Posts

Showing posts from November, 2024

SpyLoan Android malware on Google play installed 8 million times

A new set of 15 SpyLoan apps with over 8 million installs was discovered on Google Play, targeting primarily users from South America, Southeast Asia, and Africa. [...] https://www.bleepingcomputer.com/news/security/spyloan-android-malware-on-google-play-installed-8-million-times/ Posted from: this blog via Microsoft Power Automate .

New Rockstar 2FA phishing service targets Microsoft 365 accounts

A new phishing-as-a-service (PhaaS) platform named 'Rockstar 2FA' has emerged, facilitating large-scale adversary-in-the-middle (AiTM) attacks to steal Microsoft 365 credentials. [...] https://www.bleepingcomputer.com/news/security/new-rockstar-2fa-phishing-service-targets-microsoft-365-accounts/ Posted from: this blog via Microsoft Power Automate .

Russia arrests cybercriminal Wazawaka for ties with ransomware gangs

Russian law enforcement has arrested and indicted notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x, and Boriselcin) for developing malware and his involvement in several hacking groups. [...] https://www.bleepingcomputer.com/news/security/russia-arrests-cybercriminal-wazawaka-for-ties-with-ransomware-gangs/ Posted from: this blog via Microsoft Power Automate .

New Windows Server 2012 zero-day gets free, unofficial patches

Free unofficial security patches have been released through the 0patch platform to address a zero-day vulnerability introduced over two years ago in the Windows Mark of the Web (MotW) security mechanism. [...] https://www.bleepingcomputer.com/news/security/new-windows-server-2012-zero-day-gets-free-unofficial-patches/ Posted from: this blog via Microsoft Power Automate .

UK hospital network postpones procedures after cyberattack

Major UK healthcare provider Wirral University Teaching Hospital (WUTH), part of the NHS Foundation Trust, has suffered a cyberattack that caused a systems outage leading to postponing appointments and scheduled procedures. [...] https://www.bleepingcomputer.com/news/security/uk-hospital-network-postpones-procedures-after-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Microsoft re-releases Exchange updates after fixing mail delivery

​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...] https://www.bleepingcomputer.com/news/security/microsoft-re-releases-exchange-updates-after-fixing-mail-delivery/ Posted from: this blog via Microsoft Power Automate .

Microsoft re-releases Exchange updates after fixing mail delivery

​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [...] https://www.bleepingcomputer.com/news/security/microsoft-re-releases-exchange-updates-after-fixing-mail-delivery/ Posted from: this blog via Microsoft Power Automate .

Hackers abuse popular Godot game engine to infect thousands of PCs

​Hackers have used new GodLoader malware exploiting the capabilities of the widely used Godot game engine to evade detection and infect over 17,000 systems in just three months. [...] https://www.bleepingcomputer.com/news/security/new-godloader-malware-infects-thousands-of-gamers-using-godot-scripts/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit ProjectSend flaw to backdoor exposed servers

Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-projectsend-flaw-to-backdoor-exposed-servers/ Posted from: this blog via Microsoft Power Automate .

Zello asks users to reset passwords after security incident

Zello is warning customers to reset their passwords if their account was created before November 2nd in what appears to be another security breach. [...] https://www.bleepingcomputer.com/news/security/zello-asks-users-to-reset-passwords-after-security-incident/ Posted from: this blog via Microsoft Power Automate .

Microsoft says it's not using your Word, Excel data for AI training

​Microsoft has denied claims that it uses Microsoft 365 apps (including Word, Excel, and PowerPoint) to collect data to train the company's artificial intelligence (AI) models. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-its-not-using-your-word-excel-data-for-ai-training/ Posted from: this blog via Microsoft Power Automate .

Police bust pirate streaming service making €250 million per month

An international law enforcement operation has dismantled a pirate streaming service that served over 22 million users worldwide and made €250 million ($263M) per month. [...] https://www.bleepingcomputer.com/news/technology/police-bust-pirate-streaming-service-making-250-million-per-month/ Posted from: this blog via Microsoft Power Automate .

Police bust pirate streaming service making €250 million per month

An international law enforcement operation has dismantled a pirate streaming service that served over 22 million users worldwide and made €250 million ($263M) per month. [...] https://www.bleepingcomputer.com/news/technology/police-bust-pirate-streaming-service-making-250-million-per-month/ Posted from: this blog via Microsoft Power Automate .

The Black Friday 2024 Cybersecurity, IT, VPN, & Antivirus Deals

Black Friday 2024 is almost here, and great deals are already live in computer security, software, online courses, system admin services, antivirus, and VPN software. These promotions offer deep discounts from various companies and are only available for a limited time. [...] https://www.bleepingcomputer.com/news/security/the-black-friday-2024-cybersecurity-it-vpn-and-antivirus-deals/ Posted from: this blog via Microsoft Power Automate .

New NachoVPN attack uses rogue VPN servers to install malicious updates

A set of vulnerabilities dubbed "NachoVPN" allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. [...] https://www.bleepingcomputer.com/news/security/new-nachovpn-attack-uses-rogue-vpn-servers-to-install-malicious-updates/ Posted from: this blog via Microsoft Power Automate .

NordVPN Black Friday Deal: Save up to 74% on yearly subscriptions

Want the best VPN with a 74% discount? The NordVPN Black Friday deal is live and runs until December 10. This is the perfect chance to lock in a 2-year plan for the low cost of $2.99 per month, with an extra 3 months for free. [...] https://www.bleepingcomputer.com/news/security/nordvpn-black-friday-deal/ Posted from: this blog via Microsoft Power Automate .

Over 1,000 arrested in massive ‘Serengeti’ anti-cybercrime operation

Law enforcement agencies in Africa arrested as part of 'Operation Serengeti' more than a thousand individuals suspected of being involved in major cybercriminal activities that caused close to $193 million in financial losses all over the world. [...] https://www.bleepingcomputer.com/news/security/over-1-000-arrested-in-massive-serengeti-anti-cybercrime-operation/ Posted from: this blog via Microsoft Power Automate .

New Windows 10 0x80073CFA fix requires installing WinAppSDK 3 times

Microsoft has shared a new method to fix a bug preventing app uninstalls or updates on Windows 10 for those unwilling to deploy this month's preview update. [...] https://www.bleepingcomputer.com/news/microsoft/new-windows-10-0x80073cfa-fix-requires-installing-winappsdk-3-times/ Posted from: this blog via Microsoft Power Automate .

QNAP addresses critical flaws across NAS, router software

QNAP has released security bulletins over the weekend, which address multiple vulnerabilities, including three critical severity flaws that users should address as soon as possible. [...] https://www.bleepingcomputer.com/news/security/qnap-addresses-critical-flaws-across-nas-router-software/ Posted from: this blog via Microsoft Power Automate .

Blue Yonder ransomware attack disrupts grocery store supply chain

Supply chain management firm Blue Yonder is warning that a ransomware attack caused significant disruption to its services, with the outages impacting grocery store chains in the UK. [...] https://www.bleepingcomputer.com/news/security/blue-yonder-ransomware-attack-disrupts-grocery-store-supply-chain/ Posted from: this blog via Microsoft Power Automate .

DOJ: Man hacked networks to pitch cybersecurity services

A Kansas City man has been indicted for allegedly hacking into computer networks and using this access to promote his cybersecurity services. [...] https://www.bleepingcomputer.com/news/security/doj-man-hacked-networks-to-pitch-cybersecurity-services/ Posted from: this blog via Microsoft Power Automate .

Microsoft blocks Windows 11 24H2 on some PCs with USB scanners

Microsoft now blocks the Windows 11 24H2 update on computers with standalone scanners, multi-function printers, fax machines, modems, and other network devices with eSCL protocol support. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-blocks-windows-11-24h2-on-some-pcs-with-usb-scanners/ Posted from: this blog via Microsoft Power Automate .

Bangkok busts SMS Blaster sending 1 million scam texts from a van

The Thai police, working together with Thailand's largest telecommunications service provider, Advanced Info Service (AIS), located and busted the Chinese operators of an SMS blaster device that spammed fraudulent messages across Bangkok. [...] https://www.bleepingcomputer.com/news/security/bangkok-busts-sms-blaster-sending-1-million-scam-texts-from-a-van/ Posted from: this blog via Microsoft Power Automate .

Windows 11 24H2 update blocked on PCs with Assassin's Creed, Star Wars Outlaws

Microsoft is blocking the Windows 11 24H2 update on computers with some Ubisoft games, like Assassin's Creed, Star Wars Outlaws, and Avatar: Frontiers of Pandora, after changes in the operating system cause the games to crash, freeze, or have audio issues. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-halts-windows-11-24h2-update-on-pcs-assassins-creed-star-wars-outlaws/ Posted from: this blog via Microsoft Power Automate .

Microsoft testing Windows 11 support for third-party passkeys

​Microsoft is now testing WebAuthn API updates that add support for support for using third-party passkey providers for Windows 11 passwordless authentication. [...] https://www.bleepingcomputer.com/news/security/microsoft-testing-windows-11-support-for-third-party-passkeys/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5046714 update fixes bug preventing app uninstalls

Microsoft has released the optional KB5046714 Preview cumulative update for Windows 10 22H2 with six bug fixes, including a fix for a bug preventing users from uninstalling or updating packaged applications. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5046714-update-fixes-bug-preventing-app-uninstalls/ Posted from: this blog via Microsoft Power Automate .

QNAP pulls buggy QTS firmware causing widespread NAS issues

​QNAP has pulled a recently released firmware update after widespread customer reports that it's breaking connectivity and, in some cases, locking users out of their devices. [...] https://www.bleepingcomputer.com/news/technology/qnap-pulls-buggy-qts-firmware-causing-widespread-nas-issues/ Posted from: this blog via Microsoft Power Automate .

Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack'

Russian state hackers APT28 (Fancy Bear/Forest Blizzard/Sofacy) breached a U.S. company through its enterprise WiFi network while being thousands of miles away, by leveraging a novel technique called "nearest neighbor attack." [...] https://www.bleepingcomputer.com/news/security/hackers-breach-us-firm-over-wi-fi-from-russia-in-nearest-neighbor-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft rolls out Recall to Windows Insiders with Copilot+ PCs

​Microsoft announced today that its controversial AI-powered Recall feature is finally rolling out to Windows Insiders in the Dev Channel using Snapdragon-powered Copilot+ PCs. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-recall-to-windows-insiders-with-copilot-plus-pcs/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5046740 update released with 14 changes and fixes

​Microsoft has released the November 2024 preview cumulative update for Windows 11 24H2, with 14 improvements and fixes for multiple issues, including some affecting File Explorer, the Clipboard history, and secondary displays. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5046740-update-released-with-14-changes-and-fixes/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers target Linux with new WolfsBane malware

A new Linux backdoor called 'WolfsBane' has been discovered, believed to be a port of Windows malware used by the Chinese 'Gelsemium' hacking group. [...] https://www.bleepingcomputer.com/news/security/chinese-gelsemium-hackers-use-new-wolfsbane-linux-malware/ Posted from: this blog via Microsoft Power Automate .

Over 2,000 Palo Alto firewalls hacked using recently patched bugs

Hackers have already compromised thousands of Palo Alto Networks firewalls in attacks exploiting two recently patched zero-day vulnerability vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/over-2-000-palo-alto-firewalls-hacked-using-recently-patched-bugs/ Posted from: this blog via Microsoft Power Automate .

Microsoft pulls WinAppSDK update breaking Windows 10 app uninstalls

Microsoft has confirmed that, since November 12, some Windows 10 users have been unable to update or uninstall packaged applications like Microsoft Teams. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-winappsdk-update-breaking-windows-10-app-uninstalls/ Posted from: this blog via Microsoft Power Automate .

CISA says BianLian ransomware now focuses only on data theft

The BianLian ransomware operation has shifted its tactics, becoming primarily a data theft extortion group, according to an updated advisory from the U.S. Cybersecurity & Infrastructure Security Agency, the FBI, and the Australian Cyber Security Centre. [...] https://www.bleepingcomputer.com/news/security/cisa-says-bianlian-ransomware-now-focuses-only-on-data-theft/ Posted from: this blog via Microsoft Power Automate .

Microsoft disrupts ONNX phishing-as-a-service infrastructure

​Microsoft and the Justice Department have seized over 240 domains used by customers of ONNX, a phishing-as-a-service (PhaaS) platform, to target companies and individuals across the United States and worldwide since at least 2017. [...] https://www.bleepingcomputer.com/news/security/microsoft-disrupts-onnx-phishing-as-a-service-infrastructure/ Posted from: this blog via Microsoft Power Automate .

Fintech giant Finastra investigates data breach after SFTP hack

Finastra has confirmed it warned customers of a cybersecurity incident after a threat actor began selling allegedly stolen data on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/fintech-giant-finastra-investigates-data-breach-after-sftp-hack/ Posted from: this blog via Microsoft Power Automate .

MITRE shares 2024's top 25 most dangerous software weaknesses

MITRE has shared this year's top 25 list of the most common and dangerous software weaknesses behind more than 31,000 vulnerabilities disclosed between June 2023 and June 2024. [...] https://www.bleepingcomputer.com/news/security/mitre-shares-2024s-top-25-most-dangerous-software-weaknesses/ Posted from: this blog via Microsoft Power Automate .

US charges five linked to Scattered Spider cybercrime gang

The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...] https://www.bleepingcomputer.com/news/security/us-charges-five-linked-to-scattered-spider-cybercrime-gang/ Posted from: this blog via Microsoft Power Automate .

US charges five linked to Scattered Spider cybercrime gang

The U.S. Justice Department has charged five suspects believed to be part of the financially motivated Scattered Spider cybercrime gang with conspiracy to commit wire fraud. [...] https://www.bleepingcomputer.com/news/security/us-charges-five-linked-to-scattered-spider-cybercrime-gang/ Posted from: this blog via Microsoft Power Automate .

Ubuntu Linux impacted by decade-old 'needrestart' flaw that gives root

Five local privilege escalation (LPE) vulnerabilities have been discovered in the needrestart utility used by Ubuntu Linux, which was introduced over 10 years ago in version 21.04. [...] https://www.bleepingcomputer.com/news/security/ubuntu-linux-impacted-by-decade-old-needrestart-flaw-that-gives-root/ Posted from: this blog via Microsoft Power Automate .

New Ghost Tap attack abuses NFC mobile payments to steal money

Cybercriminals have devised a novel method to cash out from stolen credit card details linked to mobile payment systems such as Apple Pay and Google Pay, dubbed 'Ghost Tap,' which relays NFC card data to money mules worldwide. [...] https://www.bleepingcomputer.com/news/security/new-ghost-tap-attack-abuses-nfc-mobile-payments-to-steal-money/ Posted from: this blog via Microsoft Power Automate .

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...] https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/ Posted from: this blog via Microsoft Power Automate .

Apple fixes two zero-days used in attacks on Intel-based Macs

Apple released emergency security updates to fix two zero-day vulnerabilities that were exploited in attacks on Intel-based Mac systems. [...] https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-used-in-attacks-on-intel-based-macs/ Posted from: this blog via Microsoft Power Automate .

CISA tags new Progress Kemp LoadMaster flaw as exploited in attacks

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [...] https://www.bleepingcomputer.com/news/security/cisa-tags-new-progress-kemp-loadmaster-flaw-as-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Oracle warns of Agile PLM file disclosure flaw exploited in attacks

Oracle has fixed an unauthenticated file disclosure flaw in Oracle Agile Product Lifecycle Management (PLM) tracked as CVE-2024-21287, which was actively exploited as a zero-day to download files. [...] https://www.bleepingcomputer.com/news/security/oracle-warns-of-agile-plm-file-disclosure-flaw-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Ford investgates alleged breach following customer data leak

Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/ford-investgates-alleged-breach-following-customer-data-leak/ Posted from: this blog via Microsoft Power Automate .

D-Link urges users to retire VPN routers impacted by unfixed RCE flaw

D-Link is warning customers to replace end-of-life VPN router models after a critical unauthenticated, remote code execution vulnerability was discovered that will not be fixed on these devices. [...] https://www.bleepingcomputer.com/news/security/d-link-urges-users-to-retire-vpn-routers-impacted-by-unfixed-rce-flaw/ Posted from: this blog via Microsoft Power Automate .

Microsoft now testing hotpatch on Windows 11 24H2 and Windows 365

​Microsoft announced today that hotpatching is now also available in preview on Windows 365 and Windows 11 Enterprise 24H2 client devices. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-now-testing-hotpatch-on-windows-11-24h2-and-windows-365/ Posted from: this blog via Microsoft Power Automate .

Helldown ransomware exploits Zyxel VPN flaw to breach networks

The new 'Helldown' ransomware operation is believed to target vulnerabilities in Zyxel firewalls to breach corporate networks, allowing them to steal data and encrypt devices. [...] https://www.bleepingcomputer.com/news/security/helldown-ransomware-exploits-zyxel-vpn-flaw-to-breach-networks/ Posted from: this blog via Microsoft Power Automate .

Brave on iOS adds new "Shred" button to wipe site-specific data

Brave Browser 1.71 for iOS introduces a new privacy-focused feature called "Shred," which allows users to easily delete site-specific mobile browsing data. [...] https://www.bleepingcomputer.com/news/security/brave-on-ios-adds-new-shred-button-to-wipe-site-specific-data/ Posted from: this blog via Microsoft Power Automate .

Brave on iOS adds new "Shred" button to wipe site-specific data

Brave Browser 1.71 for iOS introduces a new privacy-focused feature called "Shred," which allows users to easily delete site-specific mobile browsing data. [...] https://www.bleepingcomputer.com/news/security/brave-on-ios-adds-new-shred-button-to-wipe-site-specific-data/ Posted from: this blog via Microsoft Power Automate .

Brave on iOS adds new "Shred" button to wipe site-specific data

Brave Browser 1.71 for iOS introduces a new privacy-focused feature called "Shred," which allows users to easily delete site-specific mobile browsing data. [...] https://www.bleepingcomputer.com/news/security/brave-on-ios-adds-new-shred-button-to-wipe-site-specific-data/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/ Posted from: this blog via Microsoft Power Automate .

US space tech giant Maxar discloses employee data breach

Hackers breached U.S. satellite maker Maxar Space Systems and accessed personal data belonging to its employees, the company informs in a notification to impacted individuals. [...] https://www.bleepingcomputer.com/news/security/us-space-tech-giant-maxar-discloses-employee-data-breach/ Posted from: this blog via Microsoft Power Automate .

Palo Alto Networks patches two firewall zero-days used in attacks

Palo Alto Networks has finally released security updates for an actively exploited zero-day vulnerability in its Next-Generation Firewalls (NGFW). [...] https://www.bleepingcomputer.com/news/security/palo-alto-networks-patches-two-firewall-zero-days-used-in-attacks/ Posted from: this blog via Microsoft Power Automate .

US charges Phobos ransomware admin after South Korea extradition

Evgenii Ptitsyn, a Russian national and suspected administrator of the Phobos ransomware operation, was extradited from South Korea and is facing cybercrime charges in the United States. [...] https://www.bleepingcomputer.com/news/security/us-charges-phobos-ransomware-admin-after-south-korea-extradition/ Posted from: this blog via Microsoft Power Automate .

Critical RCE bug in VMware vCenter Server now exploited in attacks

​Broadcom warned today that attackers are now exploiting two VMware vCenter Server vulnerabilities, one of which is a critical remote code execution flaw. [...] https://www.bleepingcomputer.com/news/security/critical-rce-bug-in-vmware-vcenter-server-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Fake Bitwarden ads on Facebook push info-stealing Chrome extension

Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. [...] https://www.bleepingcomputer.com/news/security/fake-bitwarden-ads-on-facebook-push-info-stealing-chrome-extension/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 Admin portal abused to send sextortion emails

The Microsoft 365 Admin Portal is being abused to send sextortion emails, making the emails appear trustworthy and bypassing email security platforms. [...] https://www.bleepingcomputer.com/news/security/microsoft-365-admin-portal-abused-to-send-sextortion-emails/ Posted from: this blog via Microsoft Power Automate .

Phishing emails increasingly use SVG attachments to evade detection

Threat actors increasingly use Scalable Vector Graphics (SVG) attachments to display phishing forms or deploy malware while evading detection. [...] https://www.bleepingcomputer.com/news/security/phishing-emails-increasingly-use-svg-attachments-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

Fake AI video generators infect Windows, macOS with infostealers

Fake AI image and video generator websites target Windows and macOS users with the Lumma Stealer and AMOS information-stealing malware, which are used to steal credentials and cryptocurrency wallets from infected devices. [...] https://www.bleepingcomputer.com/news/security/fake-ai-video-generators-infect-windows-macos-with-infostealers/ Posted from: this blog via Microsoft Power Automate .

T-Mobile confirms it was hacked in recent wave of telecom breaches

T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests. [...] https://www.bleepingcomputer.com/news/security/t-mobile-confirms-it-was-hacked-in-recent-wave-of-telecom-breaches/ Posted from: this blog via Microsoft Power Automate .

GitHub projects targeted with malicious commits to frame researcher

GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker's true intentions. [...] https://www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/ Posted from: this blog via Microsoft Power Automate .

NSO Group used another WhatsApp zero-day after being sued, court docs say

Israeli surveillance firm NSO Group reportedly used multiple zero-day exploits, including an unknown one named "Erised," that leveraged WhatsApp vulnerabilities to deploy Pegasus spyware in zero-click attacks, even after getting sued. [...] https://www.bleepingcomputer.com/news/security/nso-group-used-another-whatsapp-zero-day-after-being-sued-court-docs-say/ Posted from: this blog via Microsoft Power Automate .

Botnet exploits GeoVision zero-day to install Mirai malware

A malware botnet is exploiting a zero-day vulnerability in end-of-life GeoVision devices to compromise and recruit them for likely DDoS or cryptomining attacks. [...] https://www.bleepingcomputer.com/news/security/botnet-exploits-geovision-zero-day-to-install-mirai-malware/ Posted from: this blog via Microsoft Power Automate .

FTC reports 50% drop in unwanted call complaints since 2021

On Friday, the U.S. Federal Trade Commission (FTC) reported that the number of consumer complaints about unwanted telemarketing phone calls has dropped over 50% since 2021, continuing a trend that started three years ago. [...] https://www.bleepingcomputer.com/news/security/ftc-reports-50-percent-drop-in-unwanted-call-complaints-since-2021/ Posted from: this blog via Microsoft Power Automate .

Bitfinex hacker gets 5 years in prison for 120,000 bitcoin heist

A hacker responsible for stealing 119,754 Bitcoin in a 2016 hack on the Bitfinex cryptocurrency exchange was sentenced to five years in prison by U.S. authorities. [...] https://www.bleepingcomputer.com/news/security/bitfinex-hacker-gets-5-years-in-prison-for-120-000-bitcoin-heist/ Posted from: this blog via Microsoft Power Automate .

Microsoft just killed the Windows 10 Beta Channel again

Five months after reviving it in June, ​Microsoft has shut down the Windows 10 Beta Channel and will move all enrolled Windows Insiders to the Release Preview Channel. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-just-killed-the-windows-10-beta-channel-again/ Posted from: this blog via Microsoft Power Automate .

Fraud network uses 4,700 fake shopping sites to steal credit cards

A financially motivated Chinese threat actor dubbed "SilkSpecter" is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. [...] https://www.bleepingcomputer.com/news/security/fraud-network-uses-4-700-fake-shopping-sites-to-steal-credit-cards/ Posted from: this blog via Microsoft Power Automate .

CISA warns of more Palo Alto Networks bugs exploited in attacks

CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

New Glove infostealer malware bypasses Chrome’s cookie encryption

​New Glove Stealer information-stealing malware can bypass Google Chrome's Application-Bound (App-Bound) encryption to steal browser cookies. [...] https://www.bleepingcomputer.com/news/security/new-glove-infostealer-malware-bypasses-google-chromes-cookie-encryption/ Posted from: this blog via Microsoft Power Automate .

Hacker gets 10 years in prison for extorting US healthcare provider

Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts. [...] https://www.bleepingcomputer.com/news/legal/hacker-gets-10-years-in-prison-for-extorting-us-healthcare-provider/ Posted from: this blog via Microsoft Power Automate .

The true (and surprising) cost of forgotten passwords

Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expensive and how a self-service password reset solution can save you money. [...] https://www.bleepingcomputer.com/news/security/the-true-and-surprising-cost-of-forgotten-passwords/ Posted from: this blog via Microsoft Power Automate .

US govt officials’ communications compromised in recent telecom hack

CISA and the FBI confirmed that Chinese hackers compromised the "private communications" of a "limited number" of government officials after breaching multiple U.S. broadband providers. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-compromised-us-government-officials-private-communications-in-recent-telecom-breach/ Posted from: this blog via Microsoft Power Automate .

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. [...] https://www.bleepingcomputer.com/news/security/microsoft-patches-windows-zero-day-exploited-in-attacks-on-ukraine/ Posted from: this blog via Microsoft Power Automate .

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. [...] https://www.bleepingcomputer.com/news/security/microsoft-patches-windows-zero-day-exploited-in-attacks-on-ukraine/ Posted from: this blog via Microsoft Power Automate .

Leaked info of 122 million linked to B2B data aggregator breach

The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. [...] https://www.bleepingcomputer.com/news/security/leaked-info-of-122-million-linked-to-b2b-data-aggregator-breach/ Posted from: this blog via Microsoft Power Automate .

US indicts Snowflake hackers who extorted $2.5 million from 3 victims

The Department of Justice has unsealed the indictment against two suspected Snowflake hackers, who breached more than 165 organizations using the services of the Snowflake cloud storage company. [...] https://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/ Posted from: this blog via Microsoft Power Automate .

Critical bug in EoL D-Link NAS devices now exploited in attacks

​Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. [...] https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

New Google Pixel AI feature analyzes phone conversations for scams

Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that warn when the caller may be a scammer. [...] https://www.bleepingcomputer.com/news/google/new-google-pixel-ai-feature-analyzes-phone-conversations-for-scams/ Posted from: this blog via Microsoft Power Automate .

New ShrinkLocker ransomware decryptor recovers BitLocker password

Bitdefender has released a decryptor for the 'ShrinkLocker' ransomware strain, which uses Windows' built-in BitLocker drive encryption tool to lock victim's files. [...] https://www.bleepingcomputer.com/news/security/new-shrinklocker-ransomware-decryptor-recovers-bitlocker-password/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues

​Microsoft has fixed several bugs that cause install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bugs-causing-windows-server-2025-blue-screens-install-issues/ Posted from: this blog via Microsoft Power Automate .

Microsoft Exchange adds warning to emails abusing spoofing flaw

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...] https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft Exchange adds warning to emails abusing spoofing flaw

Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...] https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/ Posted from: this blog via Microsoft Power Automate .

D-Link won’t fix critical bug in 60,000 exposed EoL modems

Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. [...] https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/ Posted from: this blog via Microsoft Power Automate .

D-Link won’t fix critical bug in 60,000 exposed EoL modems

Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. [...] https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5046613 update released with fixes for printer bugs

Microsoft has released the KB5046613 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes ten changes and fixes, including the new Microsoft account manager on the Start menu and fixes for multi-function printer issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5046613-update-released-with-fixes-for-printer-bugs/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5046613 update released with fixes for printer bugs

Microsoft has released the KB5046613 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes ten changes and fixes, including the new Microsoft account manager on the Start menu and fixes for multi-function printer issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5046613-update-released-with-fixes-for-printer-bugs/ Posted from: this blog via Microsoft Power Automate .

Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws

Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5046617 and KB5046633 cumulative updates released

Microsoft has released the Windows 11 KB5046617 and KB5046633 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5046617-and-kb5046633-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

Signal introduces convenient "call links" for private group chats

The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. [...] https://www.bleepingcomputer.com/news/software/signal-introduces-convenient-call-links-for-private-group-chats/ Posted from: this blog via Microsoft Power Automate .

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023

​The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. [...] https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-most-exploited-vulnerabilities-of-2023/ Posted from: this blog via Microsoft Power Automate .

Volt Typhoon rebuilds malware botnet following FBI disruption

The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. [...] https://www.bleepingcomputer.com/news/security/volt-typhoon-rebuilds-malware-botnet-following-fbi-disruption/ Posted from: this blog via Microsoft Power Automate .

iPhones now auto-restart to block access to encrypted data after long idle times

Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. [...] https://www.bleepingcomputer.com/news/security/iphones-now-auto-restart-to-block-access-to-encrypted-data-after-long-idle-times/ Posted from: this blog via Microsoft Power Automate .

New Ymir ransomware partners with RustyStealer in attacks

A new ransomware family called 'Ymir' has been spotted in the wild, being introduced onto systems that were previously compromised by the RustyStealer info-stealer malware. [...] https://www.bleepingcomputer.com/news/security/new-ymir-ransomware-partners-with-rustystealer-in-attacks/ Posted from: this blog via Microsoft Power Automate .

VMware makes Workstation and Fusion free for everyone

​VMware has announced that its VMware Fusion and VMware Workstation desktop hypervisors are now free to everyone for commercial, educational, and personal use. [...] https://www.bleepingcomputer.com/news/software/vmware-makes-workstation-and-fusion-free-for-everyone/ Posted from: this blog via Microsoft Power Automate .

HIBP notifies 57 million people of Hot Topic data breach

Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. [...] https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/ Posted from: this blog via Microsoft Power Automate .

Amazon confirms employee data breach after vendor hack

Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/ Posted from: this blog via Microsoft Power Automate .

Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools

Microsoft has finally confirmed that some Windows Server 2019 and 2022 systems were "unexpectedly" upgraded to Windows Server 2025 on devices if updates were managed using third-party patch management tools. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-windows-server-2025-automatic-upgrades-on-third-party-tools/ Posted from: this blog via Microsoft Power Automate .

Halliburton reports $35 million loss after ransomware attack

Halliburton has revealed that an August ransomware attack has led to $35 million in losses after the breach caused the company to shut down IT systems and disconnect customers. [...] https://www.bleepingcomputer.com/news/security/halliburton-reports-35-million-loss-after-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Windows 11 is adding a 'Share' button to the Start menu and Taskbar

Microsoft wants you to share content/items more frequently, so it's now adding the "Share" button everywhere, including the Start menu and even the taskbar. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-is-adding-a-share-button-to-the-start-menu-and-taskbar/ Posted from: this blog via Microsoft Power Automate .

Hackers now use ZIP file concatenation to evade detection

Hackers are targeting Windows machines using the ZIP file concatenation technique to deliver malicious payloads in compressed archives without security solutions detecting them. [...] https://www.bleepingcomputer.com/news/security/hackers-now-use-zip-file-concatenation-to-evade-detection/ Posted from: this blog via Microsoft Power Automate .

Google says “Enhanced protection” feature in Chrome now uses AI

Google has quietly updated the description of one of the Chrome's security features "Enchaned protection" to confirm that it will be powered by AI in a future release. [...] https://www.bleepingcomputer.com/news/google/google-says-enhanced-protection-feature-in-chrome-now-uses-ai/ Posted from: this blog via Microsoft Power Automate .

Google says “Enhanced protection” feature in Chrome now uses AI

Google has quietly updated the description of one of the Chrome's security features "Enchaned protection" to confirm that it will be powered by AI in a future release. [...] https://www.bleepingcomputer.com/news/google/google-says-enhanced-protection-feature-in-chrome-now-uses-ai/ Posted from: this blog via Microsoft Power Automate .

Scammers target UK senior citizens with Winter Fuel Payment texts

As the winter season kicks in, scammers are not missing the chance to target senior British residents with bogus "winter heating allowance" and "cost of living support" scam texts. [...] https://www.bleepingcomputer.com/news/security/scammers-target-uk-senior-citizens-with-winter-fuel-payment-texts/ Posted from: this blog via Microsoft Power Automate .

Microsoft says recent Windows 11 updates break SSH connections

Microsoft has confirmed that last month's Windows security updates are breaking SSH connections on some Windows 11 22H2 and 23H2 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-recent-windows-11-updates-break-ssh-connections/ Posted from: this blog via Microsoft Power Automate .

Hands on with AI features in Windows 11 Paint and Notepad

As part of its efforts to add AI everywhere, Microsoft is now bringing AI features to the popular Paint and Notepad apps on Windows 11. [...] https://www.bleepingcomputer.com/news/microsoft/hands-on-with-ai-features-in-windows-11-paint-and-notepad/ Posted from: this blog via Microsoft Power Automate .

Critical Veeam RCE bug now used in Frag ransomware attacks

After being used in Akira and Fog ransomware attacks, a critical Veeam Backup & Replication (VBR) security flaw was also recently exploited to deploy Frag ransomware. [...] https://www.bleepingcomputer.com/news/security/critical-veeam-rce-bug-now-used-in-frag-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

D-Link won’t fix critical flaw affecting 60,000 older NAS devices

More than 60,000 D-Link network-attached storage devices that have reached end-of-life are vulnerable to a command injection vulnerability with a publicly available exploit. [...] https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-flaw-affecting-60-000-older-nas-devices/ Posted from: this blog via Microsoft Power Automate .

Unpatched Mazda Connect bugs let hackers install persistent malware

Attackers could exploit several vulnerabilities in the Mazda Connect infotainment unit, present in multiple car models including Mazda 3 (2014-2021), to execute arbitrary code with root permission. [...] https://www.bleepingcomputer.com/news/security/unpatched-mazda-connect-bugs-let-hackers-install-persistent-malware/ Posted from: this blog via Microsoft Power Automate .

Google's mysterious 'search.app' links leave Android users concerned

The most recent update to the Google Android app has startled users as they notice the mysterious "search.app" links being generated when sharing content and links from the Google app externally. [...] https://www.bleepingcomputer.com/news/security/googles-mysterious-searchapp-links-leave-android-users-concerned/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers use new macOS malware against crypto firms

North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-against-crypto-firms/ Posted from: this blog via Microsoft Power Automate .

North Korean hackers use new macOS malware against crypto firms

North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. [...] https://www.bleepingcomputer.com/news/security/north-korean-hackers-use-new-macos-malware-against-crypto-firms/ Posted from: this blog via Microsoft Power Automate .

CISA warns of critical Palo Alto Networks bug exploited in attacks

Today, CISA warned that attackers are exploiting a critical missing authentication vulnerability in Palo Alto Networks Expedition, a migration tool that can help convert firewall configuration from Checkpoint, Cisco, and other vendors to PAN-OS. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-of-critical-palo-alto-networks-bug-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Nokia says hackers leaked third-party app source code

Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. [...] https://www.bleepingcomputer.com/news/security/nokia-says-hackers-leaked-third-party-app-source-code/ Posted from: this blog via Microsoft Power Automate .

Canada orders TikTok to shut down over national risk concerns

The Canadian government has ordered the dissolution of TikTok Technology Canada following a multi-step review that provided information and evidence of the social media company posing a national risk. [...] https://www.bleepingcomputer.com/news/security/canada-orders-tiktok-to-shut-down-over-national-risk-concerns/ Posted from: this blog via Microsoft Power Automate .

HPE warns of critical RCE flaws in Aruba Networking access points

Hewlett Packard Enterprise (HPE) released updates for Instant AOS-8 and AOS-10 software to address two critical vulnerabilities in Aruba Networking Access Points. [...] https://www.bleepingcomputer.com/news/security/hpe-warns-of-critical-rce-flaws-in-aruba-networking-access-points/ Posted from: this blog via Microsoft Power Automate .

Hackers increasingly use Winos4.0 post-exploitation kit in attacks

Hackers are increasingly targeting Windows users with the malicious Winos4.0 framework, distributed via seemingly benign game-related apps. [...] https://www.bleepingcomputer.com/news/security/hackers-increasingly-use-winos40-post-exploitation-kit-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft Notepad to get AI-powered rewriting tool on Windows 11

Microsoft has started testing AI-powered Notepad text rewriting and Paint image generation tools four decades after the two programs were released in the 1980s. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-notepad-to-get-ai-powered-rewriting-tool-on-windows-11/ Posted from: this blog via Microsoft Power Automate .

Cisco bug lets hackers run commands as root on UWRB access points

Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. [...] https://www.bleepingcomputer.com/news/security/cisco-bug-lets-hackers-run-commands-as-root-on-uwrb-access-points/ Posted from: this blog via Microsoft Power Automate .

New SteelFox malware hijacks Windows PCs using vulnerable driver

A new malicious package called 'SteelFox' mines for cryptocurrency and steals credit card data by using the "bring your own vulnerable driver" technique to get SYSTEM privileges on Windows machines. [...] https://www.bleepingcomputer.com/news/security/new-steelfox-malware-hijacks-windows-pcs-using-vulnerable-driver/ Posted from: this blog via Microsoft Power Automate .

Washington courts' systems offline following weekend cyberattack

​​Court systems across Washington state have been down since Sunday when officials said "unauthorized activity" was detected on their networks. [...] https://www.bleepingcomputer.com/news/security/washington-courts-systems-offline-following-weekend-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Germany drafts law to protect researchers who find security flaws

The Federal Ministry of Justice in Germany has drafted a law to provide legal protection to security researchers who discover and responsibly report security vulnerabilities to vendors. [...] https://www.bleepingcomputer.com/news/security/germany-drafts-law-to-protect-researchers-who-find-security-flaws/ Posted from: this blog via Microsoft Power Automate .

Google Cloud to make MFA mandatory by the end of 2025

Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. [...] https://www.bleepingcomputer.com/news/security/google-cloud-to-make-mfa-mandatory-by-the-end-of-2025/ Posted from: this blog via Microsoft Power Automate .

Google Cloud to make MFA mandatory by the end of 2025

Google has announced that multi-factor authentication (MFA) will be mandatory on all Cloud accounts by the end of 2025 to enhance security. [...] https://www.bleepingcomputer.com/news/security/google-cloud-to-make-mfa-mandatory-by-the-end-of-2025/ Posted from: this blog via Microsoft Power Automate .

Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41

Interpol announced it arrested 41 individuals and taken down 1,037 servers and infrastructure running on 22,000 IP addresses facilitating cybercrime in an international law enforcement action titled Operation Synergia II. [...] https://www.bleepingcomputer.com/news/security/interpol-disrupts-cybercrime-activity-on-22-000-ip-addresses-arrests-41/ Posted from: this blog via Microsoft Power Automate .

US warns of last-minute Iranian and Russian election influence ops

The U.S. Cybersecurity & Infrastructure Security Agency is warning about last-minute influence operations conducted by Iranian and Russian actors to undermine the public trust in the integrity and fairness of the upcoming presidential election. [...] https://www.bleepingcomputer.com/news/security/us-warns-of-last-minute-iranian-and-russian-election-influence-ops/ Posted from: this blog via Microsoft Power Automate .

Suspect behind Snowflake data-theft attacks arrested in Canada

Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake. [...] https://www.bleepingcomputer.com/news/security/suspect-behind-snowflake-data-theft-attacks-arrested-in-canada/ Posted from: this blog via Microsoft Power Automate .

Google fixes two Android zero-days used in targeted attacks

Google fixed two actively exploited Android zero-day flaws as part of its November security updates, addressing a total of 51 vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/google-fixes-two-android-zero-days-used-in-targeted-attacks/ Posted from: this blog via Microsoft Power Automate .

Nokia investigates breach after hacker claims to steal source code

Nokia is investigating whether a third-party vendor was breached after a hacker claimed to be selling the company's stolen source code. [...] https://www.bleepingcomputer.com/news/security/nokia-investigates-breach-after-hacker-claims-to-steal-source-code/ Posted from: this blog via Microsoft Power Automate .

DocuSign's Envelopes API abused to send realistic fake invoices

Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal. [...] https://www.bleepingcomputer.com/news/security/docusigns-envelopes-api-abused-to-send-realistic-fake-invoices/ Posted from: this blog via Microsoft Power Automate .

Windows Server 2025 released—here are the new features

​Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st. [...] https://www.bleepingcomputer.com/news/microsoft/windows-server-2025-released-here-are-the-new-features/ Posted from: this blog via Microsoft Power Automate .

Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network

UK's National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named "Pigmy Goat" created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors. [...] https://www.bleepingcomputer.com/news/security/custom-pygmy-goat-malware-used-in-sophos-firewall-hack-on-govt-network/ Posted from: this blog via Microsoft Power Automate .

Windows infected with backdoored Linux VMs in new phishing attacks

A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks. [...] https://www.bleepingcomputer.com/news/security/windows-infected-with-backdoored-linux-vms-in-new-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

City of Columbus: Data of 500,000 stolen in July ransomware attack

​The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack. [...] https://www.bleepingcomputer.com/news/security/city-of-columbus-data-of-500-000-stolen-in-july-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft confirms Windows Server 2025 blue screen, install issues

​Microsoft has confirmed several bugs causing install and Blue Screen of Death (BSOD) issues impacting Windows Server 2025 systems with more than 256 logical processors. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-server-2025-blue-screen-install-issues/ Posted from: this blog via Microsoft Power Automate .

Cisco says DevHub site leak won’t enable future breaches

​Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal don't contain information that could be exploited in future breaches of the company's systems. [...] https://www.bleepingcomputer.com/news/security/cisco-says-devhub-site-leak-wont-enable-future-breaches/ Posted from: this blog via Microsoft Power Automate .

Meet Interlock — The new ransomware targeting FreeBSD servers

A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. [...] https://www.bleepingcomputer.com/news/security/meet-interlock-the-new-ransomware-targeting-freebsd-servers/ Posted from: this blog via Microsoft Power Automate .

ChatGPT-4o can be used for autonomous voice-based scams

Researchers have shown that it's possible to abuse OpenAI's real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams with low to moderate success rates. [...] https://www.bleepingcomputer.com/news/security/chatgpt-4o-can-be-used-for-autonomous-voice-based-scams/ Posted from: this blog via Microsoft Power Automate .

Microsoft SharePoint RCE bug exploited to breach corporate network

A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks. [...] https://www.bleepingcomputer.com/news/security/microsoft-sharepoint-rce-bug-exploited-to-breach-corporate-network/ Posted from: this blog via Microsoft Power Automate .

Microsoft Outlook workaround fixes freezes when copying text

​Microsoft is investigating a known issue that affects Microsoft 365 customers and causes classic Outlook to hang or freeze when copying text. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-workaround-fixes-freezes-when-copying-text/ Posted from: this blog via Microsoft Power Automate .

LA housing authority confirms breach claimed by Cactus ransomware

The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang. [...] https://www.bleepingcomputer.com/news/security/la-housing-authority-confirms-breach-claimed-by-cactus-ransomware/ Posted from: this blog via Microsoft Power Automate .

Microsoft warns Azure Virtual Desktop users of black screen issues

Microsoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-azure-virtual-desktop-users-of-black-screen-issues/ Posted from: this blog via Microsoft Power Automate .

OpenAI's new ChatGPT Search Chrome extension feels like a search hijacker

OpenAI's new "ChatGPT search" Chrome extension feels like nothing more than a typical search hijacker, changing Chrome's settings so your address bar searches go through ChatGPT Search instead. [...] https://www.bleepingcomputer.com/news/security/openais-new-chatgpt-search-chrome-extension-feels-like-a-search-hijacker/ Posted from: this blog via Microsoft Power Automate .

OpenAI's new ChatGPT Search Chrome extension feels like a search hijacker

OpenAI's new "ChatGPT search" Chrome extension feels like nothing more than a typical search hijacker, changing Chrome's settings so your address bar searches go through ChatGPT Search instead. [...] https://www.bleepingcomputer.com/news/security/openais-new-chatgpt-search-chrome-extension-feels-like-a-search-hijacker/ Posted from: this blog via Microsoft Power Automate .

LastPass warns of fake support centers trying to steal customer data

LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer. [...] https://www.bleepingcomputer.com/news/security/lastpass-warns-of-fake-support-centers-trying-to-steal-customer-data/ Posted from: this blog via Microsoft Power Automate .

Synology hurries out patches for zero-days exploited at Pwn2Own

Synology, a Taiwanese network-attached storage (NAS) appliance maker, patched two critical zero-days exploited during last week's Pwn2Own hacking competition within days. [...] https://www.bleepingcomputer.com/news/security/synology-fixed-two-critical-zero-days-exploited-at-pwn2own-within-days/ Posted from: this blog via Microsoft Power Automate .

DDoS site Dstat.cc seized and two suspects arrested in Germany

The Dstat.cc DDoS review platform has been seized by law enforcement, and two suspects have been arrested after the service helped fuel distributed denial-of-service attacks for years. [...] https://www.bleepingcomputer.com/news/security/ddos-site-dstatcc-seized-and-two-suspects-arrested-in-germany/ Posted from: this blog via Microsoft Power Automate .