Posts

Showing posts from December, 2024

New details reveal how hackers hijacked 35 Google Chrome extensions

New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. [...] https://www.bleepingcomputer.com/news/security/new-details-reveal-how-hackers-hijacked-35-google-chrome-extensions/ Posted from: this blog via Microsoft Power Automate .

Over 3.1 million fake "stars" on GitHub projects used to boost rankings

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. [...] https://www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings/ Posted from: this blog via Microsoft Power Automate .

Massive healthcare breaches prompt US cybersecurity rules overhaul

The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients' health data following a surge in massive healthcare data leaks. [...] https://www.bleepingcomputer.com/news/security/massive-healthcare-breaches-prompt-us-cybersecurity-rules-overhaul/ Posted from: this blog via Microsoft Power Automate .

US Treasury Department breached through remote support platform

Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. [...] https://www.bleepingcomputer.com/news/security/us-treasury-department-breached-through-remote-support-platform/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit Four-Faith router flaw to open reverse shells

Threat actors are exploiting a post-authentication remote command injection vulnerability in Four-Faith routers tracked as CVE-2024-12856 to open reverse shells back to the attackers. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-four-faith-router-flaw-to-open-reverse-shells/ Posted from: this blog via Microsoft Power Automate .

Microsoft issues urgent dev warning to update .NET installer link

Microsoft is forcing .NET developers to quickly update their apps and developer pipelines so they do not use 'azureedge.net' domains to install .NET components, as the domain will soon be unavailable due to the bankruptcy and imminent shutdown of CDN provider Edgio. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-issues-urgent-dev-warning-to-update-net-installer-link/ Posted from: this blog via Microsoft Power Automate .

AT&T and Verizon say networks secure after Salt Typhoon breach

AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. [...] https://www.bleepingcomputer.com/news/security/atandt-and-verizon-say-networks-secure-after-salt-typhoon-breach/ Posted from: this blog via Microsoft Power Automate .

Malware botnets exploit outdated D-Link routers in recent attacks

Two botnets tracked as 'Ficora' and 'Capsaicin' have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. [...] https://www.bleepingcomputer.com/news/security/malware-botnets-exploit-outdated-d-link-routers-in-recent-attacks/ Posted from: this blog via Microsoft Power Automate .

Hackers steal ZAGG customers' credit cards in third-party breach

ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company's e-commerce provider, BigCommerce. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-zagg-customers-credit-cards-in-third-party-breach/ Posted from: this blog via Microsoft Power Automate .

Customer data from 800,000 electric cars and owners exposed online

Volkswagen's automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers' names and reveal precise vehicle locations. [...] https://www.bleepingcomputer.com/news/security/customer-data-from-800-000-electric-cars-and-owners-exposed-online/ Posted from: this blog via Microsoft Power Automate .

White House links ninth telecom breach to Chinese hackers

A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. [...] https://www.bleepingcomputer.com/news/security/white-house-links-ninth-telecom-breach-to-chinese-hackers/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit DoS flaw to disable Palo Alto Networks firewalls

Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-dos-flaw-to-disable-palo-alto-networks-firewalls/ Posted from: this blog via Microsoft Power Automate .

Cybersecurity firm's Chrome extension hijacked to steal users' data

At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. [...] https://www.bleepingcomputer.com/news/security/cybersecurity-firms-chrome-extension-hijacked-to-steal-users-data/ Posted from: this blog via Microsoft Power Automate .

Apache warns of critical flaws in MINA, HugeGraph, Traffic Control

The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. [...] https://www.bleepingcomputer.com/news/security/apache-warns-of-critical-flaws-in-mina-hugegraph-traffic-control/ Posted from: this blog via Microsoft Power Automate .

New 'OtterCookie' malware used to backdoor devs in fake job offers

North Korean threat actors are using new malware called OtterCookie in the Contagious Interview campaign that is targeting software developers. [...] https://www.bleepingcomputer.com/news/security/new-ottercookie-malware-used-to-backdoor-devs-in-fake-job-offers/ Posted from: this blog via Microsoft Power Automate .

Windows 11 installation media bug causes security update failures

Microsoft is warning of an issue when using a media support to install Windows 11, version 24H2, that causes the operating system to not accept further security updates. [...] https://www.bleepingcomputer.com/news/security/windows-11-installation-media-bug-causes-security-update-failures/ Posted from: this blog via Microsoft Power Automate .

Five lesser known Task Manager features in Windows 11

Windows 11 is far from perfect, but it does make Task Manager significantly better. In this article, we're going to take a closer look at some of our favourite Task Manager features. [...] https://www.bleepingcomputer.com/news/microsoft/five-lesser-known-task-manager-features-in-windows-11/ Posted from: this blog via Microsoft Power Automate .

New botnet exploits vulnerabilities in NVRs, TP-Link routers

A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. [...] https://www.bleepingcomputer.com/news/security/new-botnet-exploits-vulnerabilities-in-nvrs-tp-link-routers/ Posted from: this blog via Microsoft Power Automate .

European Space Agency's official store hacked to steal payment cards

European Space Agency's official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. [...] https://www.bleepingcomputer.com/news/security/european-space-agencys-official-store-hacked-to-steal-payment-cards/ Posted from: this blog via Microsoft Power Automate .

FBI links North Korean hackers to $308 million crypto heist

The North Korean hacker group 'TraderTraitor' stole $308 million worth of cryptocurrency in the attack on the Japanese exchange DMM Bitcoin in May. [...] https://www.bleepingcomputer.com/news/security/fbi-links-north-korean-hackers-to-308-million-crypto-heist/ Posted from: this blog via Microsoft Power Automate .

Clop ransomware threatens 66 Cleo attack victims with data leak

The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. [...] https://www.bleepingcomputer.com/news/security/clop-ransomware-threatens-66-cleo-attack-victims-with-data-leak/ Posted from: this blog via Microsoft Power Automate .

Adobe warns of critical ColdFusion bug with PoC exploit code

Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. [...] https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-coldfusion-bug-with-poc-exploit-code/ Posted from: this blog via Microsoft Power Automate .

FTC orders Marriott and Starwood to implement strict data security

The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement a robust customer data security scheme following failures that led to massive data breaches. [...] https://www.bleepingcomputer.com/news/security/ftc-orders-marriott-and-starwood-to-implement-strict-data-security/ Posted from: this blog via Microsoft Power Automate .

Premium WPLMS WordPress plugins address seven critical flaws

Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. [...] https://www.bleepingcomputer.com/news/security/premium-wplms-wordpress-plugins-address-seven-critical-flaws/ Posted from: this blog via Microsoft Power Automate .

US court finds spyware maker NSO liable for WhatsApp hacks

A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices. [...] https://www.bleepingcomputer.com/news/security/us-court-finds-spyware-maker-nso-liable-for-whatsapp-hacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bug behind random Office 365 deactivation errors

​Microsoft has rolled out a fix for a known issue that causes random "Product Deactivated" errors for customers using Microsoft 365 Office apps. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-behind-random-office-365-deactivation-errors/ Posted from: this blog via Microsoft Power Automate .

Google says new scam protection feature in Chrome uses AI

Google is planning to use "AI" in Chrome to detect scams when you browse random web pages. [...] https://www.bleepingcomputer.com/news/google/google-says-new-scam-protection-feature-in-chrome-uses-ai/ Posted from: this blog via Microsoft Power Automate .

Google says new scam protection feature in Chrome uses AI

Google is planning to use "AI" in Chrome to detect scams when you browse random web pages. [...] https://www.bleepingcomputer.com/news/google/google-says-new-scam-protection-feature-in-chrome-uses-ai/ Posted from: this blog via Microsoft Power Automate .

Krispy Kreme breach, data theft claimed by Play ransomware gang

The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. [...] https://www.bleepingcomputer.com/news/security/krispy-kreme-breach-data-theft-claimed-by-play-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

Ascension: Health data of 5.6 million stolen in ransomware attack

​Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation. [...] https://www.bleepingcomputer.com/news/security/ascension-health-data-of-56-million-stolen-in-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Massive live sports piracy ring with 812 million yearly visits taken offline

​The Alliance for Creativity and Entertainment (ACE) has taken down one of the world's largest live sports streaming piracy rings, with over 821 million visits last year. [...] https://www.bleepingcomputer.com/news/security/massive-live-sports-piracy-ring-with-812-million-yearly-visits-taken-offline/ Posted from: this blog via Microsoft Power Automate .

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison

​Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. [...] https://www.bleepingcomputer.com/news/security/romanian-netwalker-ransomware-affiliate-sentenced-to-20-years-in-prison/ Posted from: this blog via Microsoft Power Automate .

BadBox malware botnet infects 192,000 Android devices despite disruption

The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany. [...] https://www.bleepingcomputer.com/news/security/badbox-malware-botnet-infects-192-000-android-devices-despite-disruption/ Posted from: this blog via Microsoft Power Automate .

BadBox malware botnet infects 192,000 Android devices despite disruption

The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany. [...] https://www.bleepingcomputer.com/news/security/badbox-malware-botnet-infects-192-000-android-devices-despite-disruption/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 users hit by random product deactivation errors

​Microsoft is investigating a known issue randomly triggering "Product Deactivated" errors for customers using Microsoft 365 Office apps. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-365-users-hit-by-random-product-deactivation-errors/ Posted from: this blog via Microsoft Power Automate .

Microsoft says Auto HDR causes game freezes on Windows 11 24H2

​Microsoft is now blocking Windows 11 24H2 upgrades on systems with Auto HDR enabled due to a compatibility issue that causes game freezes. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-says-auto-hdr-causes-game-freezes-on-windows-11-24h2/ Posted from: this blog via Microsoft Power Automate .

BeyondTrust says hackers breached Remote Support SaaS instances

Privileged access management company BeyondTrust suffered a cyberattack in early December after threat actors breached some of its Remote Support SaaS instances. [...] https://www.bleepingcomputer.com/news/security/beyondtrust-says-hackers-breached-remote-support-saas-instances/ Posted from: this blog via Microsoft Power Automate .

Ongoing phishing attack abuses Google Calendar to bypass spam filters

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [...] https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters/ Posted from: this blog via Microsoft Power Automate .

Ongoing phishing attack abuses Google Calendar to bypass spam filters

An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [...] https://www.bleepingcomputer.com/news/security/ongoing-phishing-attack-abuses-google-calendar-to-bypass-spam-filters/ Posted from: this blog via Microsoft Power Automate .

Raccoon Stealer malware operator gets 5 years in prison after guilty plea

​​Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. [...] https://www.bleepingcomputer.com/news/security/raccoon-stealer-malware-operator-gets-5-years-in-prison-after-guilty-plea/ Posted from: this blog via Microsoft Power Automate .

Russian hackers use RDP proxies to steal data in MiTM attacks

The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [...] https://www.bleepingcomputer.com/news/security/russian-hackers-use-rdp-proxies-to-steal-data-in-mitm-attacks/ Posted from: this blog via Microsoft Power Automate .

US considers banning TP-Link routers over cybersecurity risks

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [...] https://www.bleepingcomputer.com/news/security/us-considers-banning-tp-link-routers-over-cybersecurity-risks/ Posted from: this blog via Microsoft Power Automate .

Recorded Future CEO applauds "undesirable" designation by Russia

​Recorded Future, an American threat intelligence company, has become the first cybersecurity firm designated by the Russian government as an "undesirable" organization. [...] https://www.bleepingcomputer.com/news/security/recorded-future-ceo-applauds-undesirable-designation-by-russia/ Posted from: this blog via Microsoft Power Automate .

Interpol replaces dehumanizing "Pig Butchering" term with "Romance Baiting"

Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. [...] https://www.bleepingcomputer.com/news/security/interpol-replaces-dehumanizing-pig-butchering-term-with-romance-baiting/ Posted from: this blog via Microsoft Power Automate .

NVIDIA shares fix for game performance issues with new NVIDIA App

Nvidia has shared a temporary fix for a known issue impacting systems running its recently unveiled NVIDIA App and causing gaming performance to drop by up to 15%. [...] https://www.bleepingcomputer.com/news/software/nvidia-shares-fix-for-game-performance-issues-with-new-nvidia-app/ Posted from: this blog via Microsoft Power Automate .

'Bitter' cyberspies target defense orgs with new MiyaRAT malware

A cyberespionage threat group known as 'Bitter' was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. [...] https://www.bleepingcomputer.com/news/security/bitter-cyberspies-target-defense-orgs-with-new-miyarat-malware/ Posted from: this blog via Microsoft Power Automate .

New fake Ledger data breach emails try to steal crypto wallets

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...] https://www.bleepingcomputer.com/news/security/new-fake-ledger-data-breach-emails-try-to-steal-crypto-wallets/ Posted from: this blog via Microsoft Power Automate .

New fake Ledger data breach emails try to steal crypto wallets

A new Ledger phishing campaign is underway that pretends to be a data breach notification asking you to verify your recovery phrase, which is then stolen and used to steal your cryptocurrency. [...] https://www.bleepingcomputer.com/news/security/new-fake-ledger-data-breach-emails-try-to-steal-crypto-wallets/ Posted from: this blog via Microsoft Power Automate .

CISA orders federal agencies to secure Microsoft 365 tenants

​CISA has issued this year's first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their Microsoft 365 cloud environments by implementing a list of required configuration baselines. [...] https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/ Posted from: this blog via Microsoft Power Automate .

CISA orders federal agencies to secure Microsoft 365 tenants

​CISA has issued this year's first binding operational directive (BOD 25-01), ordering federal civilian agencies to secure their Microsoft 365 cloud environments by implementing a list of required configuration baselines. [...] https://www.bleepingcomputer.com/news/security/cisa-orders-federal-agencies-to-secure-microsoft-365-tenants/ Posted from: this blog via Microsoft Power Automate .

Over 25,000 SonicWall VPN Firewalls exposed to critical flaws

Over 25,000 publicly accessible SonicWall SSLVPN devices are vulnerable to critical severity flaws, with 20,000 using a SonicOS/OSX firmware version that the vendor no longer supports. [...] https://www.bleepingcomputer.com/news/security/over-25-000-sonicwall-vpn-firewalls-exposed-to-critical-flaws/ Posted from: this blog via Microsoft Power Automate .

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs

The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. [...] https://www.bleepingcomputer.com/news/security/fbi-spots-hiatusrat-malware-attacks-targeting-web-cameras-dvrs/ Posted from: this blog via Microsoft Power Automate .

Texas Tech University System data breach impacts 1.4 million patients

The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. [...] https://www.bleepingcomputer.com/news/security/texas-tech-university-system-data-breach-impacts-14-million-patients/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2024.4 released with 14 new tools, deprecates some features

Kali Linux has released version 2024.4, the fourth and final version of 2024, and it is now available with fourteen new tools, numerous improvements, and deprecates some features. [...] https://www.bleepingcomputer.com/news/security/kali-linux-20244-released-with-14-new-tools-deprecates-some-features/ Posted from: this blog via Microsoft Power Automate .

Kali Linux 2024.4 released with 14 new tools, deprecates some features

Kali Linux has released version 2024.4, the fourth and final version of 2024, and it is now available with fourteen new tools, numerous improvements, and deprecates some features. [...] https://www.bleepingcomputer.com/news/security/kali-linux-20244-released-with-14-new-tools-deprecates-some-features/ Posted from: this blog via Microsoft Power Automate .

Windows kernel bug now exploited in attacks to gain SYSTEM privileges

CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. [...] https://www.bleepingcomputer.com/news/security/windows-kernel-bug-now-exploited-in-attacks-to-gain-system-privileges/ Posted from: this blog via Microsoft Power Automate .

Malicious ads push Lumma infostealer via fake CAPTCHA pages

A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. [...] https://www.bleepingcomputer.com/news/security/malicious-ads-push-lumma-infostealer-via-fake-captcha-pages/ Posted from: this blog via Microsoft Power Automate .

ConnectOnCall breach exposes health data of over 910,000 patients

Healthcare software as a service (SaaS) company Phreesia is notifying over 910,000 people that their personal and health data was exposed in a May breach of its subsidiary ConnectOnCall. [...] https://www.bleepingcomputer.com/news/security/connectoncall-breach-exposes-health-data-of-over-910-000-patients/ Posted from: this blog via Microsoft Power Automate .

Rhode Island confirms data breach after Brain Cipher ransomware attack

Rhode Island is warning that its RIBridges system, managed by Deloitte, suffered a data breach exposing residents' personal information after the Brain Cipher ransomware gang hacked its systems. [...] https://www.bleepingcomputer.com/news/security/rhode-island-confirms-data-breach-after-brain-cipher-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

New Android NoviSpy spyware linked to Qualcomm zero-day bugs

The Serbian government exploited Qualcomm zero-days to unlock and infect Android devices with a new spyware named 'NoviSpy,' used to spy on activists, journalists, and protestors. [...] https://www.bleepingcomputer.com/news/security/new-android-novispy-spyware-linked-to-qualcomm-zero-day-bugs/ Posted from: this blog via Microsoft Power Automate .

Winnti hackers target other threat actors with new Glutton PHP backdoor

​The Chinese Winnti hacking group is using a new PHP backdoor named 'Glutton' in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. [...] https://www.bleepingcomputer.com/news/security/winnti-hackers-target-other-threat-actors-with-new-glutton-php-backdoor/ Posted from: this blog via Microsoft Power Automate .

Clop ransomware claims responsibility for Cleo data theft attacks

The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. [...] https://www.bleepingcomputer.com/news/security/clop-ransomware-claims-responsibility-for-cleo-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

390,000 WordPress accounts stolen from hackers in supply chain attack

A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. [...] https://www.bleepingcomputer.com/news/security/390-000-wordpress-accounts-stolen-from-hackers-in-supply-chain-attack/ Posted from: this blog via Microsoft Power Automate .

Auto parts giant LKQ says cyberattack disrupted Canadian business unit

Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. [...] https://www.bleepingcomputer.com/news/security/auto-parts-giant-lkq-says-cyberattack-disrupted-canadian-business-unit/ Posted from: this blog via Microsoft Power Automate .

Citrix shares mitigations for ongoing Netscaler password spray attacks

Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. [...] https://www.bleepingcomputer.com/news/security/citrix-shares-mitigations-for-ongoing-netscaler-password-spray-attacks/ Posted from: this blog via Microsoft Power Automate .

CISA confirms critical Cleo bug exploitation in ransomware attacks

CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. [...] https://www.bleepingcomputer.com/news/security/cisa-confirms-critical-cleo-bug-exploitation-in-ransomware-attacks/ Posted from: this blog via Microsoft Power Automate .

FTC warns of online task job scams hooking victims like gambling

The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as "task scams," that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. [...] https://www.bleepingcomputer.com/news/security/ftc-warns-of-online-task-job-scams-hooking-victims-like-gambling/ Posted from: this blog via Microsoft Power Automate .

CISA warns water facilities to secure HMI systems exposed online

CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. [...] https://www.bleepingcomputer.com/news/security/cisa-warns-water-facilities-to-secure-hmi-systems-exposed-online/ Posted from: this blog via Microsoft Power Automate .

Russia blocks Viber in latest attempt to censor communications

Russian telecommunications watchdog Roskomnadzor has blocked the Viber encrypted messaging app, used by hundreds of millions worldwide, for violating the country's legislation. [...] https://www.bleepingcomputer.com/news/security/russia-blocks-viber-in-latest-attempt-to-censor-communications/ Posted from: this blog via Microsoft Power Automate .

Russian cyberspies target Android users with new spyware

Russian cyberspies Gamaredon has been discovered using two Android spyware families named 'BoneSpy' and 'PlainGnome' to spy on and steal data from mobile devices. [...] https://www.bleepingcomputer.com/news/security/russian-gamaredon-cyberspies-target-android-users-with-new-spyware/ Posted from: this blog via Microsoft Power Automate .

Germany sinkholes BadBox malware pre-loaded on Android devices

Germany's Federal Office for Information Security (BSI) has disrupted the BadBox malware operation pre-loaded in over 30,000 Android IoT devices sold in the country. [...] https://www.bleepingcomputer.com/news/security/germany-sinkholes-badbox-malware-pre-loaded-on-android-devices/ Posted from: this blog via Microsoft Power Automate .

New stealthy Pumakit Linux rootkit malware spotted in the wild

A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. [...] https://www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/ Posted from: this blog via Microsoft Power Automate .

Police shuts down Rydox cybercrime market, arrests 3 admins

International law enforcement operation seizes the Rydox cybercrime marketplace and arrests three administrators. [...] https://www.bleepingcomputer.com/news/security/police-shuts-down-rydox-cybercrime-market-arrests-3-admins/ Posted from: this blog via Microsoft Power Automate .

New stealthy Pumakit Linux rootkit malware spotted in the wild

A new Linux rootkit malware called Pumakit has been discovered that uses stealth and advanced privilege escalation techniques to hide its presence on systems. [...] https://www.bleepingcomputer.com/news/security/new-stealthy-pumakit-linux-rootkit-malware-spotted-in-the-wild/ Posted from: this blog via Microsoft Power Automate .

New IOCONTROL malware used in critical infrastructure attacks

Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. [...] https://www.bleepingcomputer.com/news/security/new-iocontrol-malware-used-in-critical-infrastructure-attacks/ Posted from: this blog via Microsoft Power Automate .

US offers $5 million for info on North Korean IT worker farms

​The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees generating millions via illegal remote IT work schemes. [...] https://www.bleepingcomputer.com/news/security/us-offers-5-million-for-info-on-north-korean-it-worker-farms/ Posted from: this blog via Microsoft Power Automate .

Cleo patches critical zero-day exploited in data theft attacks

Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. [...] https://www.bleepingcomputer.com/news/security/cleo-patches-critical-zero-day-exploited-in-data-theft-attacks/ Posted from: this blog via Microsoft Power Automate .

Bitcoin ATM firm Byte Federal hacked via GitLab flaw, 58K users exposed

US Bitcoin ATM operator Byte Federal has disclosed a data breach that exposed the data of 58,000 customers after its systems were breached using a GitLab vulnerability. [...] https://www.bleepingcomputer.com/news/security/bitcoin-atm-firm-byte-federal-hacked-via-gitlab-flaw-58k-users-exposed/ Posted from: this blog via Microsoft Power Automate .

Hunk Companion WordPress plugin exploited to install vulnerable plugins

Hackers are exploiting a critical vulnerability in the "Hunk Companion" plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. [...] https://www.bleepingcomputer.com/news/security/hunk-companion-wordpress-plugin-exploited-to-install-vulnerable-plugins/ Posted from: this blog via Microsoft Power Automate .

Cynet Delivers 100% Protection and 100% Detection Visibility in the 2024 MITRE ATT&CK Evaluation

The 2024 MITRE ATT&CK Evaluation results are now available with Cynet achieving 100% Visibility and 100% Protection in the 2024 evaluation. Learn more from Cynet about what these results mean. [...] https://www.bleepingcomputer.com/news/security/cynet-delivers-100-percent-protection-and-100-percent-detection-visibility-in-the-2024-mitre-attandck-evaluation/ Posted from: this blog via Microsoft Power Automate .

New EagleMsgSpy Android spyware used by Chinese police, researchers say

A previously undocumented Android spyware called 'EagleMsgSpy' has been discovered and is believed to be used by law enforcement agencies in China to monitor mobile devices. [...] https://www.bleepingcomputer.com/news/security/new-eaglemsgspy-android-spyware-used-by-chinese-police-researchers-say/ Posted from: this blog via Microsoft Power Automate .

Facebook, Instagram, WhatsApp hit by massive worldwide outage

Facebook, Instagram, Threads, and WhatsApp suffered a massive worldwide Wednesday afternoon, with services impacted in varying degrees based on user's region. [...] https://www.bleepingcomputer.com/news/technology/facebook-instagram-whatsapp-hit-by-massive-worldwide-outage/ Posted from: this blog via Microsoft Power Automate .

Lynx ransomware behind Electrica energy supplier cyberattack

​The Romanian National Cybersecurity Directorate (DNSC) says the Lynx ransomware gang breached Electrica Group, one of the largest electricity suppliers in the country. [...] https://www.bleepingcomputer.com/news/security/lynx-ransomware-behind-electrica-energy-supplier-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Krispy Kreme cyberattack impacts online orders and operations

US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders. [...] https://www.bleepingcomputer.com/news/security/krispy-kreme-cyberattack-impacts-online-orders-and-operations/ Posted from: this blog via Microsoft Power Automate .

Wyden proposes bill to secure US telecoms after Salt Typhoon hacks

U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. [...] https://www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure-us-telecoms-after-salt-typhoon-hacks/ Posted from: this blog via Microsoft Power Automate .

Wyden proposes bill to secure US telecoms after Salt Typhoon hacks

U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year. [...] https://www.bleepingcomputer.com/news/security/wyden-proposes-bill-to-secure-us-telecoms-after-salt-typhoon-hacks/ Posted from: this blog via Microsoft Power Automate .

WPForms bug allows Stripe refunds on millions of WordPress sites

A vulnerability in WPForms, a WordPress plugin used in over 6 million websites, could allow subscriber-level users to issue arbitrary Stripe refunds or cancel subscriptions. [...] https://www.bleepingcomputer.com/news/security/wpforms-bug-allows-stripe-refunds-on-millions-of-wordpress-sites/ Posted from: this blog via Microsoft Power Automate .

Ivanti warns of maximum severity CSA auth bypass vulnerability

Ivanti warned customers on Tuesday about a new maximum-severity authentication bypass vulnerability in its Cloud Services Appliance (CSA) solution. [...] https://www.bleepingcomputer.com/news/security/ivanti-warns-of-maximum-severity-csa-auth-bypass-vulnerability/ Posted from: this blog via Microsoft Power Automate .

Microsoft December 2024 Patch Tuesday fixes 1 exploited zero-day, 71 flaws

Today is Microsoft's December 2024 Patch Tuesday, which includes security updates for 71 flaws, including one actively exploited zero-day vulnerability. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-december-2024-patch-tuesday-fixes-1-exploited-zero-day-71-flaws/ Posted from: this blog via Microsoft Power Automate .

Windows 11 KB5048667 & KB5048685 cumulative updates released

Microsoft has released the Windows 11 KB5048667 and KB5048685 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5048667-and-kb5048685-cumulative-updates-released/ Posted from: this blog via Microsoft Power Automate .

FTC distributes $72 million in Fortnite refunds from Epic Games

The Federal Trade Commission (FTC) is distributing over $72 million in Epic Game Fortnite refunds for the company's use of dark patterns to trick players into making unwanted purchases. [...] https://www.bleepingcomputer.com/news/legal/ftc-distributes-72-million-in-fortnite-refunds-from-epic-games/ Posted from: this blog via Microsoft Power Automate .

Inside the incident: Uncovering an advanced phishing attack

Recently, Varonis investigated a phishing campaign in which a malicious email enabled a threat actor to access the organization. This blog post will reveal the tactics used to avoid detection and share what was discovered during the investigation. [...] https://www.bleepingcomputer.com/news/security/inside-the-incident-uncovering-an-advanced-phishing-attack/ Posted from: this blog via Microsoft Power Automate .

Microsoft 365 outage takes down Office web apps, admin center

Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-365-outage-takes-down-office-web-apps-admin-center/ Posted from: this blog via Microsoft Power Automate .

Ransomware attack hits leading heart surgery device maker

​Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take some systems offline. [...] https://www.bleepingcomputer.com/news/security/ransomware-attack-hits-leading-heart-surgery-device-maker/ Posted from: this blog via Microsoft Power Automate .

OpenWrt Sysupgrade flaw let hackers push malicious firmware images

A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. [...] https://www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/ Posted from: this blog via Microsoft Power Automate .

OpenWrt Sysupgrade flaw let hackers push malicious firmware images

A flaw in OpenWrt's Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. [...] https://www.bleepingcomputer.com/news/security/openwrt-sysupgrade-flaw-let-hackers-push-malicious-firmware-images/ Posted from: this blog via Microsoft Power Automate .

Ubisoft fixes Windows 11 24H2 conflicts causing game crashes

Microsoft has now partially lifted a compatibility hold blocking the Windows 24H2 update on systems with some Ubisoft games after the French video game publisher has fixed bugs causing crashes, freezes, and audio issues. [...] https://www.bleepingcomputer.com/news/microsoft/ubisoft-fixes-windows-11-24h2-conflicts-causing-game-crashes/ Posted from: this blog via Microsoft Power Automate .

Radiant links $50 million crypto heist to North Korean hackers

Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. [...] https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/ Posted from: this blog via Microsoft Power Automate .

Radiant links $50 million crypto heist to North Korean hackers

Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an October 16 cyberattack. [...] https://www.bleepingcomputer.com/news/security/radiant-links-50-million-crypto-heist-to-north-korean-hackers/ Posted from: this blog via Microsoft Power Automate .

Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades

Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they're causing Outlook launch issues. [...] https://www.bleepingcomputer.com/news/microsoft/outdated-google-workspace-sync-blocks-windows-11-24h2-upgrades/ Posted from: this blog via Microsoft Power Automate .

Romanian energy supplier Electrica hit by ransomware attack

Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still "in progress" earlier today. [...] https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

QR codes bypass browser isolation for malicious C2 communication

Mandiant has identified a novel method to bypass contemporary browser isolation technology and achieve command-and-control C2 operations. [...] https://www.bleepingcomputer.com/news/security/qr-codes-bypass-browser-isolation-for-malicious-c2-communication/ Posted from: this blog via Microsoft Power Automate .

Anna Jaques Hospital ransomware breach exposed data of 300K patients

Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 316,000 patients. [...] https://www.bleepingcomputer.com/news/security/anna-jaques-hospital-ransomware-breach-exposed-data-of-300k-patients/ Posted from: this blog via Microsoft Power Automate .

Microsoft expands Recall preview to Intel and AMD Copilot+ PCs

​Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-expands-recall-preview-to-intel-and-amd-copilot-plus-pcs/ Posted from: this blog via Microsoft Power Automate .

Ultralytics AI model hijacked to infect thousands with cryptominer

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)   [...] https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ Posted from: this blog via Microsoft Power Automate .

Blue Yonder SaaS giant breached by Termite ransomware gang

​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...] https://www.bleepingcomputer.com/news/security/blue-yonder-saas-giant-breached-by-termite-ransomware-gang/ Posted from: this blog via Microsoft Power Automate .

New Windows zero-day exposes NTLM credentials, gets unofficial patch

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...] https://www.bleepingcomputer.com/news/security/new-windows-zero-day-exposes-ntlm-credentials-gets-unofficial-patch/ Posted from: this blog via Microsoft Power Automate .

Crypto-stealing malware posing as a meeting app targets Web3 pros

Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. [...] https://www.bleepingcomputer.com/news/security/crypto-stealing-malware-posing-as-a-meeting-app-targets-web3-pros/ Posted from: this blog via Microsoft Power Automate .

Romania's election systems targeted in over 85,000 cyberattacks

A declassified report from Romania's Intelligence Service says that the country's election infrastructure was targeted by more than 85,000 cyberattacks. [...] https://www.bleepingcomputer.com/news/security/romanias-election-systems-targeted-in-over-85-000-cyberattacks/ Posted from: this blog via Microsoft Power Automate .

U.S. org suffered four month intrusion by Chinese hackers

A large U.S. organization with significant presence in China has been reportedly breached by China-based threat actors who persisted on its networks from April to August 2024. [...] https://www.bleepingcomputer.com/news/security/us-org-suffered-four-month-intrusion-by-chinese-hackers/ Posted from: this blog via Microsoft Power Automate .

US arrests Scattered Spider suspect linked to telecom hacks

​U.S. authorities have arrested a 19-year-old teenager linked to the notorious Scattered Spider cybercrime gang who is now charged with breaching a U.S. financial institution and two unnamed telecommunications firms. [...] https://www.bleepingcomputer.com/news/security/us-arrests-scattered-spider-suspect-linked-to-telecom-hacks/ Posted from: this blog via Microsoft Power Automate .

Police shuts down Manson cybercrime market, arrests key suspects

German law enforcement has seized over 50 servers that hosted the Manson Market cybercrime marketplace and fake online shops used in phishing operations. [...] https://www.bleepingcomputer.com/news/security/police-shuts-down-manson-cybercrime-market-fake-shops-arrests-key-suspects/ Posted from: this blog via Microsoft Power Automate .

New Android spyware found on phone seized by Russian FSB

After a Russian programmer was detained by Russia's Federal Security Service (FSB) for fifteen days and his phone confiscated, it was discovered that a new spyware was secretly installed on his device upon its return. [...] https://www.bleepingcomputer.com/news/security/new-android-spyware-found-on-phone-seized-by-russian-fsb/ Posted from: this blog via Microsoft Power Automate .

Latrodectus malware and how to defend against it with Wazuh

Latrodectus is a versatile malware family that infiltrate systems, steal sensitive data, and evades detection. Learn more from Wazuh about Latrodectus malware and how to defend against it using the open-source XDR. [...] https://www.bleepingcomputer.com/news/security/latrodectus-malware-and-how-to-defend-against-it-with-wazuh/ Posted from: this blog via Microsoft Power Automate .

White House: Salt Typhoon hacked telcos in dozens of countries

​Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today. [...] https://www.bleepingcomputer.com/news/security/white-house-salt-typhoon-hacked-telcos-in-dozens-of-countries/ Posted from: this blog via Microsoft Power Automate .

FBI shares tips on how to tackle AI-powered fraud schemes

The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. [...] https://www.bleepingcomputer.com/news/security/fbi-shares-tips-on-how-to-tackle-ai-powered-fraud-schemes/ Posted from: this blog via Microsoft Power Automate .

FBI shares tips on how to tackle AI-powered fraud schemes

The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes. [...] https://www.bleepingcomputer.com/news/security/fbi-shares-tips-on-how-to-tackle-ai-powered-fraud-schemes/ Posted from: this blog via Microsoft Power Automate .

UK disrupts Russian money laundering networks used by ransomware

​A law enforcement operation led by the United Kingdom's National Crime Agency (NCA) has disrupted two Russian money laundering networks working with criminals worldwide, including ransomware gangs. [...] https://www.bleepingcomputer.com/news/security/uk-disrupts-russian-money-laundering-networks-used-by-ransomware/ Posted from: this blog via Microsoft Power Automate .

BT unit took servers offline after Black Basta ransomware breach

Multinational telecommunications giant BT Group (formerly British Telecom) has confirmed that its BT Conferencing business division shut down some of its servers following a Black Basta ransomware breach. [...] https://www.bleepingcomputer.com/news/security/bt-conferencing-division-took-servers-offline-after-black-basta-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

New DroidBot Android banking malware spreads across Europe

A new Android banking malware named 'DroidBot' attempts to steal credentials for over 77 cryptocurrency exchanges and banking apps in the UK, Italy, France, Spain, and Portugal. [...] https://www.bleepingcomputer.com/news/security/new-droidbot-android-banking-malware-spreads-across-europe/ Posted from: this blog via Microsoft Power Automate .

Russian hackers hijack Pakistani hackers' servers for their own attacks

The notorious Russian cyber-espionage group Turla is hacking other hackers, hijacking the Pakistani threat actor Storm-0156's infrastructure to launch their own covert attacks on already compromised networks. [...] https://www.bleepingcomputer.com/news/security/russian-turla-hackers-hijack-pakistani-apt-servers-for-cyber-espionage-attacks/ Posted from: this blog via Microsoft Power Automate .

Six password takeaways from the updated NIST cybersecurity framework

Updated NIST guidelines reject outdated password security practices in favor of more effective protections. Learn from Specops Software about 6 takeaways from NIST's new guidance that help create strong password policies. [...] https://www.bleepingcomputer.com/news/security/six-password-takeaways-from-the-updated-nist-cybersecurity-framework/ Posted from: this blog via Microsoft Power Automate .

Vodka maker Stoli files for bankruptcy in US after ransomware attack

Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country. [...] https://www.bleepingcomputer.com/news/security/vodka-maker-stoli-files-for-bankruptcy-in-us-after-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

Cloudflare’s developer domains increasingly abused by threat actors

Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities. [...] https://www.bleepingcomputer.com/news/security/cloudflares-developer-domains-increasingly-abused-by-threat-actors/ Posted from: this blog via Microsoft Power Automate .

US shares tips to block hackers behind recent telecom breaches

​CISA released guidance today to help network defenders harden their systems against attacks coordinated by the Salt Typhoon Chinese threat group that breached multiple major global telecommunications providers earlier this year. [...] https://www.bleepingcomputer.com/news/security/us-shares-tips-to-block-hackers-behind-recent-telecom-breaches/ Posted from: this blog via Microsoft Power Automate .

Exploit released for critical WhatsUp Gold RCE flaw, patch now

A proof-of-concept (PoC) exploit for a critical-severity remote code execution flaw in Progress WhatsUp Gold has been published, making it critical to install the latest security updates as soon as possible. [...] https://www.bleepingcomputer.com/news/security/exploit-released-for-critical-whatsup-gold-rce-flaw-patch-now/ Posted from: this blog via Microsoft Power Automate .

Veeam warns of critical RCE bug in Service Provider Console

​Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing. [...] https://www.bleepingcomputer.com/news/security/veeam-warns-of-critical-rce-bug-in-service-provider-console/ Posted from: this blog via Microsoft Power Automate .

Police seizes largest German online crime marketplace, arrests admin

Germany has taken down the largest online cybercrime marketplace in the country, named "Crimenetwork," and arrested its administrator for facilitating the sale of drugs, stolen data, and illegal services. [...] https://www.bleepingcomputer.com/news/security/police-seizes-largest-german-online-crime-marketplace-arrests-admin/ Posted from: this blog via Microsoft Power Automate .

FTC bans data brokers from selling Americans’ sensitive location data

Today, the FTC banned data brokers Mobilewalla and Gravy Analytics from harvesting and selling Americans' location tracking data linked to sensitive locations, like churches, healthcare facilities, military installations, and schools. [...] https://www.bleepingcomputer.com/news/security/ftc-bans-data-brokers-from-selling-americans-sensitive-location-data/ Posted from: this blog via Microsoft Power Automate .

Police seize Matrix encrypted chat service after spying on criminals

An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police. [...] https://www.bleepingcomputer.com/news/security/police-seize-matrix-encrypted-chat-service-after-spying-on-criminals/ Posted from: this blog via Microsoft Power Automate .

Korea arrests CEO for adding DDoS feature to satellite receivers

South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. [...] https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Posted from: this blog via Microsoft Power Automate .

Korea arrests CEO for adding DDoS feature to satellite receivers

South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. [...] https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Posted from: this blog via Microsoft Power Automate .

Korea arrests CEO for adding DDoS feature to satellite receivers

South Korean police have arrested a CEO and five employees for manufacturing over 240,000 satellite receivers pre-loaded or later updated to include DDoS attack functionality at a purchaser's request. [...] https://www.bleepingcomputer.com/news/security/korea-arrests-ceo-for-adding-ddos-feature-to-satellite-receivers/ Posted from: this blog via Microsoft Power Automate .

Russia sentences Hydra dark web market leader to life in prison

Russian authorities have sentenced the leader of the criminal group behind the now-closed dark web platform Hydra Market to life in prison. [...] https://www.bleepingcomputer.com/news/security/russia-sentences-hydra-dark-web-market-leader-to-life-in-prison/ Posted from: this blog via Microsoft Power Automate .

BootKitty UEFI malware exploits LogoFAIL to infect Linux systems

The recently uncovered 'Bootkitty' UEFI bootkit, the first malware of its kind targeting Linux systems, exploits CVE-2023-40238, aka 'LogoFAIL,' to infect computers running on a vulnerable UEFI firmware. [...] https://www.bleepingcomputer.com/news/security/bootkitty-uefi-malware-exploits-logofail-to-infect-linux-systems/ Posted from: this blog via Microsoft Power Automate .

Mozilla really wants you to easily set Firefox as default Windows browser

Mozilla is testing a fresh approach that could persuade more people to switch their default browser on Windows. [...] https://www.bleepingcomputer.com/news/software/mozilla-really-wants-you-to-easily-set-firefox-as-default-windows-browser/ Posted from: this blog via Microsoft Power Automate .

Novel phising campaign uses corrupted Word documents to evade security

A novel phishing attack abuses Microsoft's Word file recovery feature by sending corrupted Word documents as email attachments, allowing them to bypass security software due to their damaged state but still be recoverable by the application. [...] https://www.bleepingcomputer.com/news/security/novel-phising-campaign-uses-corrupted-word-documents-to-evade-security/ Posted from: this blog via Microsoft Power Automate .