Posts

Showing posts from January, 2025

Microsoft improves text contrast for all Windows Chromium browsers

​Microsoft says it improved the contrast of text rendered in all Chromium-based web browsers on Windows, making it more readable on some displays. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-improves-text-contrast-for-all-windows-chromium-browsers/ Posted from: this blog via Microsoft Power Automate .

US healthcare provider data breach impacts 1 million patients

Community Health Center (CHC), a leading Connecticut healthcare provider, is notifying over 1 million patients that their personal and health information was stolen in an October breach. [...] https://www.bleepingcomputer.com/news/security/us-healthcare-provider-data-breach-impacts-1-million-patients/ Posted from: this blog via Microsoft Power Automate .

Police dismantles HeartSender cybercrime marketplace network

​Law enforcement authorities in the United States and the Netherlands have seized 39 domains and associated servers used by the HeartSender phishing gang operating out of Pakistan. [...] https://www.bleepingcomputer.com/news/security/police-dismantles-heartsender-cybercrime-marketplace-network/ Posted from: this blog via Microsoft Power Automate .

KuCoin to pay nearly $300 million in penalties after guilty plea

KuCoin's operator, PEKEN Global Limited, pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay $297 million in penalties to settle charges in the U.S. [...] https://www.bleepingcomputer.com/news/cryptocurrency/kucoin-to-pay-nearly-300-million-in-penalties-after-guilty-plea/ Posted from: this blog via Microsoft Power Automate .

KuCoin to pay nearly $300 million in penalties after guilty plea

KuCoin's operator, PEKEN Global Limited, pleaded guilty to operating an unlicensed money-transmitting business and agreed to pay $297 million in penalties to settle charges in the U.S. [...] https://www.bleepingcomputer.com/news/cryptocurrency/kucoin-to-pay-nearly-300-million-in-penalties-after-guilty-plea/ Posted from: this blog via Microsoft Power Automate .

Backdoor found in two healthcare patient monitors, linked to IP in China

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. [...] https://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china/ Posted from: this blog via Microsoft Power Automate .

Backdoor found in two healthcare patient monitors, linked to IP in China

The US Cybersecurity and Infrastructure Security Agency (CISA) is warning that Contec CMS8000 devices, a widely used healthcare patient monitoring device, include a backdoor that quietly sends patient data to a remote IP address and downloads and executes files on the device. [...] https://www.bleepingcomputer.com/news/security/backdoor-found-in-two-healthcare-patient-monitors-linked-to-ip-in-china/ Posted from: this blog via Microsoft Power Automate .

Google blocked 2.36 million risky Android apps from Play Store in 2024

Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. [...] https://www.bleepingcomputer.com/news/security/google-blocked-236-million-risky-android-apps-from-play-store-in-2024/ Posted from: this blog via Microsoft Power Automate .

Google blocked 2.36 million risky Android apps from Play Store in 2024

Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. [...] https://www.bleepingcomputer.com/news/security/google-blocked-236-million-risky-android-apps-from-play-store-in-2024/ Posted from: this blog via Microsoft Power Automate .

Google blocked 2.36 million risky Android apps from Play Store in 2024

Google blocked 2.3 million Android app submissions to the Play Store in 2024 due to violations of its policies that made them potentially risky for users. [...] https://www.bleepingcomputer.com/news/security/google-blocked-236-million-risky-android-apps-from-play-store-in-2024/ Posted from: this blog via Microsoft Power Automate .

Ransomware attack disrupts New York blood donation giant

​The New York Blood Center (NYBC), one of the world's largest independent blood collection and distribution organizations, says a Sunday ransomware attack forced it to reschedule some appointments. [...] https://www.bleepingcomputer.com/news/security/ransomware-attack-disrupts-new-york-blood-donation-giant/ Posted from: this blog via Microsoft Power Automate .

New Aquabotv3 botnet malware targets Mitel command injection flaw

A new variant of the Mirai-based botnet malware Aquabot has been observed actively exploiting CVE-2024-41710, a command injection vulnerability in Mitel SIP phones. [...] https://www.bleepingcomputer.com/news/security/new-aquabotv3-botnet-malware-targets-mitel-command-injection-flaw/ Posted from: this blog via Microsoft Power Automate .

Solana Pump.fun tool DogWifTool compromised to drain wallets

DogWifTools has disclosed on its official Discord channel that its software has been compromised by a supply chain attack that impacted its Windows client, infecting users with malware. [...] https://www.bleepingcomputer.com/news/security/solana-pumpfun-tool-dogwiftool-compromised-to-drain-wallets/ Posted from: this blog via Microsoft Power Automate .

Laravel admin package Voyager vulnerable to one-click RCE flaw

Three vulnerabilities discovered in the open-source PHP package Voyager for managing Laravel applications could be used for remote code execution attacks. [...] https://www.bleepingcomputer.com/news/security/laravel-admin-package-voyager-vulnerable-to-one-click-rce-flaw/ Posted from: this blog via Microsoft Power Automate .

Microsoft investigates Microsoft 365 outage affecting users, admins

Microsoft is investigating an ongoing outage preventing users and admins from accessing some Microsoft 365 services and the admin center. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-microsoft-365-outage-affecting-users-admins/ Posted from: this blog via Microsoft Power Automate .

FBI seizes domains for Cracked.io, Nulled.to hacking forums

The FBI has seized the domains for the infamous Cracked.io and Nulled.to hacking forums, which are known for their focus on cybercrime, password theft, cracking, and credential stuffing attacks. [...] https://www.bleepingcomputer.com/news/security/fbi-seizes-domains-for-crackedio-nulledto-hacking-forums/ Posted from: this blog via Microsoft Power Automate .

Windows 11's Start menu is getting iPhone and Android integration

Windows 11's Start menu is getting a big update with full-fledged Android and iPhone integration. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11s-start-menu-is-getting-iphone-and-android-integration/ Posted from: this blog via Microsoft Power Automate .

Hackers exploiting flaws in SimpleHelp RMM to breach networks

Hackers are believed to be exploiting recently fixed SimpleHelp Remote Monitoring and Management (RMM) software vulnerabilities to gain initial access to target networks. [...] https://www.bleepingcomputer.com/news/security/hackers-exploiting-flaws-in-simplehelp-rmm-to-breach-networks/ Posted from: this blog via Microsoft Power Automate .

Google to kill Chrome Sync on older Chrome browser versions

Google announced that the Chrome Sync feature will be discontinued in early 2025 for Chrome versions older than four years. [...] https://www.bleepingcomputer.com/news/google/google-to-kill-chrome-sync-on-older-chrome-browser-versions/ Posted from: this blog via Microsoft Power Automate .

New Apple CPU side-channel attacks steals data from browsers

A team of security researchers has disclosed new side-channel vulnerabilities in modern Apple processors that could steal sensitive information from web browsers. [...] https://www.bleepingcomputer.com/news/security/new-apple-cpu-side-channel-attack-steals-data-from-browsers/ Posted from: this blog via Microsoft Power Automate .

Signal will let you sync old messages when linking new devices

Signal is finally adding a new feature that allows users to synchronize their old message history from their primary iOS or Android devices to newly linked devices like desktops and iPads. [...] https://www.bleepingcomputer.com/news/security/signal-will-let-you-sync-old-messages-when-linking-new-devices/ Posted from: this blog via Microsoft Power Automate .

DeepSeek halts new signups amid "large-scale" cyberattack

Chinese AI platform DeepSeek has disabled registrations on it DeepSeek-V3 chat platform due to an ongoing "large-scale" cyberattack targeting its services. [...] https://www.bleepingcomputer.com/news/security/deepseek-halts-new-signups-amid-large-scale-cyberattack/ Posted from: this blog via Microsoft Power Automate .

Bitwarden makes it harder to hack password vaults without MFA

Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...] https://www.bleepingcomputer.com/news/security/bitwarden-makes-it-harder-to-hack-password-vaults-without-mfa/ Posted from: this blog via Microsoft Power Automate .

Bitwarden makes it harder to hack password vaults without MFA

Open-source password manager Bitwarden is adding an extra layer of security for accounts that are not protected by two-factor authentication, requiring email verification before allowing access to accounts. [...] https://www.bleepingcomputer.com/news/security/bitwarden-makes-it-harder-to-hack-password-vaults-without-mfa/ Posted from: this blog via Microsoft Power Automate .

Microsoft: January Windows security updates break audio playback

​Microsoft has confirmed that the January 2025 Windows security updates are breaking audio playback on some systems with external DACs (digital-to-analog converters). [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-january-windows-security-updates-break-audio-playback/ Posted from: this blog via Microsoft Power Automate .

EU sanctions Russian GRU hackers for cyberattacks against Estonia

The European Union sanctioned three hackers, part of Unit 29155 of Russia's military intelligence service (GRU), for their involvement in cyberattacks targeting Estonia's government agencies in 2020. [...] https://www.bleepingcomputer.com/news/security/eu-sanctions-russian-gru-hackers-for-cyberattacks-against-estonia/ Posted from: this blog via Microsoft Power Automate .

Windows 11 24H2 preview brings new taskbar features

Windows 11 taskbar is testing a new feature that helps you understand the current power state of your laptop's battery, including showing the battery percentage directly on the taskbar. [...] https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-preview-brings-new-taskbar-features/ Posted from: this blog via Microsoft Power Automate .

Hackers steal $85 million worth of cryptocurrency from Phemex

The Phemex crypto exchange suffered a massive security breach on Thursday where threat actors stole over $85 million worth of cryptocurrency. [...] https://www.bleepingcomputer.com/news/security/hackers-steal-85-million-worth-of-cryptocurrency-from-phemex/ Posted from: this blog via Microsoft Power Automate .

Microsoft Teams phishing attack alerts coming to everyone next month

Microsoft reminded Microsoft 365 admins that its new brand impersonation protection feature for Teams Chat will be available for all customers by mid-February 2025. [...] https://www.bleepingcomputer.com/news/security/microsoft-teams-phishing-attack-alerts-coming-to-everyone-next-month/ Posted from: this blog via Microsoft Power Automate .

Clone2Leak attacks exploit Git flaws to steal credentials

A set of three distinct but related attacks, dubbed 'Clone2Leak,' can leak credentials by exploiting how Git and its credential helpers handle authentication requests. [...] https://www.bleepingcomputer.com/news/security/clone2leak-attacks-exploit-git-flaws-to-steal-credentials/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang uses SSH tunnels for stealthy VMware ESXi access

Ransomware actors targeting ESXi bare metal hypervisors are leveraging SSH tunneling to persist on the system while remaining undetected. [...] https://www.bleepingcomputer.com/news/security/ransomware-gang-uses-ssh-tunnels-for-stealthy-vmware-esxi-access/ Posted from: this blog via Microsoft Power Automate .

TalkTalk investigates breach after data for sale on hacking forum

UK telecommunications company TalkTalk is investigating a third-party supplier data breach after a threat actor began selling alleged customer data on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/talktalk-investigates-breach-after-data-for-sale-on-hacking-forum/ Posted from: this blog via Microsoft Power Automate .

PayPal to pay $2 million settlement over 2022 data breach

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [...] https://www.bleepingcomputer.com/news/security/paypal-to-pay-2-million-settlement-over-2022-data-breach/ Posted from: this blog via Microsoft Power Automate .

PayPal to pay $2 million settlement over 2022 data breach

New York State has announced a $2,000,000 settlement with PayPal over charges it failed to comply with the state's cybersecurity regulations, leading to a 2022 data breach. [...] https://www.bleepingcomputer.com/news/security/paypal-to-pay-2-million-settlement-over-2022-data-breach/ Posted from: this blog via Microsoft Power Automate .

Zyxel warns of bad signature update causing firewall boot loops

Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting the device into a boot loop. [...] https://www.bleepingcomputer.com/news/security/zyxel-warns-of-bad-signature-update-causing-firewall-boot-loops/ Posted from: this blog via Microsoft Power Automate .

Zyxel warns of bad signature update causing firewall boot loops

Zyxel is warning that a bad security signature update is causing critical errors for USG FLEX or ATP Series firewalls, including putting the device into a boot loop. [...] https://www.bleepingcomputer.com/news/security/zyxel-warns-of-bad-signature-update-causing-firewall-boot-loops/ Posted from: this blog via Microsoft Power Automate .

Microsoft to deprecate WSUS driver synchronization in 90 days

Microsoft has reminded Windows administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, 90 days from now. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-deprecate-wsus-driver-synchronization-in-90-days/ Posted from: this blog via Microsoft Power Automate .

Hackers use Windows RID hijacking to create hidden admin account

A North Korean threat group has been using a technique called RID hijacking that tricks Windows into treating a low-privileged account as one with administrator permissions. [...] https://www.bleepingcomputer.com/news/security/hackers-use-windows-rid-hijacking-to-create-hidden-admin-account/ Posted from: this blog via Microsoft Power Automate .

Hacker infects 18,000 "script kiddies" with fake malware builder

A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly infected them with a backdoor to steal data and take over computers. [...] https://www.bleepingcomputer.com/news/security/hacker-infects-18-000-script-kiddies-with-fake-malware-builder/ Posted from: this blog via Microsoft Power Automate .

FBI: North Korean IT workers steal source code to extort employers

The FBI warned today that North Korean IT workers are abusing their access to steal source code and extort U.S. companies that have been tricked into hiring them. [...] https://www.bleepingcomputer.com/news/security/fbi-north-korean-it-workers-steal-source-code-to-extort-employers/ Posted from: this blog via Microsoft Power Automate .

Google launches customizable Web Store for Enterprise extensions

Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees' web browsers. [...] https://www.bleepingcomputer.com/news/google/google-launches-customizable-web-store-for-enterprise-extensions/ Posted from: this blog via Microsoft Power Automate .

Google launches customizable Web Store for Enterprise extensions

Google has officially launched its Chrome Web Store for Enterprises, allowing organizations to create a curated list of extensions that can be installed in employees' web browsers. [...] https://www.bleepingcomputer.com/news/google/google-launches-customizable-web-store-for-enterprise-extensions/ Posted from: this blog via Microsoft Power Automate .

Hundreds of fake Reddit sites push Lumma Stealer malware

Hackers are distributing close to 1,000 web pages mimicking Reddit and the WeTransfer file sharing service that lead to downloading the Lumma Stealer malware. [...] https://www.bleepingcomputer.com/news/security/hundreds-of-fake-reddit-sites-push-lumma-stealer-malware/ Posted from: this blog via Microsoft Power Automate .

New Android Identity Check locks settings outside trusted locations

Google has announced a new Android "Identity Check" security feature that lock sensitive settings behind biometric authentication when outside a trusted location. [...] https://www.bleepingcomputer.com/news/security/new-android-identity-check-locks-settings-outside-trusted-locations/ Posted from: this blog via Microsoft Power Automate .

Brave Search now lets users ‘Rerank’ results from favorite sites

Brave Search has introduced a new feature called Rerank, which allows users to define search results ordering preferences and set specific sites rank higher. [...] https://www.bleepingcomputer.com/news/technology/brave-search-now-lets-users-rerank-results-from-favorite-sites/ Posted from: this blog via Microsoft Power Automate .

Critical zero-days impact premium WordPress real estate plugins

The RealHome theme and the Easy Real Estate plugins for WordPress are vulnerable to two critical severity flaws that allow unauthenticated users to gain administrative privileges. [...] https://www.bleepingcomputer.com/news/security/critical-zero-days-impact-premium-wordpress-real-estate-plugins/ Posted from: this blog via Microsoft Power Automate .

Cloudflare CDN flaw leaks user location data, even through secure chat apps

A security researcher discovered a flaw in Cloudflare's content delivery network (CDN), which could expose a person's general location by simply sending them an image on platforms like Signal and Discord. [...] https://www.bleepingcomputer.com/news/security/cloudflare-cdn-flaw-leaks-user-location-data-even-through-secure-chat-apps/ Posted from: this blog via Microsoft Power Automate .

Telegram captcha tricks you into running malicious PowerShell scripts

Threat actors on X are exploiting the news around Ross Ulbricht to direct unsuspecting users to a Telegram channel that tricks them into executing PowerShell code that infects them with malware. [...] https://www.bleepingcomputer.com/news/security/telegram-captcha-tricks-you-into-running-malicious-powershell-scripts/ Posted from: this blog via Microsoft Power Automate .

Cisco warns of denial of service flaw with PoC exploit code

Cisco has released security updates to patch a ClamAV denial-of-service (DoS) vulnerability, which has proof-of-concept (PoC) exploit code. [...] https://www.bleepingcomputer.com/news/security/cisco-warns-of-denial-of-service-flaw-with-poc-exploit-code/ Posted from: this blog via Microsoft Power Automate .

PowerSchool hacker claims they stole data of 62 million students

The hacker who breached education tech giant PowerSchool claimed in an extortion demand that they've stolen the personal data of 62.4 million students and 9.5 million teachers, BleepingComputer has learned. [...] https://www.bleepingcomputer.com/news/security/powerschool-hacker-claims-they-stole-data-of-62-million-students/ Posted from: this blog via Microsoft Power Automate .

Conduent confirms cybersecurity incident behind recent outage

American business services giant and government contractor Conduent confirmed today that a recent outage resulted from what it described as a "cyber security incident." [...] https://www.bleepingcomputer.com/news/security/conduent-confirms-cybersecurity-incident-behind-recent-outage/ Posted from: this blog via Microsoft Power Automate .

Cloudflare mitigated a record-breaking 5.6 Tbps DDoS attack

The largest distributed denial-of-service (DDoS) attack to date peaked at 5.6 terabits per second and came from a Mirai-based botnet with 13,000 compromised devices. [...] https://www.bleepingcomputer.com/news/security/cloudflare-mitigated-a-record-breaking-56-tbps-ddos-attack/ Posted from: this blog via Microsoft Power Automate .

Fake Homebrew Google ads target Mac users with malware

Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...] https://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/ Posted from: this blog via Microsoft Power Automate .

Fake Homebrew Google ads target Mac users with malware

Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...] https://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/ Posted from: this blog via Microsoft Power Automate .

Fake Homebrew Google ads target Mac users with malware

Hackers are once again abusing Google ads to spread malware, using a fake Homebrew website to infect Macs and Linux devices with an infostealer that steals credentials, browser data, and cryptocurrency wallets. [...] https://www.bleepingcomputer.com/news/security/fake-homebrew-google-ads-target-mac-users-with-malware/ Posted from: this blog via Microsoft Power Automate .

Microsoft previews Game Assist in-game browser in Edge Stable

​Microsoft has announced that Game Assist, its recently unveiled in-game browser, is now also available in preview for Microsoft Edge Stable users. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-previews-game-assist-in-game-browser-in-edge-stable/ Posted from: this blog via Microsoft Power Automate .

Bitbucket services “hard down” due to major worldwide outage

Bitbucket is investigating a massive outage affecting Atlassian Bitbucket Cloud customers worldwide, with the company saying its cloud services are "hard down." [...] https://www.bleepingcomputer.com/news/technology/bitbucket-services-hard-down-due-to-major-worldwide-outage/ Posted from: this blog via Microsoft Power Automate .

7-Zip fixes bug that bypasses Windows MoTW security warnings, patch now

​A high-severity vulnerability in the 7-Zip file archiver allows attackers to bypass the Mark of the Web (MotW) Windows security feature and execute code on users' computers when extracting malicious files from nested archives. [...] https://www.bleepingcomputer.com/news/security/7-zip-fixes-bug-that-bypasses-the-windows-motw-security-mechanism-patch-now/ Posted from: this blog via Microsoft Power Automate .

Ransomware gangs pose as IT support in Microsoft Teams phishing attacks

Ransomware gangs are increasingly adopting email bombing followed by posing as tech support in Microsoft Teams calls to trick employees into allowing remote control and install malware that provides access to the company network. [...] https://www.bleepingcomputer.com/news/security/ransomware-gangs-pose-as-it-support-in-microsoft-teams-phishing-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft: Exchange 2016 and 2019 reach end of support in October

​Microsoft has reminded admins that Exchange 2016 and Exchange 2019 will reach the end of extended support in October and shared guidance for those who need to decommission outdated servers. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-2016-and-2019-reach-end-of-support-in-october/ Posted from: this blog via Microsoft Power Automate .

HPE investigates breach as hacker claims to steal source code

Hewlett Packard Enterprise (HPE) is investigating claims of a new breach after a threat actor said they stole documents from the company's developer environments. [...] https://www.bleepingcomputer.com/news/security/hewlett-packard-enterprise-investigates-new-breach-claims/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Windows Server 2022 bug breaking device boot

Microsoft has fixed a bug that was causing some Windows Server 2022 systems with two or more NUMA nodes to fail to start up. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2022-bug-breaking-device-boot/ Posted from: this blog via Microsoft Power Automate .

Microsoft shares temp fix for Outlook crashing when writing emails

Microsoft has shared a temporary fix for a known issue that causes classic Outlook to crash when writing, replying to, or forwarding an email. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-temp-fix-for-outlook-crashing-when-writing-emails/ Posted from: this blog via Microsoft Power Automate .

TikTok is back up in the US after Trump says he will extend deadline

TikTok is back up in the United States after Trump announced today that he would extend a 90-day deadline for the company to find a U.S. purchaser. [...] https://www.bleepingcomputer.com/news/software/tiktok-is-back-up-in-the-us-after-trump-says-he-will-extend-deadline/ Posted from: this blog via Microsoft Power Automate .

Star Blizzard hackers abuse WhatsApp to target high-value diplomats

Russian nation-state actor Star Blizzard has been running a new spear-phishing campaign to compromise WhatsApp accounts of targets in government, diplomacy, defense policy, international relations, and Ukraine aid organizations. [...] https://www.bleepingcomputer.com/news/security/star-blizzard-hackers-abuse-whatsapp-to-target-high-value-diplomats/ Posted from: this blog via Microsoft Power Automate .

FTC orders GM to stop collecting and selling driver’s data

The Federal Trade Commission (FTC) has announced action against General Motors (GM) and its subsidiary, OnStar, for unlawful collection and sale of drivers' precise geolocation and driving behavior data without first obtaining their consent. [...] https://www.bleepingcomputer.com/news/legal/ftc-orders-gm-to-stop-collecting-and-selling-drivers-data/ Posted from: this blog via Microsoft Power Automate .

Microsoft removes Assassin’s Creed Windows 11 upgrade blocks

​Earlier this week, Ubisoft released Assassin's Creed Valhalla and Assassin's Creed Origins patches to fix Windows 11 24H2 compatibility issues that caused crashes, freezes, and audio problems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-removes-assassins-creed-windows-11-upgrade-blocks/ Posted from: this blog via Microsoft Power Automate .

FTC cracks down on Genshin Impact gacha loot box practices

Genshin Impact developer Cognosphere (aka Hoyoverse) has agreed to a $20 million settlement with the U.S. Federal Trade Commission (FTC) over its gacha loot box monetization and is now banned from selling them to teens under the age of sixteen without parental consent. [...] https://www.bleepingcomputer.com/news/gaming/ftc-cracks-down-on-genshin-impact-gacha-loot-box-practices/ Posted from: this blog via Microsoft Power Automate .

FTC cracks down on Genshin Impact gacha loot box practices

Genshin Impact developer Cognosphere (aka Hoyoverse) has agreed to a $20 million settlement with the U.S. Federal Trade Commission (FTC) over its gacha loot box monetization and is now banned from selling them to teens under the age of sixteen without parental consent. [...] https://www.bleepingcomputer.com/news/gaming/ftc-cracks-down-on-genshin-impact-gacha-loot-box-practices/ Posted from: this blog via Microsoft Power Automate .

Otelier data breach exposes info, hotel reservations of millions

Hotel management platform Otelier suffered a data breach after threat actors breached its Amazon S3 cloud storage to steal millions of guests' personal information and reservations for well-known hotel brands like Marriott, Hilton, and Hyatt. [...] https://www.bleepingcomputer.com/news/security/otelier-data-breach-exposes-info-hotel-reservations-of-millions/ Posted from: this blog via Microsoft Power Automate .

Malicious PyPi package steals Discord auth tokens from devs

A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [...] https://www.bleepingcomputer.com/news/security/malicious-pypi-package-steals-discord-auth-tokens-from-devs/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes Office 365 apps crashing on Windows Server systems

​Microsoft has fixed a known issue that caused Microsoft 365 applications and Classic Outlook to crash on Windows Server 2016 or Windows Server 2019 systems. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-office-365-apps-crashing-on-windows-server-systems/ Posted from: this blog via Microsoft Power Automate .

FCC orders telecoms to secure their networks after Salt Tyhpoon hacks

The Federal Communications Commission (FCC) has ordered U.S. telecommunications carriers to secure their networks following last year's Salt Typhoon security breaches. [...] https://www.bleepingcomputer.com/news/security/fcc-orders-telecoms-to-secure-their-networks-after-salt-tyhpoon-hacks/ Posted from: this blog via Microsoft Power Automate .

GDPR complaints filed against TikTok, Temu for sending user data to China

Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). [...] https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/ Posted from: this blog via Microsoft Power Automate .

GDPR complaints filed against TikTok, Temu for sending user data to China

Non-profit privacy advocacy group "None of Your Business" (noyb) has filed six complaints against TikTok, AliExpress, SHEIN, Temu, WeChat, and Xiaomi, for unlawfully transferring European user's data to China and infringing European Union's general data protection regulation (GDPR). [...] https://www.bleepingcomputer.com/news/security/gdpr-complaints-filed-against-tiktok-temu-for-sending-user-data-to-china/ Posted from: this blog via Microsoft Power Automate .

W3 Total Cache plugin flaw exposes 1 million WordPress sites to attacks

A severe flaw in the W3 Total Cache plugin installed on more than one million WordPress sites could give attackers access to various information, including metadata on cloud-based apps. [...] https://www.bleepingcomputer.com/news/security/w3-total-cache-plugin-flaw-exposes-1-million-wordpress-sites-to-attacks/ Posted from: this blog via Microsoft Power Automate .

Microsoft expands testing of Windows 11 admin protection feature

Microsoft has expanded its Windows 11 administrator protection tests, allowing Insiders to enable the security feature from the Windows Security settings. [...] https://www.bleepingcomputer.com/news/security/microsoft-expands-testing-of-windows-11-admin-protection-feature/ Posted from: this blog via Microsoft Power Automate .

US cracks down on North Korean IT worker army with more sanctions

The U.S. Treasury Department has sanctioned a network of individuals and front companies linked to North Korea's Ministry of National Defense that have generated revenue via illegal remote IT work schemes. [...] https://www.bleepingcomputer.com/news/security/us-cracks-down-on-north-korean-it-worker-army-with-more-sanctions/ Posted from: this blog via Microsoft Power Automate .

Biden signs executive order to bolster national cybersecurity

Days before leaving office, President Joe Biden signed an executive order to shore up the United States' cybersecurity by making it easier to sanction hacking groups targeting federal agencies and the nation's critical infrastructure. [...] https://www.bleepingcomputer.com/news/security/biden-signs-executive-order-to-bolster-national-cybersecurity/ Posted from: this blog via Microsoft Power Automate .

Wolf Haldenstein law firm says 3.5 million impacted by data breach

Wolf Haldenstein Adler Freeman & Herz LLP ("Wolf Haldenstein") reports it has suffered a data breach that exposed the personal information of nearly 3.5 million individuals to hackers. [...] https://www.bleepingcomputer.com/news/security/wolf-haldenstein-law-firm-says-35-million-impacted-by-data-breach/ Posted from: this blog via Microsoft Power Automate .

FTC sues GoDaddy for years of poor hosting security practices

The FTC will require web hosting giant GoDaddy to implement basic security protections, such as multi-factor authentication and HTTPS APIs, to settle charges that it failed to secure its hosting services against attacks since 2018. [...] https://www.bleepingcomputer.com/news/security/ftc-sues-godaddy-for-years-of-poor-hosting-security-practices/ Posted from: this blog via Microsoft Power Automate .

SAP fixes critical vulnerabilities in NetWeaver application servers

SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. [...] https://www.bleepingcomputer.com/news/security/sap-fixes-critical-vulnerabilities-in-netweaver-application-servers/ Posted from: this blog via Microsoft Power Automate .

CISA shares guidance for Microsoft expanded logging capabilities

​CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...] https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-for-microsoft-expanded-logging-capabilities/ Posted from: this blog via Microsoft Power Automate .

CISA shares guidance for Microsoft expanded logging capabilities

​CISA shared guidance for government agencies and enterprises on using expanded cloud logs in their Microsoft 365 tenants as part of their forensic and compliance investigations. [...] https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-for-microsoft-expanded-logging-capabilities/ Posted from: this blog via Microsoft Power Automate .

Label giant Avery says website hacked to steal credit cards

Avery Products Corporation is warning it suffered a data breach after its website was hacked to steal customers' credit cards and personal information. [...] https://www.bleepingcomputer.com/news/security/label-giant-avery-says-website-hacked-to-steal-credit-cards/ Posted from: this blog via Microsoft Power Automate .

MikroTik botnet uses misconfigured SPF DNS records to spread malware

A newly discovered botnet of 13,000 MikroTik devices uses a misconfiguration in domain name server records to bypass email protections and deliver malware by spoofing roughly 20,000 web domains. [...] https://www.bleepingcomputer.com/news/security/mikrotik-botnet-uses-misconfigured-spf-dns-records-to-spread-malware/ Posted from: this blog via Microsoft Power Automate .

Hackers use Google Search ads to steal Google Ads accounts

​Ironically, cybercriminals now use Google search advertisements to promote phishing sites that steal advertisers' credentials for the Google Ads platform. [...] https://www.bleepingcomputer.com/news/security/hackers-use-google-search-ads-to-steal-google-ads-accounts/ Posted from: this blog via Microsoft Power Automate .

Over 660,000 Rsync servers exposed to code execution attacks

Over 660,000 exposed Rsync servers are potentially vulnerable to six new vulnerabilities, including a critical-severity heap-buffer overflow flaw that allows remote code execution on servers. [...] https://www.bleepingcomputer.com/news/security/over-660-000-rsync-servers-exposed-to-code-execution-attacks/ Posted from: this blog via Microsoft Power Automate .

Windows BitLocker bug triggers warnings on devices with TPMs

​Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker. [...] https://www.bleepingcomputer.com/news/microsoft/windows-bitlocker-bug-triggers-warnings-on-devices-with-tpms/ Posted from: this blog via Microsoft Power Automate .

Allstate car insurer sued for tracking drivers without permission

Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. [...] https://www.bleepingcomputer.com/news/legal/allstate-car-insurer-sued-for-tracking-drivers-without-permission/ Posted from: this blog via Microsoft Power Automate .

January Windows updates may fail if Citrix SRA is installed

Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. [...] https://www.bleepingcomputer.com/news/microsoft/january-windows-updates-may-fail-if-citrix-sra-is-installed/ Posted from: this blog via Microsoft Power Automate .

Allstate car insurer sued for tracking drivers without permission

Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans. [...] https://www.bleepingcomputer.com/news/legal/allstate-car-insurer-sued-for-tracking-drivers-without-permission/ Posted from: this blog via Microsoft Power Automate .

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data. [...] https://www.bleepingcomputer.com/news/security/wp3xyz-malware-attacks-add-rogue-admins-to-5-000-plus-wordpress-sites/ Posted from: this blog via Microsoft Power Automate .

US govt says North Korea stole over $659 million in crypto last year

​North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. [...] https://www.bleepingcomputer.com/news/security/us-govt-says-north-korea-stole-over-659-million-in-crypto-last-year/ Posted from: this blog via Microsoft Power Automate .

US govt says North Korea stole over $659 million in crypto last year

​North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday. [...] https://www.bleepingcomputer.com/news/security/us-govt-says-north-korea-stole-over-659-million-in-crypto-last-year/ Posted from: this blog via Microsoft Power Automate .

Windows 10 KB5049981 update released with new BYOVD blocklist

Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5049981-update-released-with-new-byovd-blocklist/ Posted from: this blog via Microsoft Power Automate .

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2025-patch-tuesday-fixes-8-zero-days-159-flaws/ Posted from: this blog via Microsoft Power Automate .

Google OAuth flaw lets attackers gain access to abandoned accounts

A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. [...] https://www.bleepingcomputer.com/news/security/google-oauth-flaw-lets-attackers-gain-access-to-abandoned-accounts/ Posted from: this blog via Microsoft Power Automate .

FBI wipes Chinese PlugX malware from over 4,000 US computers

​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. [...] https://www.bleepingcomputer.com/news/security/fbi-wipes-chinese-plugx-malware-from-over-4-000-us-computers/ Posted from: this blog via Microsoft Power Automate .

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. [...] https://www.bleepingcomputer.com/news/security/hackers-use-fasthttp-in-new-high-speed-microsoft-365-password-attacks/ Posted from: this blog via Microsoft Power Automate .

OneBlood confirms personal data stolen in July ransomware attack

Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer. [...] https://www.bleepingcomputer.com/news/security/oneblood-confirms-personal-data-stolen-in-july-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

OneBlood confirms personal data stolen in July ransomware attack

Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer. [...] https://www.bleepingcomputer.com/news/security/oneblood-confirms-personal-data-stolen-in-july-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

CISA orders agencies to patch BeyondTrust bug exploited in attacks

​CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. [...] https://www.bleepingcomputer.com/news/security/cisa-orders-agencies-to-patch-beyondtrust-bug-exploited-in-attacks/ Posted from: this blog via Microsoft Power Automate .

Stolen Path of Exile 2 admin account used to hack player accounts

Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...] https://www.bleepingcomputer.com/news/security/stolen-path-of-exile-2-admin-account-used-to-hack-player-accounts/ Posted from: this blog via Microsoft Power Automate .

Stolen Path of Exile 2 admin account used to hack player accounts

Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. [...] https://www.bleepingcomputer.com/news/security/stolen-path-of-exile-2-admin-account-used-to-hack-player-accounts/ Posted from: this blog via Microsoft Power Automate .

Microsoft: macOS bug lets hackers install malicious kernel drivers

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. [...] https://www.bleepingcomputer.com/news/security/microsoft-macos-bug-lets-hackers-install-malicious-kernel-drivers/ Posted from: this blog via Microsoft Power Automate .

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. [...] https://www.bleepingcomputer.com/news/security/hackers-exploit-critical-aviatrix-controller-rce-flaw-in-attacks/ Posted from: this blog via Microsoft Power Automate .

UK domain registry Nominet confirms breach via Ivanti zero-day

Nominet, the official .UK domain registry and one of the largest country code registries, has confirmed that its network was breached two weeks ago using an Ivanti VPN zero-day vulnerability. [...] https://www.bleepingcomputer.com/news/security/uk-domain-registry-nominet-confirms-breach-via-ivanti-zero-day-vulnerability/ Posted from: this blog via Microsoft Power Automate .

Ransomware abuses Amazon AWS feature to encrypt S3 buckets

A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. [...] https://www.bleepingcomputer.com/news/security/ransomware-abuses-amazon-aws-feature-to-encrypt-s3-buckets/ Posted from: this blog via Microsoft Power Automate .

Microsoft MFA outage blocking access to Microsoft 365 apps

​Microsoft is investigating an ongoing Multi-Factor Authentication (MFA) outage that is blocking customers from accessing Microsoft 365 Office apps. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-mfa-outage-blocking-access-to-microsoft-365-apps/ Posted from: this blog via Microsoft Power Automate .

Phishing texts trick Apple iMessage users into disabling protection

Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [...] https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/ Posted from: this blog via Microsoft Power Automate .

Phishing texts trick Apple iMessage users into disabling protection

Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [...] https://www.bleepingcomputer.com/news/security/phishing-texts-trick-apple-imessage-users-into-disabling-protection/ Posted from: this blog via Microsoft Power Automate .

Pastor who saw crypto project in his "dream" indicted for fraud

A pastor at a Pasco, Washington, church has been indicted on 26 counts of fraud for allegedly operating a cryptocurrency scam that defrauded investors of millions between 2021 and 2023. [...] https://www.bleepingcomputer.com/news/legal/pastor-who-saw-crypto-project-in-his-dream-indicted-for-fraud/ Posted from: this blog via Microsoft Power Automate .

Scammers file first — Get your IRS Identity Protection PIN now

The IRS relaunched its Identity Protection Personal Identification Number (IP PIN) program this week and all US taxpayers are encouraged to enroll for added security against identity theft and fraudulent returns. [...] https://www.bleepingcomputer.com/news/security/scammers-file-first-get-your-irs-identity-protection-pin-now/ Posted from: this blog via Microsoft Power Automate .

Fake LDAPNightmware exploit on GitHub spreads infostealer malware

A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [...] https://www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/ Posted from: this blog via Microsoft Power Automate .

Telefónica confirms internal ticketing system breach after data leak

Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum. [...] https://www.bleepingcomputer.com/news/security/telefonica-confirms-internal-ticketing-system-breach-after-data-leak/ Posted from: this blog via Microsoft Power Automate .

Docker Desktop blocked on Macs due to false malware alert

Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. [...] https://www.bleepingcomputer.com/news/security/docker-desktop-blocked-on-macs-due-to-false-malware-alert/ Posted from: this blog via Microsoft Power Automate .

Proton worldwide outage caused by Kubernetes migration, software change

Swiss tech company Proton, which provides privacy-focused online services, says that a Thursday worldwide outage was caused by an ongoing infrastructure migration to Kubernetes and a software change that triggered an initial load spike. [...] https://www.bleepingcomputer.com/news/technology/proton-worldwide-outage-caused-by-kubernetes-migration-software-change/ Posted from: this blog via Microsoft Power Automate .

STIIIZY data breach exposes cannabis buyers’ IDs and purchases

Popular cannabis brand STIIIZY disclosed a data breach this week after hackers breached its point-of-sale (POS) vendor to steal customer information, including government IDs and purchase information. [...] https://www.bleepingcomputer.com/news/security/stiiizy-data-breach-exposes-cannabis-buyers-ids-and-purchases/ Posted from: this blog via Microsoft Power Automate .

Microsoft to force install new Outlook on Windows 10 PCs in February

Microsoft will force install the new Outlook email client on Windows 10 systems starting with next month's security update. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-to-force-install-new-outlook-on-windows-10-pcs-in-february/ Posted from: this blog via Microsoft Power Automate .

Fake CrowdStrike job offer emails target devs with crypto miners

CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). [...] https://www.bleepingcomputer.com/news/security/fake-crowdstrike-job-offer-emails-target-devs-with-crypto-miners/ Posted from: this blog via Microsoft Power Automate .

Largest US addiction treatment provider notifies patients of data breach

​BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...] https://www.bleepingcomputer.com/news/security/largest-us-addiction-treatment-provider-notifies-patients-of-data-breach/ Posted from: this blog via Microsoft Power Automate .

Largest US addiction treatment provider notifies patients of data breach

​BayMark Health Services, North America's largest provider of substance use disorder (SUD) treatment and recovery services, is notifying an undisclosed number of patients that attackers stole their personal and health information in a September 2024 breach. [...] https://www.bleepingcomputer.com/news/security/largest-us-addiction-treatment-provider-notifies-patients-of-data-breach/ Posted from: this blog via Microsoft Power Automate .

Google: Chinese hackers likely behind Ivanti VPN zero-day attacks

Hackers exploiting the critical Ivanti Connect Secure zero-day vulnerability disclosed yesterday installed on compromised VPN appliances new malware called 'Dryhook' and 'Phasejam' that is not currently associated with any threat group. [...] https://www.bleepingcomputer.com/news/security/google-chinese-hackers-likely-behind-ivanti-vpn-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

Criminal IP: Bringing Real-Time Phishing Detection to Microsoft Outlook

AI SPERA announced today that it launched its Criminal IP Malicious Link Detector add-in on the Microsoft Marketplace. Learn more about how this tool provides real-time phishing email detection and URL blocking for Microsoft Outlook. [...] https://www.bleepingcomputer.com/news/security/criminal-ip-bringing-real-time-phishing-detection-to-microsoft-outlook/ Posted from: this blog via Microsoft Power Automate .

Microsoft fixes bug causing Outlook freezes when copying text

Microsoft has fixed a known issue causing the classic Outlook email client to stop responding when copying text with the CTRL+C keyboard shortcut. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bug-causing-outlook-freezes-when-copying-text/ Posted from: this blog via Microsoft Power Automate .

Unpatched critical flaws impact Fancy Product Designer WordPress plugin

Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. [...] https://www.bleepingcomputer.com/news/security/unpatched-critical-flaws-impact-fancy-product-designer-wordpress-plugin/ Posted from: this blog via Microsoft Power Automate .

Ivanti warns of new Connect Secure flaw used in zero-day attacks

Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. [...] https://www.bleepingcomputer.com/news/security/ivanti-warns-of-new-connect-secure-flaw-used-in-zero-day-attacks/ Posted from: this blog via Microsoft Power Automate .

SonicWall urges admins to patch exploitable SSLVPN bug immediately

SonicWall is emailing customers urging them to upgrade their firewall's SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is "susceptible to actual exploitation." [...] https://www.bleepingcomputer.com/news/security/sonicwall-urges-admins-to-patch-exploitable-sslvpn-bug-immediately/ Posted from: this blog via Microsoft Power Automate .

Russian ISP confirms Ukrainian hackers "destroyed" its network

Russian internet service provider Nodex confirmed on Tuesday that its network was "destroyed" in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance [...] https://www.bleepingcomputer.com/news/security/russian-isp-confirms-ukrainian-hackers-destroyed-its-network/ Posted from: this blog via Microsoft Power Automate .

Thousands of credit cards stolen in Green Bay Packers store breach

​American football team Green Bay Packers says cybercriminals stole the credit card data of over 8,500 customers after hacking its official Pro Shop online retail store in a September breach. [...] https://www.bleepingcomputer.com/news/security/thousands-of-credit-cards-stolen-in-green-bay-packers-store-breach/ Posted from: this blog via Microsoft Power Automate .

UN aviation agency confirms recruitment database security breach

​The United Nations' International Civil Aviation Organization (ICAO) has confirmed that a threat actor has stolen approximately 42,000 records after hacking into its recruitment database. [...] https://www.bleepingcomputer.com/news/security/un-aviation-agency-confirms-recruitment-database-security-breach/ Posted from: this blog via Microsoft Power Automate .

PowerSchool hack exposes student, teacher data from K-12 districts

Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. [...] https://www.bleepingcomputer.com/news/security/powerschool-hack-exposes-student-teacher-data-from-k-12-districts/ Posted from: this blog via Microsoft Power Automate .

Casio says data of 8,500 people exposed in October ransomware attack

Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. [...] https://www.bleepingcomputer.com/news/security/casio-says-data-of-8-500-people-exposed-in-october-ransomware-attack/ Posted from: this blog via Microsoft Power Automate .

New Mirai botnet targets industrial routers with zero-day exploits

A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. [...] https://www.bleepingcomputer.com/news/security/new-mirai-botnet-targets-industrial-routers-with-zero-day-exploits/ Posted from: this blog via Microsoft Power Automate .

BIOS flaws expose iSeq DNA sequencers to bootkit attacks

BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. [...] https://www.bleepingcomputer.com/news/security/bios-flaws-expose-iseq-dna-sequencers-to-bootkit-attacks/ Posted from: this blog via Microsoft Power Automate .

US govt launches cybersecurity safety label for smart devices

​Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. [...] https://www.bleepingcomputer.com/news/security/us-govt-launches-cybersecurity-safety-label-for-smart-devices/ Posted from: this blog via Microsoft Power Automate .

Washington state sues T-Mobile over 2021 data breach security failures

Washington state has sued T-Mobile over failing to secure the sensitive personal information of over 2 million Washington residents in a 2021 data breach. [...] https://www.bleepingcomputer.com/news/legal/washington-state-sues-t-mobile-over-2021-data-breach-security-failures/ Posted from: this blog via Microsoft Power Automate .

UN aviation agency investigating 'potential' security breach

​On Monday, the United Nations' International Civil Aviation Organization (ICAO) announced it was investigating what it described as a "reported security incident." [...] https://www.bleepingcomputer.com/news/security/un-aviation-agency-investigating-potential-security-breach/ Posted from: this blog via Microsoft Power Automate .

Telegram hands over data on thousands of users to US law enforcement

Telegram reveals that the communications platform has fulfilled 900 U.S. government requests, sharing the phone number or IP address information of 2,253 users with law enforcement. [...] https://www.bleepingcomputer.com/news/legal/telegram-hands-over-data-on-thousands-of-users-to-us-law-enforcement/ Posted from: this blog via Microsoft Power Automate .

Malicious Browser Extensions are the Next Frontier for Identity Attacks

A recent campaign targeting browser extensions illustrates that they are the next frontier in identity attacks. Learn more about these attacks from LayerX Security and how to receive a free extension audit. [...] https://www.bleepingcomputer.com/news/security/malicious-browser-extensions-are-the-next-frontier-for-identity-attacks/ Posted from: this blog via Microsoft Power Automate .

Green Bay Packers' online store hacked to steal credit cards

The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information. [...] https://www.bleepingcomputer.com/news/security/green-bay-packers-online-store-hacked-to-steal-credit-cards/ Posted from: this blog via Microsoft Power Automate .

CISA says recent government hack limited to US Treasury

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. [...] https://www.bleepingcomputer.com/news/security/cisa-says-recent-government-hack-limited-to-us-treasury/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers also breached Charter and Windstream networks

​More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. [...] https://www.bleepingcomputer.com/news/security/charter-and-windstream-among-nine-us-telecoms-hacked-by-china/ Posted from: this blog via Microsoft Power Automate .

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs

New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. [...] https://www.bleepingcomputer.com/news/security/eagerbee-backdoor-deployed-against-middle-eastern-govt-orgs-isps/ Posted from: this blog via Microsoft Power Automate .

Microsoft Bing shows misleading Google-like page for 'Google' searches

Microsoft Bing is displaying what is being categorized as a misleading Google-esque search page when users search for Google, making it look you are on the competing search engine. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-bing-shows-misleading-google-like-page-for-google-searches/ Posted from: this blog via Microsoft Power Automate .

Microsoft may have scrapped Windows 11's dynamic wallpapers feature

Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-may-have-scrapped-windows-11s-dynamic-wallpapers-feature/ Posted from: this blog via Microsoft Power Automate .

Microsoft may have scrapped Windows 11's dynamic wallpapers feature

Microsoft has many good ideas for Windows 11 that often do not ship, and one of them was "Dynamic Wallpapers," which, as the name suggests, could have made the wallpaper dynamic, similar to third-party tools like Lively Wallpaper. [...] https://www.bleepingcomputer.com/news/microsoft/microsoft-may-have-scrapped-windows-11s-dynamic-wallpapers-feature/ Posted from: this blog via Microsoft Power Automate .

Windows 10 users urged to upgrade to avoid "security fiasco"

​Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. [...] https://www.bleepingcomputer.com/news/microsoft/windows-10-users-urged-to-upgrade-to-avoid-security-fiasco/ Posted from: this blog via Microsoft Power Automate .

Cryptocurrency wallet drainers stole $494 million in 2024

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [...] https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/ Posted from: this blog via Microsoft Power Automate .

Cryptocurrency wallet drainers stole $494 million in 2024

Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [...] https://www.bleepingcomputer.com/news/security/cryptocurrency-wallet-drainers-stole-494-million-in-2024/ Posted from: this blog via Microsoft Power Automate .

Nuclei flaw bypasses template signature checks to execute commands

A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. [...] https://www.bleepingcomputer.com/news/security/nuclei-flaw-bypasses-template-signature-checks-to-execute-commands/ Posted from: this blog via Microsoft Power Automate .

Google Chrome is making it easier to share specific parts of long PDFs

Google is adding the Text Fragment feature to its PDF reader to make it easier to share specific parts of long PDFs. [...] https://www.bleepingcomputer.com/news/google/google-chrome-is-making-it-easier-to-share-specific-parts-of-long-pdfs/ Posted from: this blog via Microsoft Power Automate .

Bad Tenable plugin updates take down Nessus agents worldwide

Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [...] https://www.bleepingcomputer.com/news/security/bad-tenable-plugin-updates-take-down-nessus-agents-worldwide/ Posted from: this blog via Microsoft Power Automate .

Malicious npm packages target Ethereum developers' private keys

Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. [...] https://www.bleepingcomputer.com/news/security/malicious-npm-packages-target-ethereum-developers-private-keys/ Posted from: this blog via Microsoft Power Automate .

French govt contractor Atos denies Space Bears ransomware attack claims

French tech giant Atos, which secures communications for the country's military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. [...] https://www.bleepingcomputer.com/news/security/french-govt-contractor-atos-denies-space-bears-ransomware-attack-claims/ Posted from: this blog via Microsoft Power Automate .

Ransomware gang leaks data stolen in Rhode Island's RIBridges Breach

The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island's "RIBridges" social services platform. [...] https://www.bleepingcomputer.com/news/security/ransomware-gang-leaks-data-stolen-in-rhode-islands-ribridges-breach/ Posted from: this blog via Microsoft Power Automate .

New DoubleClickjacking attack exploits double-clicks to hijack accounts

A new variation of clickjacking attacks called "DoubleClickjacking" lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. [...] https://www.bleepingcomputer.com/news/security/new-doubleclickjacking-attack-exploits-double-clicks-to-hijack-accounts/ Posted from: this blog via Microsoft Power Automate .

Chinese hackers targeted sanctions office in Treasury attack

​Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. [...] https://www.bleepingcomputer.com/news/security/chinese-hackers-targeted-sanctions-office-in-treasury-attack/ Posted from: this blog via Microsoft Power Automate .

Over 3 million mail servers without encryption exposed to sniffing attacks

Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [...] https://www.bleepingcomputer.com/news/security/over-3-million-mail-servers-without-encryption-exposed-to-sniffing-attacks/ Posted from: this blog via Microsoft Power Automate .

The biggest cybersecurity and cyberattack stories of 2024

2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024. [...] https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2024/ Posted from: this blog via Microsoft Power Automate .