French unemployment agency data breach impacts 43 million people

France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Fortinet warns of critical RCE bug in endpoint management software

Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

PixPirate Android malware uses new tactic to hide on phones

The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Bitcoin Fog mixer operator convicted for laundering $400 million

Russian-Swedish national Roman Sterlingov was convicted by a federal jury in Washington, D.C., for operating Bitcoin Fog between 2011 and 2021. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

LockBit ransomware affiliate gets four years in jail, to pay $860k

Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Tuta Mail adds new quantum-resistant encryption to protect email

Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft says Windows 10 21H2 support is ending in June

Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Okta says data leaked on hacking forum not from its systems

Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Researchers expose Microsoft SCCM misconfigs usable in cyberattacks

Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Equilend confirms employee data was stolen in ransomware attack

New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware

Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

NSA shares zero-trust guidance to limit adversaries on the network

The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Apple fixes two new iOS zero-days exploited in attacks on iPhones

Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New WogRAT malware abuses online notepad service to store malware

A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft is killing off the Android apps in Windows 11 feature

Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

U.S. sanctions Predator spyware operators for spying on Americans

The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks

Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Facebook and Instagram outage logs out users, passwords not working

Facebook and Instagram users around the world are having trouble getting on these sites right now. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

BlackCat ransomware shuts down in exit scam, blames the "feds"

The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Passwords are Costing Your Organization Money - How to Minimize Those Costs

Getting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Exploit available for new critical TeamCity auth bypass bug, patch now

A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

ScreenConnect flaws exploited to drop new ToddleShark malware

The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Hackers steal Windows NTLM authentication hashes in phishing attacks

The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Apple blames Spotify for $1.95 billion fine over "abusive" App store rules

The European Commission has fined Apple €1.8 billion, or approximately $1.95 million, for allegedly abusing its market dominance in music streaming app distribution to prevent developers from promoting cheaper services outside the app. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

BlackCat ransomware turns off servers amid claim they stole $22 million ransom

The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Ukraine claims it hacked Russian Ministry of Defense servers

The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

North Korea hacks two South Korean chip firms to steal engineering data

The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

American Express credit cards exposed in vendor data breach

 American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Stealthy GTPDOOR Linux malware targets mobile operator networks

Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs

Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...

BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell " … | Continue reading


@bleepingcomputer.com | 8 months ago

Hackers target FCC, crypto firms in advanced Okta phishing attacks

A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Windows Kernel bug fixed last month exploited as zero-day since August

Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

The Week in Ransomware - March 1st 2024 - Healthcare under siege

Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

CISA warns of Microsoft Streaming bug exploited in malware attacks

CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Germany takes down largest cybercrime market in the country, arrests 6

The Düsseldorf Police in Germany have seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft fixes Outlook clients not syncing over Exchange ActiveSync

Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Microsoft pulls Edge update causing 'Out of Memory' crashes

Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

U.S. charges Iranian for hacks on defense orgs, offers $10M for info

The U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Golden Corral restaurant chain data breach impacts 183,000 people

The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

New Bifrost malware for Linux mimics VMware domain for evasion

A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Brave browser launches privacy-focused AI assistant on Android

Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

CISA warns against using hacked Ivanti devices even after factory resets

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Windows 10 KB5034843 update released with 9 new changes, fixes

Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Windows 11 KB5034848 preview update adds USB 80Gbps support

Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

GitHub enables push protection by default to stop secrets leak

GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Citrix, Sophos software impacted by 2024 leap year bugs

Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. [...] | Continue reading


@bleepingcomputer.com | 8 months ago

Windows 11 'Moment 5' update released, here are the new features

Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. [...] | Continue reading


@bleepingcomputer.com | 8 months ago