Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives. [...] | Continue reading
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack. [...] | Continue reading
HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception. [...] | Continue reading
The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27. [...] | Continue reading
Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023. [...] | Continue reading
Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers. [...] | Continue reading
The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer. [...] | Continue reading
A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution. [...] | Continue reading
Microsoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues. [...] | Continue reading
Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe. [...] | Continue reading
Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks. [...] | Continue reading
Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices. [...] | Continue reading
The Nigerian Police Form has arrested six suspects and dismantled a mentoring hub linked to cybercrime activities, including business email compromise, romance, and investment scams. [...] | Continue reading
The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021. [...] | Continue reading
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time. [...] | Continue reading
The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter. [...] | Continue reading
Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser. [...] | Continue reading
Security researchers hacked the Samsung Galaxy S23 smartphone two more times on the second day of the Pwn2Own 2023 hacking competition in Toronto, Canada. [...] | Continue reading
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services. [...] | Continue reading
Microsoft is testing support for the Discovery of Network-designated Resolvers (DNR) internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. [...] | Continue reading
A custom Flipper Zero firmware called 'Xtreme' has added a new feature to perform Bluetooth spam attacks on Android and Windows devices. [...] | Continue reading
Windows 11 will let admins mandate SMB client encryption for all outbound connections, starting with today's Windows 11 Insider Preview Build 25982 rolling out to Insiders in the Canary Channel. [...] | Continue reading
Japanese watchmaker Seiko has confirmed it suffered a Black Cat ransomware attack earlier this year, warning that the incident has led to a data breach, exposing sensitive customer, partner, and personnel information. [...] | Continue reading
A proof-of-concept (PoC) exploit is released for the 'Citrix Bleed' vulnerability, tracked as CVE-2023-4966, that allows attackers to retrieve authentication session cookies from vulnerable Citrix NetScaler ADC and NetScaler Gateway appliances. [...] | Continue reading
Ransomware incidents continue to grow at an alarming pace, targeting the enterprise and governments worldwide. Learn more from Specops Software on how ransomware gangs gain initial access to networks and how to protect against attacks. [...] | Continue reading
The Winter Vivern Russian hacking group has been exploiting a Roundcube Webmail zero-day since at least October 11 to attack European government entities and think tanks. [...] | Continue reading
VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. [...] | Continue reading
Security researchers hacked the Samsung Galaxy S23 twice during the first day of the consumer-focused Pwn2Own 2023 hacking contest in Toronto, Canada. [...] | Continue reading
Several state and key industrial organizations in Russia were attacked with a custom Go-based backdoor that performs data theft, likely aiding espionage operations. [...] | Continue reading
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more. [...] | Continue reading
French professional basketball team LDLC ASVEL (ASVEL) has confirmed that data was stolen after the NoEscape ransomware gang claimed to have attacked the club. [...] | Continue reading
VMware warned customers on Monday that proof-of-concept (PoC) exploit code is now available for an authentication bypass flaw in vRealize Log Insight (now known as VMware Aria Operations for Logs). [...] | Continue reading
A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled. [...] | Continue reading
Ransomware activity in September reached unprecedented levels following a relative lull in August that was still way above regular standards for summer months. [...] | Continue reading
1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant. [...] | Continue reading
The University of Michigan says in a statement today that they suffered a data breach after hackers broke into its network in August and accessed systems with information belonging to students, applicants, alumni, donors, employees, patients, and research study participants. [... … | Continue reading
As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where sca … | Continue reading
Citrix warned admins today to secure all NetScaler ADC and Gateway appliances immediately against ongoing attacks exploiting the CVE-2023-4966 vulnerability. [...] | Continue reading
In a rare display of transparency, US energy services firm BHI Energy details how the Akira ransomware operation breached their networks and stole the data during the attack. [...] | Continue reading
The Spanish National Police have dismantled a cybercriminal organization that carried out a variety of computer scams to steal and monetize the data of over four million people. [...] | Continue reading
Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week. [...] | Continue reading
QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS (network-attached storage) devices with weak passwords. [...] | Continue reading
The City of Philadelphia is investigating a data breach after attackers "may have gained access" to City email accounts containing personal and protected health information five months ago, in May. [...] | Continue reading
The District of Columbia Board of Elections (DCBOE) says that a threat actor who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters. [...] | Continue reading
Google is getting ready to test a new "IP Protection" feature for the Chrome browser that enhances users' privacy by masking their IP addresses using proxy servers. [...] | Continue reading
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline. [...] | Continue reading
A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region. [...] | Continue reading
Microsoft announced this week that its ChatGPT-like Security Copilot AI assistant is now available in early access for some customers. [...] | Continue reading