnetic radiation from a device's RAM to send data from air-gapped computers. [...] https://www.bleepingcomputer.com/news/security/new-rambo-attack-steals-data-using-ram-in-air-gapped-computers/ Posted from: this blog via Microsoft Power Automate .

Transport for London staff faces systems disruptions after cyberattack

​Transport for London, the city's public transportation agency, revealed today that its staff has limited access to systems and email due to measures implemented in response to a Sunday cyberattack. [...] https://www.bleepingcomputer.com/news/security/transport-for-london-staff-faces-systems-disruptions-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Car rental giant Avis discloses data breach impacting customers

American car rental giant Avis disclosed a data breach after attackers breached one of its business applications last month and stole customer personal information. [...] https://www.bleepingcomputer.com/news/security/car-rental-giant-avis-discloses-data-breach-impacting-customers/ Posted from: this blog via Microsoft Power Automate .

Microsoft Office 2024 to disable ActiveX controls by default

​After Office 2024 launches in October, Microsoft will disable ActiveX controls by default in Word, Excel, PowerPoint, and Visio client apps. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-office-2024-to-disable-activex-controls-by-default/ Posted from: this blog via Microsoft Power Automate .

SpyAgent Android malware steals your crypto recovery phrases from images

A new Android malware named SpyAgent uses optical character recognition (OCR) technology to steal cryptocurrency wallet recovery phrases from screenshots stored on the mobile device. [...] https://www.bleepingcomputer.com/news/security/spyagent-android-malware-steals-your-crypto-recovery-phrases-from-images/ Posted from: this blog via Microsoft Power Automate .

SonicWall SSLVPN access control flaw is now exploited in attacks

SonicWall is warning that a recently fixed access control flaw tracked as CVE-2024-40766 in SonicOS is now "potentially" exploited in attacks, urging admins to apply patches as soon as possible. [...] https://www.bleepingcomputer.com/news/security/sonicwall-sslvpn-access-control-flaw-is-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Apache fixes critical OFBiz remote code execution vulnerability

Apache has fixed a critical security vulnerability in its open-source OFBiz (Open For Business) software, which could allow attackers to execute arbitrary code on vulnerable Linux and Windows servers. [...] https://www.bleepingcomputer.com/news/security/apache-fixes-critical-ofbiz-remote-code-execution-vulnerability/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes revenge porn from Bing search using new tool

Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. [...] https://www.bleepingcomputer.com/news/security/microsoft-removes-revenge-porn-from-bing-search-using-new-tool/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes revenge porn from Bing search using new tool

Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. [...] https://www.bleepingcomputer.com/news/security/microsoft-removes-revenge-porn-from-bing-search-using-new-tool/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes revenge porn from Bing search using new tool

Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. [...] https://www.bleepingcomputer.com/news/security/microsoft-removes-revenge-porn-from-bing-search-using-new-tool/ Posted from: this blog via Microsoft Power Automate .

LiteSpeed Cache bug exposes 6 million WordPress sites to takeover attacks

Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. [...] https://www.bleepingcomputer.com/news/security/litespeed-cache-bug-exposes-6-million-wordpress-sites-to-takeover-attacks/ Posted from: this blog via Microsoft Power Automate .

Musician charged with $10M streaming royalties fraud using AI and bots

North Carolina musician Michael Smith was indicted for collecting over $10 million in royalty payments from Spotify, Amazon Music, Apple Music, and YouTube Music using AI-generated songs streamed by thousands of bots in a massive streaming fraud scheme. [...] https://www.bleepingcomputer.com/news/security/musician-charged-with-10m-streaming-royalties-fraud-using-ai-and-bots/ Posted from: this blog via Microsoft Power Automate .

Veeam warns of critical RCE flaw in Backup & Replication software

Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One. [...] https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-flaw-in-backup-and-replication-software/ Posted from: this blog via Microsoft Power Automate .

Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel

The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. [...] https://www.bleepingcomputer.com/news/security/red-team-tool-macropack-abused-in-attacks-to-deploy-brute-ratel/ Posted from: this blog via Microsoft Power Automate .

Microchip Technology confirms data was stolen in cyberattack

American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. [...] https://www.bleepingcomputer.com/news/security/microchip-technology-confirms-data-was-stolen-in-cyberattack/ Posted from: this blog via Microsoft Power Automate .

US cracks down on Russian disinformation before 2024 election

The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. [...] https://www.bleepingcomputer.com/news/security/us-cracks-down-on-russian-disinformation-before-2024-election/ Posted from: this blog via Microsoft Power Automate .

Cisco fixes root escalation vulnerability with public exploit code

Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. [...] https://www.bleepingcomputer.com/news/security/cisco-fixes-root-escalation-vulnerability-with-public-exploit-code/ Posted from: this blog via Microsoft Power Automate .

New Eucleak attack lets threat actors clone YubiKey FIDO keys

A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. [...] https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of backdoor admin account in Smart Licensing Utility

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/ Posted from: this blog via Microsoft Power Automate .

Hackers inject malicious JS in Cisco store to steal credit cards, credentials

Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. [...] https://www.bleepingcomputer.com/news/security/hackers-inject-malicious-js-in-cisco-store-to-steal-credit-cards-credentials/ Posted from: this blog via Microsoft Power Automate .

Google backports fix for Pixel EoP flaw to other Android devices

Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. [...] https://www.bleepingcomputer.com/news/security/google-backports-fix-for-pixel-eop-flaw-to-other-android-devices/ Posted from: this blog via Microsoft Power Automate .

Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security

AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. [...] https://www.bleepingcomputer.com/news/security/criminal-ip-earns-pci-dss-v40-certification-for-top-level-security/ Posted from: this blog via Microsoft Power Automate .

FTC: Over $110 million lost to Bitcoin ATM scams in 2023

​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...] https://www.bleepingcomputer.com/news/security/ftc-americans-lost-over-110-million-to-bitcoin-atm-scams-in-2023/ Posted from: this blog via Microsoft Power Automate .

Zyxel warns of critical OS command injection flaw in routers

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. [...] https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-os-command-injection-flaw-in-routers/ Posted from: this blog via Microsoft Power Automate .

Zyxel warns of critical OS command injection flaw in routers

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. [...] https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-os-command-injection-flaw-in-routers/ Posted from: this blog via Microsoft Power Automate .

New Windows PowerToy launches, repositions apps to saved layouts

​Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. [...] https://www.bleepingcomputer.com/news/microsoft/new-windows-powertoy-launches-repositions-apps-to-saved-layouts/ Posted from: this blog via Microsoft Power Automate .

FBI warns crypto firms of aggressive social engineering attacks

The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. [...] https://www.bleepingcomputer.com/news/security/fbi-warns-crypto-firms-of-aggressive-social-engineering-attacks/ Posted from: this blog via Microsoft Power Automate .

Clearview AI fined €30.5 million for unlawful data collection

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. [...] https://www.bleepingcomputer.com/news/legal/clearview-ai-fined-305-million-by-dutch-dpa-for-unlawful-data-collection/ Posted from: this blog via Microsoft Power Automate .

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [...] https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/ Posted from: this blog via Microsoft Power Automate .

Halliburton confirms data stolen in recent cyberattack

Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. [...] https://www.bleepingcomputer.com/news/security/halliburton-confirms-data-stolen-in-recent-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Transport for London discloses ongoing “cyber security incident”

Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. [...] https://www.bleepingcomputer.com/news/security/transport-for-london-discloses-ongoing-cyber-security-incident/ Posted from: this blog via Microsoft Power Automate .

Admins of MFA bypass service plead guilty to fraud

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...] https://www.bleepingcomputer.com/news/legal/admins-of-mfa-bypass-service-otp.agency-plead-guilty/ Posted from: this blog via Microsoft Power Automate .

Verkada to pay $2.95M for security failures leading to breaches

The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras. [...] https://www.bleepingcomputer.com/news/security/verkada-to-pay-295m-for-security-failures-leading-to-breaches/ Posted from: this blog via Microsoft Power Automate .

Business services giant CBIZ discloses customer data breach

CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. [...] https://www.bleepingcomputer.com/news/security/business-services-giant-cbiz-discloses-customer-data-breach/ Posted from: this blog via Microsoft Power Automate .

Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. [...] https://www.bleepingcomputer.com/news/security/cicada3301-ransomwares-linux-encryptor-targets-vmware-esxi-systems/ Posted from: this blog via Microsoft Power Automate .

Docker-OSX image used for security research hit by Apple DMCA takedown

The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. [...] https://www.bleepingcomputer.com/news/security/docker-osx-image-used-for-security-research-hit-by-apple-dmca-takedown/ Posted from: this blog via Microsoft Power Automate .