Over 60,000 Android apps secretly installed adware for past six months

Over 60,000 Android apps disguised as legitimate applications have been quietly installing adware on mobile devices while remaining undetected for the past six months. [...] | Continue reading


@bleepingcomputer.com | 1 hour ago

Outlook.com hit by outages as hacktivists claim DDoS attacks

Outlook.com is suffering a series of outages today after being down multiple times yesterday, with hacktivists known as Anonymous Sudan claiming to perform DDoS attacks on the service. [...] | Continue reading


@bleepingcomputer.com | 4 hours ago

Microsoft to pay $20 million for XBOX children privacy violations

Microsoft has agreed to pay a $20 million fine and change data privacy procedures for children to settle Federal Trade Commission (FTC) charges over Children's Online Privacy Protection Act (COPPA) violations. [...] | Continue reading


@bleepingcomputer.com | 4 hours ago

Dissecting the Dark Web Supply Chain: Stealer Logs in Context

Stealer logs represent one of the primary threat vectors for modern companies. This Flare explainer article will delve into the lifecycle of stealer malware and provide tips for detection and remediation. [...] | Continue reading


@bleepingcomputer.com | 6 hours ago

Android security update fixes Mali GPU flaw exploited by spyware

Google has released the monthly security update for the Android platform, adding fixes for 56 vulnerabilities, five of them with a critical severity rating and one exploited since at least last December. [...] | Continue reading


@bleepingcomputer.com | 7 hours ago

New 'PowerDrop' PowerShell malware targets U.S. aerospace industry

A new PowerShell malware script named 'PowerDrop' has been discovered to be used in attacks targeting the U.S. aerospace defense industry. [...] | Continue reading


@bleepingcomputer.com | 7 hours ago

Google fixes new Chrome zero-day flaw with exploit in the wild

Google has released a security update for Chrome web browser to address the third zero-day vulnerability that hackers exploited this year. [...] | Continue reading


@bleepingcomputer.com | 9 hours ago

Clop ransomware claims responsibility for MOVEit extortion attacks

The Clop ransomware gang has told BleepingComputer they are behind the MOVEit Transfer data-theft attacks, where a zero-day vulnerability was exploited to breach multiple companies' servers and steal data. [...] | Continue reading


@bleepingcomputer.com | 23 hours ago

Microsoft's Outlook.com is down again on mobile, web

​Outlook is down again for the second time today, with users facing a frustrating 503 error message when trying to access their accounts. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

New tool scans iPhones for 'Triangulation' malware infection

Cybersecurity firm Kaspersky has released a tool to detect if Apple iPhones and other iOS devices are infected with a new 'Triangulation' malware. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

SpinOk Android malware found in more apps with 30 million installs

The SpinOk malware was found in a new batch of Android apps on Google Play, reportedly installed an additional 30 million times. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

GIGABYTE releases new firmware to fix recently disclosed security flaws

GIGABYTE has released firmware updates to fix security vulnerabilities in over 270 motherboards that could be exploited to install malware. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

KeePass v2.54 fixes bug that leaked cleartext master password

KeePass has released version 2.54, fixing the CVE-2023-3278 vulnerability that allows the extraction of the cleartext master password from the application's memory. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

The Genesis Market Takedown – Keep Users Credentials Secure

Law enforcement arrested over 100 people in the takedown of the Genesis Market, notorious for selling stolen credentials. To prevent the loss of credentials, it's important to adopt a layered defense. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Microsoft links Clop ransomware gang to MOVEit data-theft attacks

Microsoft has linked the Clop ransomware gang to recent attacks exploiting a zero-day vulnerability in the MOVEit Transfer platform to steal data from organizations. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Windows 11 Moment 3 hands on, here's everything new

Microsoft's Windows 11 Moment 3 update brings a range of new features and improvements, designed to enhance user experience. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Atomic Wallet hacks leads to over $35 million in crypto stolen

The developers of Atomic Wallet are investigating reports of large-scale theft of cryptocurrency from users' wallets, with over $35 million in crypto reportedly stolen. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

CISA orders govt agencies to patch MOVEit bug used for data theft

CISA has added an actively exploited security bug in the Progress MOVEit Transfer managed file transfer (MFT) solution to its list of known exploited vulnerabilities, warning U.S. federal agencies to patch their systems by June 23. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Hackers hijack legitimate sites to host credit card stealer scripts

A new Magecart credit card stealing campaign hijacks legitimate sites to act as "makeshift" command and control (C2) servers to inject and hide the skimmers on targeted eCommerce sites. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Online sellers targeted by new information-stealing malware campaign

Online sellers are targeted in a new campaign to push the Vidar information-stealing malware, allowing threat actors to steal credentials for more damaging attacks. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

Zyxel shares tips on protecting firewalls from ongoing attacks

Zyxel has published a security advisory containing guidance on protecting firewall and VPN devices from ongoing attacks and detecting signs of exploitation. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

Microsoft is killing Cortana on Windows starting late 2023

After introducing a string of AI-powered assistants for its products, Microsoft has now announced that it will soon end support for the Windows standalone Cortana app. [...] | Continue reading


@bleepingcomputer.com | 3 days ago

The Week in Ransomware - June 2nd 2023 - Whodunit?

It has been a fairly quiet week regarding ransomware, with only a few reports released and no new significant attacks. However, we may have a rebrand in the making, and a ransomware operation is likely behind a new zero-day data-theft campaign, so we have some news to talk about. … | Continue reading


@bleepingcomputer.com | 3 days ago

Windows 11 to require SMB signing to prevent NTLM relay attacks

Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today's Windows build rolling out to Insiders in the Canary Channel. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

NSA and FBI: Kimsuky hackers pose as journalists to steal intel

State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions, and various media organizations. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Burton Snowboards discloses data breach after February attack

Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was "potentially" accessed or stolen during what the company described in February as a "cyber incident."  [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Malicious Chrome extensions with 75M installs removed from Web Store

Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come with a download count of 75 million. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

New Horabot campaign takes over victim's Gmail, Outlook accounts

A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a banking trojan and spam tool. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Windows 11 will let you view phone photos in File Explorer

Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone's camera roll in the File Explorer Gallery. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Harvard Pilgrim Health Care ransomware attack hits 2.5 million people

Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing their sensitive data from compromised systems. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Russia says US hacked thousands of iPhones in iOS zero-click attacks

Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. Russia blames these attacks on US intelligence agencies. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Google triples rewards for Chrome sandbox escape chain exploits

Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard reward until December 1st, 2023. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

New MOVEit Transfer zero-day mass-exploited in data theft attacks

Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Exploit released for RCE flaw in popular ReportLab PDF library

A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab, a popular Python library used by numerous projects to generate PDF files from HTML input. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Amazon faces $30 million fine over Ring, Alexa privacy violations

Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Kali Linux 2023.2 released with 13 new tools, pre-built HyperV image

Kali Linux 2023.2, the second version of 2023, is now available with a pre-built Hyper-V image and thirteen new tools, including the Evilginx framework for stealing credentials and session cookies. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Terminator antivirus killer is a vulnerable Windows driver in disguise

A threat actor known as Spyboy is promoting a Windows defense evasion tool called "Terminator" on the Russian-speaking forum RAMP (short for Russian Anonymous Marketplace). [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Hackers exploit critical Zyxel firewall flaw in ongoing attacks

Hackers are performing widespread exploitation of a critical-severity command injection flaw in Zyxel networking devices, tracked as CVE-2023-28771, to install malware. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Stealthy SeroXen RAT malware increasingly used to target gamers

A stealthy remote access trojan (RAT) named 'SeroXen' has recently gained popularity as cybercriminals begin using it for its low detection rates and powerful capabilities. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Toyota finds more misconfigured servers leaking customer info

Toyota Motor Corporation has discovered two additional misconfigured cloud services that leaked car owners' personal information for over seven years. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

7 Stages of Application Testing: How to Automate for Continuous Security

There are seven main stages of a complex pen testing process that must be followed in order to effectively assess an application's security posture. Learn more from OutPost24 about these stages and how PTaaS can find flaws in web applications, [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Dark Pink hackers continue to target govt and military organizations

The Dark Pink APT hacking group continues to be very active in 2023, observed targeting government, military, and education organizations in Indonesia, Brunei, and Vietnam. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

WordPress force installs critical Jetpack patch on 5 million sites

Automattic, the company behind the open-source WordPress content management system, has started force installing a security patch on millions of websites today to address a critical vulnerability in the Jetpack WordPress plug-in. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Barracuda zero-day abused since 2022 to drop new malware, steal data

Network and email security firm Barracuda today revealed that a recently patched zero-day vulnerability had been exploited for at least seven months to backdoor customers' Email Security Gateway (ESG) appliances with custom malware and steal data. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

WordPress plugin ‘Gravity Forms’ vulnerable to PHP object injection

The premium WordPress plugin 'Gravity Forms,' currently used by over 930,000 websites, is vulnerable to unauthenticated PHP Object Injection. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Microsoft finds macOS bug that lets hackers bypass SIP root restrictions

Apple has recently addressed a vulnerability that lets attackers with root privileges bypass System Integrity Protection (SIP) to install "undeletable" malware and access the victim's private data by circumventing Transparency, Consent, and Control (TCC) security checks. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

RomCom malware spread via Google Ads for ChatGPT, GIMP, more

A new campaign distributing the RomCom backdoor malware is impersonating the websites of well-known or fictional software, tricking users into downloading and launching malicious installers. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Microsoft shares fix for cameras not working on Surface laptops

Microsoft has shared a temporary fix for a widespread issue triggered by a buggy driver that causes built-in cameras on some ARM-based Windows devices (including Surface Pro X laptops) to stop working. [...] | Continue reading


@bleepingcomputer.com | 7 days ago