The Bumblebee malware loader has been spotted in new attacks recently, more than four months after Europol disrupted it during 'Operation Endgame' in May. [...] | Continue reading
Several end-to-end encrypted (E2EE) cloud storage platforms are vulnerable to a set of security issues that could expose user data to malicious actors. [...] | Continue reading
The Internet Archive was breached again, this time on their Zendesk email support platform after repeated warnings that threat actors stole exposed GitLab authentication tokens. [...] | Continue reading
It's true: Google Scholar profile of the renowned former physicist and polymath, Sir Isaac Newton bears a "verified email" note. According to Google Scholar, Isaac Newton is a "Professor of Physics, MIT" with a "Verified email at mit.edu." [...] | Continue reading
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [...] | Continue reading
A new ClickFix campaign is luring users to fraudulent Google Meet conference pages showing fake connectivity errors that deliver info-stealing malware for Windows and macOS operating systems. [...] | Continue reading
An Alabama man was arrested today by the FBI for his suspected role in hacking the SEC's X account to make a fake announcement that Bitcoin ETFs were approved. [...] | Continue reading
North Korean IT professionals who trick Western companies into hiring them are stealing data from the organization's network and asking for a ransom to not leak it. [...] | Continue reading
The BianLian ransomware group has claimed the cyberattack on Boston Children's Health Physicians (BCHP) and threatens to leak stolen files unless a ransom is paid. [...] | Continue reading
Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year. [...] | Continue reading
Learn about 5 powerful cloud security automations with Blink Ops to simplify security operations like S3 bucket monitoring, subdomain takeover detection and failed EC2 login detection. [...] | Continue reading
Iranian hackers are breaching critical infrastructure organizations to collect credentials and network data that can be sold on cybercriminal forums to enable cyberattacks from other threat actors. [...] | Continue reading
Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software. [...] | Continue reading
A notorious hacker named USDoD, who is linked to the National Public Data and InfraGard breaches, has been arrested by Brazil's Polícia Federal in "Operation Data Breach". [...] | Continue reading
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [...] | Continue reading
The United States Department of Justice unsealed an indictment today against two Sudanese brothers suspected of being the operators of Anonymous Sudan, a notorious and dangerous hacktivist group known for conducting over 35,000 DDoS attacks in a year. [...] | Continue reading
Lawrence Abrams, reporting for Bleeping Computer: Internet Archive’s “The Wayback Machine” has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating W … | Continue reading
An emerging phishing-as-a-service (PhaaS) platform called Mamba 2FA has been observed targeting Microsoft 365 accounts in AiTM attacks using well-crafted login pages. [...] | Continue reading
Microsoft has released the KB5044273 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes nine changes and fixes, including a new Windows Update opt-in notification shown when you log in to the operating system. [...] | Continue reading
Microsoft Edge Canary has been updated with an interesting feature called Copilot Vision, but it's still in testing. [...] | Continue reading
MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. [...] | Continue reading
Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...] | Continue reading
On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...] | Continue reading
Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. [...] | Continue reading
American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...] | Continue reading
Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...] | Continue reading
A 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. [...] | Continue reading
Google Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. [...] | Continue reading
MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...] | Continue reading
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...] | Continue reading
Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. [...] | Continue reading
Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...] | Continue reading
During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a "month-long" barrag … | Continue reading
A Linux malware named "perfctl" has been targeting Linux servers and workstations for at least three years, remaining largely undetected through high levels of evasion and the use of rootkits. [...] | Continue reading
Utilizing a custom dictionaries helps strengthen your password policies. Learn more from Specops Software about how to build custom dictionaries in your Windows Active Directory password policy. [...] | Continue reading
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. [...] | Continue reading
Microsoft is working to fix several known issues behind Asphalt 8 game crashes and Easy Anti-Cheat blue screens on some Windows 24H2 systems. [...] | Continue reading
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. [...] | Continue reading
Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. [...] | Continue reading
Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. [...] | Continue reading
Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. [...] | Continue reading
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. [...] | Continue reading
Law enforcement authorities from 12 countries arrested four suspects linked to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two people connected to LockBit activity. [...] | Continue reading
Microsoft fixes a known issue in the Windows KB5043145 preview update that causes reboot loops, freezes systems, and breaks USB and Bluetooth devices. [...] | Continue reading
Today, Microsoft announced the release of Windows 11, version 24H2, the next feature update for its operating system (also known as the Windows 11 2024 Update). [...] | Continue reading
The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...] | Continue reading
Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...] | Continue reading
Microsoft warns that some Windows 11 systems enter reboot loops or might freeze with blue screens after installing the September 2024 KB5043145 preview update. [...] | Continue reading