Vultur banking malware for Android poses as McAfee Security app

Security researchers found a new version of the Vultur banking trojan for Android that includes more advanced remote control capabilities and an improved evasion mechanism. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Activision: Enable 2FA to secure accounts recently stolen by malware

An infostealer malware campaign has reportedly collected millions of logins from users of various gaming websites, including players that use cheats, pay-to-cheat services. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Red Hat warns of backdoor in XZ tools used by most Linux distros

Today, Red Hat warned users to immediately stop using systems running Fedora development versions because of a backdoor found in the latest XZ data compression tools and libraries. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Google Podcasts service shuts down in the US next week

U.S. users have just a few more days to make the transition from Google Podcasts as the company moves forward with the process of discontinuing the service globally. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Decade-old Linux ‘wall’ bug helps make fake SUDO prompts, steal passwords

A vulnerability has been discovered in the 'util-linux' library that could allow unprivileged users to put arbitrary text on other users' terminals using the 'wall' command. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

PyPI suspends new user registration to block malware campaign

The Python Package Index (PyPI) has temporarily suspended user registration and the creation of new projects to deal with an ongoing malware campaign. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

How Pentesting-as-a-Service can Reduce Overall Security Costs

Penetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New Darcula phishing service targets iPhone users via iMessage

A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Google fixes Chrome zero-days exploited at Pwn2Own 2024

Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

CISA tags Microsoft SharePoint RCE bug as actively exploited

CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Windows 10 KB5035941 update released with lock screen widgets

Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Germany warns of 17K vulnerable Microsoft Exchange servers exposed online

The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Hackers exploit Ray framework flaw to breach servers, hijack resources

A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Free VPN apps on Google Play turned Android phones into proxies

Over 15 free VPN apps on Google Play were found using a malicious software development kit that turned Android devices into unwitting residential proxies, likely used for cybercrime and shopping bots. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

US sanctions crypto exchanges used by Russian darknet market, banks

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned two cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

CISA urges software devs to weed out SQL injection vulnerabilities

CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

US sanctions APT31 hackers behind critical infrastructure attacks

The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New ZenHammer memory attack impacts AMD Zen CPUs

Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Google's new AI search results promotes sites pushing malware, scams

Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Over 100 US and EU orgs targeted in StrelaStealer malware attacks

A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft releases emergency fix for Windows Server crashes

Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Darknet marketplace Nemesis Market seized by German police

The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New GoFetch attack on Apple Silicon CPUs can steal crypto keys

A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver

Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions). [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Unsaflok flaw can let hackers unlock millions of hotel doors

Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Evasive Sign1 malware campaign infects 39,000 WordPress sites

A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Exploit released for Fortinet RCE bug used in attacks, patch now

Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft confirms Windows Server issue behind domain controller crashes

Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

The best free Syslog servers

The Syslog message format is used by many applications and is associated with the Linux operating system. Discover the best free Syslog servers. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

The best network monitoring tools

Discover the best network monitoring tools. Find a system that provides both network device monitoring and traffic analysis. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

The best RMM software

There are many RMM platforms available but not all of them are very good. Here, we look at the best RMM software in the business. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver

On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New Windows Server updates cause domain controller crashes, reboots

The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Spa Grand Prix email account hacked to phish banking info from fans

Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code

GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Ivanti fixes critical Standalone Sentry bug reported by NATO

Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

UK bakery Greggs is latest victim of recent POS system outages

UK bakery chain Greggs is the latest victim of recent point of sale system outages that forced store closures at large retail chains over the past few weeks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Here's why Twitter sends you to a different site than what you clicked

Users of the social media platform X (Twitter) have often been left puzzled when they click on a post with an external link but arrive at an entirely unexpected website from the one displayed. A Twitter ad spotted below by a security researcher shows forbes.com as its destination … | Continue reading


@bleepingcomputer.com | 8 months ago

Misconfigured Firebase instances leaked 19 million plaintext passwords

Three cybersecurity researchers discovered close to 19 million plaintext passwords exposed on the public internet by misconfigured instances of Firebase, a Google platform for hosting databases, cloud computing, and app development. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

US Defense Dept received 50,000 vulnerability reports since 2016

The Cyber Crime Center (DC3) of the U.S. Department of Defense (DoD) says it has reached the milestone of processing its 50,000th vulnerability report submitted by 5,635 researchers since its inception in November 2016. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Ukraine arrests hackers trying to sell 100 million stolen accounts

The Ukrainian cyber police, in collaboration with investigators from the national police (ГУНП), have arrested three individuals who are accused of hijacking over 100 million emails and Instagram accounts worldwide. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Chinese Earth Krahang hackers breach 70 orgs in 23 countries

A sophisticated hacking campaign attributed to a Chinese Advanced Persistent Threat (APT) group known as 'Earth Krahang' has breached 70 organizations and targeted at least 116 across 45 countries. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Apex Legends players worried about RCE flaw after ALGS hacks

Electronic Arts has postponed the North American (NA) finals of the ongoing Apex Legends Global Series (ALGS) after hackers compromised players mid-match during the tournament. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

How the New NIST 2.0 Guidelines Help Detect SaaS Threats

NIST just-released its Cybersecurity Framework (CSF) 2.0, which seems to have SaaS security in mind. Learn more from Adaptive Shield about how the NIST 2.0 framework can help detect SaaS threats. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New acoustic attack determines keystrokes from typing patterns

Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Hackers exploit Aiohttp bug to find vulnerable networks

The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

International Monetary Fund email accounts hacked in cyberattack

The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

McDonald's: Global outage was caused by "configuration change"

McDonald's has blamed a third-party service provider's configuration change, not a cyberattack, for the global outage that forced many of its fast-food restaurants to close. [...] | Continue reading


@bleepingcomputer.com | 8 months ago