Microsoft has released a script to make it easier to patch a BitLocker bypass security vulnerability in the Windows Recovery Environment (WinRE). [...] | Continue reading
The BianLian ransomware group has shifted its focus from encrypting its victims' files to only exfiltrating data found on compromised networks and using them for extortion. [...] | Continue reading
Project Zero, Google's zero-day bug-hunting team, discovered and reported 18 baseband zero-day vulnerabilities in Samsung's Exynos chipsets used in mobile devices, wearables, and cars. [...] | Continue reading
Android malware 'FakeCalls' is circulating again in South Korea, imitating phone calls for over 20 financial organizations and attempting to fool targets into giving away their credit card details. [...] | Continue reading
A suspected Chinese hacking group has been linked to a series of attacks on government organizations exploiting a Fortinet zero-day vulnerability (CVE-2022-41328) to deploy malware. [...] | Continue reading
Cybercriminals are abusing Adobe Acrobat Sign, an online document signing service, to distribute info-stealing malware to unsuspecting users. [...] | Continue reading
A decryption tool for a modified version of the Conti ransomware could help hundreds of victims recover their files for free. [...] | Continue reading
Latitude Financial Services (Latitude) has published a notice on its website today informing that it has suffered a ransomware attack that resulted in the theft of some customer data. [...] | Continue reading
Microsoft has announced a new assistant powered by artificial intelligence to help boost productivity across Microsoft 365 apps, currently being tested by select commercial customers. [...] | Continue reading
A convincing Twitter scam is targeting bank customers by abusing the quote-tweets feature, as observed by BleepingComputer. The scam preys on customers tweeting to their banks—such as to raise a complaints. But these customers instead receive a reply from the scammer, via a quote … | Continue reading
In an unexpected twist, a Microsoft support engineer resorted to running an unofficial 'crack' on a customer's Windows PC after a genuine copy of the operating system failed to activate normally. It seems, this isn't the first time either that a Microsoft support professional has … | Continue reading
An advanced hacking group named 'Winter Vivern' targets European government organizations and telecommunication service providers to conduct espionage. [...] | Continue reading
CISA has added a critical vulnerability impacting Adobe ColdFusion versions 2021 and 2018 to its catalog of security bugs exploited in the wild. [...] | Continue reading
Mozilla has announced the integration of Firefox Relay, an email protection system that helps users evade trackers and spammers, directly into the Firefox browser. [...] | Continue reading
Nord Security (Nord) has released the source code of its Linux NordVPN client and associated networking libraries in the hopes of being more transparent and easing users' security and privacy concerns. [...] | Continue reading
The Federal Bureau of Investigation (FBI) revealed in its 2022 Internet Crime Report that ransomware gangs breached the networks of at least 860 critical infrastructure organizations last year. [...] | Continue reading
LockBit ransomware has claimed a cyber attack on Essendant, a wholesale distributer of office products after a "significant" and ongoing outage knocked the company's operations offline. [...] | Continue reading
A threat actor is selling on a Russian-speaking hacking forum what they claim to be hundreds of gigabytes of data allegedly stolen from U.S. Marshals Service (USMS) servers. [...] | Continue reading
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...] | Continue reading
Last year, a U.S. federal agency's Microsoft Internet Information Services (IIS) web server was hacked by exploiting a critical .NET deserialization vulnerability in the Progress Telerik UI for ASP.NET AJAX component. [...] | Continue reading
Independent Living Systems (ILS), a Miami-based healthcare administration and managed care solutions provider, suffered a data breach that exposed the personal information of 4,226,508 individuals. [...] | Continue reading
An international law enforcement operation has seized the cryptocurrency mixing service 'ChipMixer' which is said to be used by hackers, ransomware gangs, and scammers to launder their proceeds. [...] | Continue reading
ChatGPT made a splash with its believable AI-generated responses. However, it can help threat actors create convincing personas to steal credentials in phishing attacks. [...] | Continue reading
The first known cryptojacking operation mining the Dero coin has been found targeting vulnerable Kubernetes container orchestrator infrastructure with exposed APIs. [...] | Continue reading
Software vendor SAP has released security updates for 19 vulnerabilities, five rated as critical, meaning that administrators should apply them as soon as possible to mitigate the associated risks. [...] | Continue reading
Cybersecurity company Rubrik has confirmed that its data was stolen using a zero-day vulnerability in the Fortra GoAnywhere secure file transfer platform. [...] | Continue reading
Reddit is investigating an ongoing outage that is blocking users worldwide from accessing the social network's website and mobile apps. [...] | Continue reading
Microsoft has patched an Outlook zero-day vulnerability (CVE-2023-23397) exploited by a hacking group linked to Russia's military intelligence service GRU to target European organizations. [...] | Continue reading
Microsoft has patched another zero-day bug used by attackers to circumvent the Windows SmartScreen cloud-based anti-malware service and deploy Magniber ransomware payloads without raising any red flags. [...] | Continue reading
It's Microsoft's March 2023 Patch Tuesday, and the new Windows 10 KB5023696 and KB5023697 cumulative updates are now available for versions 22H2, version 21H2, version 21H1, and 1809 to fix problems in the operating system. [...] | Continue reading
Americans are increasingly targeted in 'pig butchering' cryptocurrency investment schemes, according to a public service announcement issued today by the Federal Bureau of Investigation (FBI). [...] | Continue reading
Today is Microsoft's March 2023 Patch Tuesday, and security updates fix two actively exploited zero-day vulnerabilities and a total of 83 flaws. [...] | Continue reading
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. [...] | Continue reading
A new threat actor named 'YoroTrooper' has been running cyber-espionage campaigns since at least June 2022, targeting government and energy organizations in Commonwealth of Independent States (CIS) countries. [...] | Continue reading
NordVPN's Meshnet private tunnel feature for Windows, macOS, and Linux is now free for everyone, even users who do not have a subscription to NordVPN. [...] | Continue reading
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. [...] | Continue reading
The Housing Authority of the City of Los Angeles (HACLA) is warning of a "data security event" after the LockBit ransomware gang targeted the organization and leaked data stolen in the attack. [...] | Continue reading
Offensive Security has released Kali Linux 2023.1, the first version of 2023 and the project's 10th anniversary, with a new distro called 'Kali Purple,' aimed at Blue and Purple teamers for defensive security. [...] | Continue reading
Today, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) announced a new pilot program designed to help critical infrastructure entities protect their information systems from ransomware attacks. [...] | Continue reading
Microsoft will soon fast-track multi-factor authentication (MFA) adoption for its Microsoft 365 cloud productivity platform by adding MFA capabilities to the Outlook email client. [...] | Continue reading
Lending protocol Euler Finance was hit by a cryptocurrency flash loan attack on Sunday, with the threat actor stealing $197 million in multiple digital assets. [...] | Continue reading
GSC Game World, the developer of the highly-anticipated 'STALKER 2: Heart of Chornobyl' game, warned their systems were breached, allowing threat actors to steal game assets during the attack. [...] | Continue reading
Microsoft is working on a new XAML-based gallery view for Windows 11 File Explorer. [...] | Continue reading
Staples-owned Essendant, a wholesale distributor of stationary and office supplies, is experiencing a multi-day systems "outage" preventing customers and suppliers from placing and fulfilling online orders. [...] | Continue reading
Microsoft has finally addressed a known issue causing significant performance hits when copying large files over SMB after installing the Windows 11 2022 update. [...] | Continue reading
A ransomware operation known as Medusa has begun to pick up steam in 2023, targeting corporate victims worldwide with million-dollar ransom demands. [...] | Continue reading
Researchers at the School of Cyber Security at Korea University, Seoul, have presented a new covert channel attack named CASPER can leak data from air-gapped computers to a nearby smartphone at a rate of 20bits/sec. [...] | Continue reading
The Clop ransomware gang has begun extorting companies whose data was stolen using a zero-day vulnerability in the Fortra GoAnywhere MFT secure file-sharing solution. [...] | Continue reading