Shutterfly, an online retail and photography manufacturing platform, is among the latest victims hit by Clop ransomware. Over the last few months, Clop ransomware gang has been exploiting a vulnerability in the MOVEit File Transfer utility to breach hundreds of companies to steal … | Continue reading
Since at least May 2021, stealthy Linux malware called AVrecon was used to infect over 70,000 Linux-based small office/home office (SOHO) routers to a botnet designed to steal bandwidth and provide a hidden residential proxy service. [...] | Continue reading
The Cisco SD-WAN vManage management software is impacted by a flaw that allows an unauthenticated, remote attacker to gain read or limited write permissions to the configuration of the affected instance. [...] | Continue reading
Google is fighting back against the constant invasion of malware on Google Play by requiring all new developer accounts registering as an organization to provide a valid D-U-N-S number before submitting apps. [...] | Continue reading
Microsoft announced today that the upcoming Windows 11, version 23H2, will be available in the fourth quarter of 2023 as an enablement package since it shares Windows 11 22H2's code base and servicing branch. [...] | Continue reading
Cybersecurity researchers and threat actors are targeted by a fake proof of concept (PoC) CVE-2023-35829 exploit that installs a Linux password-stealing malware. [...] | Continue reading
Zimbra urged admins today to manually fix a zero-day vulnerability actively exploited to target and compromise Zimbra Collaboration Suite (ZCS) email servers. [...] | Continue reading
The source code for the BlackLotus UEFI bootkit has leaked online, allowing greater insight into a malware that has caused great concern among the enterprise, governments, and the cybersecurity community. [...] | Continue reading
More and more attacks are occurring via browser extensions or user-profile installations of tools. Learn more about these attacks from Specops Software and what you can do to protect yourself. [...] | Continue reading
What's old is new again, with researchers seeing a threefold increase in malware distributed through USB drives in the first half of 2023 [...] | Continue reading
A new fileless malware named PyLoose has been targeting cloud workloads to hijack their computational resources for Monero cryptocurrency mining. [...] | Continue reading
Apple fixed and re-released emergency security updates addressing a WebKit zero-day vulnerability exploited in attacks. The initial patches had to be withdrawn on Monday due to browsing issues on certain websites. [...] | Continue reading
SonicWall warned customers today to urgently patch multiple critical vulnerabilities impacting the company's Global Management System (GMS) firewall management and Analytics network reporting engine software suites. [...] | Continue reading
The Russian state-sponsored hacking group 'APT29' (aka Nobelium, Cloaked Ursa) has been using unconventional lures like car listings to entice diplomats in Ukraine to click on malicious links that deliver malware. [...] | Continue reading
Microsoft announced that the latest Windows 11 build shipping to Insiders in the Canary channel comes with additional Windows Kernel components rewritten in the memory safety-focused Rust programming language. [...] | Continue reading
Ghostscript, an open-source interpreter for PostScript language and PDF files widely used in Linux, has been found vulnerable to a critical-severity remote code execution flaw. [...] | Continue reading
GitHub announced today the introduction of passwordless authentication support in public beta, allowing users to upgrade from security keys to passkeys. [...] | Continue reading
Fortinet has disclosed a critical severity flaw impacting FortiOS and FortiProxy, allowing a remote attacker to perform arbitrary code execution on vulnerable devices. [...] | Continue reading
Data from the first half of the year indicates that ransomware activity is on track to break previous records, seeing a rise in the number of payments, both big and small. [...] | Continue reading
A Chinese hacking group has breached the email accounts of more than two dozen organizations worldwide, including U.S. and Western European government agencies, according to Microsoft. [...] | Continue reading
Microsoft has begun the forced rollout of its Windows 11 22H2 'Moment 3' update, which introduces several new features and improvements to the operating system [...] | Continue reading
Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents. [...] | Continue reading
Microsoft has released Windows 10 KB5028166 and KB5028168 cumulative updates for versions 22H2, version 21H2, and 1809 to fix problems and add new features to the operating system. [...] | Continue reading
Today is Microsoft's July 2023 Patch Tuesday, with security updates for 132 flaws, including six actively exploited and thirty-seven remote code execution vulnerabilities. [...] | Continue reading
Microsoft blocked code signing certificates predominantly used by Chinese hackers and developers to sign and load malicious kernel mode drivers on breached systems by exploiting a Windows policy loophole. [...] | Continue reading
Microsoft announced today that it would change the name of its Azure Active Directory (Azure AD) enterprise identity service to Microsoft Entra ID by the end of the year. [...] | Continue reading
Deutsche Bank AG has confirmed to BleepingComputer that a data breach on one of its service providers has exposed its customers' data in a likely MOVEit Transfer data-theft attack. [...] | Continue reading
Apple confirmed today that emergency security updates released on Monday to address a zero-day bug exploited in attacks break browsing on some websites, and new ones will be released soon to address this known issue. [...] | Continue reading
HCA Healthcare disclosed a data breach impacting an estimated 11 million patients who received care at one of its hospitals and clinics after a threat actor posted samples of stolen data on a hacking forum. [...] | Continue reading
Microsoft is finally rolling out a driver update to address a known issue causing built-in cameras on ARM-based Windows devices (including Surface Pro X laptops) to stop working. [...] | Continue reading
A threat actor referred to as 'RomCom' has been targeting organizations supporting Ukraine and guests of the upcoming NATO Summit set to start tomorrow in Vilnius, Lithuania. [...] | Continue reading
VMware warned customers today that exploit code is now available for a critical vulnerability in the VMware Aria Operations for Logs analysis tool, which helps admins manage terabytes worth of app and infrastructure logs in large-scale environments. [...] | Continue reading
In collaboration with Microsoft, Amazon has announced the general availability of its AppStore on Windows 11 for all developers. This means more apps and games are coming to Windows 11 as Amazon developers can now easily access the AppStore for Windows and bring their Amazon Stor … | Continue reading
Microsoft warned customers today that multiple editions of Windows 11, version 21H2, will reach the end-of-service (EOS) in three months, on October 10, 2023. [...] | Continue reading
Apple has issued a new round of Rapid Security Response (RSR) updates to address a new zero-day bug exploited in attacks and impacting fully-patched iPhones, Macs, and iPads. [...] | Continue reading
A former employee of Discovery Bay Water Treatment Facility in California was indicted by a federal grand jury for intentionally attempting to cause malfunction to the facility's safety and protection systems. [...] | Continue reading
The first preview of Windows Copilot falls short of expectations. Though it promises features like turning on simple settings like switching to dark mode, the 'AI integration' feels far from native. In fact, Copilot feels like a web wrapper, a pane running Bing.com within Microso … | Continue reading
Gaming gear company Razer reacted to recent rumors of a massive data breach with a short statement on Twitter, letting users know that they started an investigation into the matter. [...] | Continue reading
Bing AI sidebar in Edge does not currently support recalling previous conversations. Microsoft plans to address this issue by adding a memory feature, allowing Bing AI to remember and continue from where a user left off in a previous interaction. [...] | Continue reading
Automated incident response solutions help reduce the mean time to respond to incidents, address known security threats, and also minimize alert fatigue. Learn more about these solutions from Wazuh, the open source XDR/SIEM platform. [...] | Continue reading
In a bid to enhance user experience, Microsoft has reintroduced mouse gestures in its Edge Canary version, a feature previously present in legacy Edge before the transition to Chromium. [...] | Continue reading
Google is working on a significant design overhaul for Chrome across Windows, Mac, and Chromebook platforms. Named Chrome's Material You-based, the project is close to roll out and is set to introduce a series of fresh aesthetic changes that significantly alter the browser's inte … | Continue reading
Security researchers observed a new campaign they attribute to the Charming Kitten APT group where hackers used new NokNok malware that targets macOS systems. [...] | Continue reading
Today's update introduces several significant Android Windows Subsystem improvements. Firstly, enhancements have been made to camera compatibility, thus improving the experience of using Android apps that require camera access. [...] | Continue reading
After a long break, AMD has launched a new graphics driver, Adrenalin 23.7.1 WHQL (driver version 23.10.01.45). [...] | Continue reading
Instagram's dedicated text-sharing app, Threads, is set to introduce many new features, including Twitter-style hashtags, an edit button, a trending page, and possibly even an automatic archiving function. Instagram's Head, Adam Mosseri, confirmed these upcoming features in a ser … | Continue reading
Security researchers have dissected a recently emerged ransomware strain named 'Big Head' that may be spreading through malvertising that promotes fake Windows updates and Microsoft Word installers. [...] | Continue reading
CISA ordered federal agencies today to patch a high-severity Arm Mali GPU kernel driver privilege escalation flaw added to its list of actively exploited vulnerabilities and addressed with this month's Android security updates. [...] | Continue reading