MoneyGram confirms hackers stole customer data in cyberattack

MoneyGram has confirmed that hackers stole customers' personal information and transaction data in a September cyberattack that caused a five-day outage. [...] | Continue reading


@bleepingcomputer.com | 7 hours ago

ADT discloses second breach in 2 months, hacked via stolen credentials

Home and small business security company ADT disclosed it suffered a breach after threat actors gained access to its systems using stolen credentials and exfiltrated employee account data. [...] | Continue reading


@bleepingcomputer.com | 8 hours ago

LEGO's website hacked to push cryptocurrency scam

On Friday night, cryptocurrency scammers briefly hacked the LEGO website to promote a fake Lego token that could be purchased with Ethereum. [...] | Continue reading


@bleepingcomputer.com | 9 hours ago

Ukrainian pleads guilty to operating Raccoon Stealer malware

Ukrainian national Mark Sokolovsky has pleaded guilty to his involvement in the Raccoon Stealer malware-as-a-service (MaaS) cybercrime operation. [...] | Continue reading


@bleepingcomputer.com | 9 hours ago

American Water shuts down online services after cyberattack

American Water, the largest publicly traded U.S. water and wastewater utility company, was forced to shut down some of its systems after a Thursday cyberattack. [...] | Continue reading


@bleepingcomputer.com | 13 hours ago

Comcast and Truist Bank customers caught up in FBCS data breach

Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Man pleads guilty to stealing $37 million in crypto from 571 victims

A 21-year-old man from Indiana named Evan Frederick Light pleaded guilty to stealing $37,704,560 worth of cryptocurrency from 571 victims in a 2022 cyberattack. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

Google Pay alarms users with accidental ‘new card’ added emails

Google Pay alarmed users this week after erroneously sending out "new card" added email notifications. Google has acknowledged that the email was "accidental" and that no user information was compromised. [...] | Continue reading


@bleepingcomputer.com | 1 day ago

MoneyGram: No evidence ransomware is behind recent cyberattack

MoneyGram says there is no evidence that ransomware is behind a recent cyberattack that led to a five-day outage in September. [...] | Continue reading


@bleepingcomputer.com | 2 days ago

Recently patched CUPS flaw can be used to amplify DDoS attacks

A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure

Microsoft and the Justice Department have seized over 100 domains used by the Russian ColdRiver hacking group to target United States government employees and nonprofit organizations from Russia and worldwide in spear-phishing attacks. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Over 4,000 Adobe Commerce, Magento shops hacked in CosmicSting attacks

Approximately 5% of all Adobe Commerce and Magento online stores, or 4,275 in absolute numbers, have been hacked in "CosmicSting" attacks. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Cloudflare blocks largest recorded DDoS attack peaking at 3.8Tbps

During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors, volumetric attacks peaked at 3.8 terabits per second, the largest publicly recorded to date. The assault consisted of a "month-long" barrag … | Continue reading


@bleepingcomputer.com | 4 days ago

Linux malware “perfctl” behind years-long cryptomining campaign

A Linux malware named "perfctl" has been targeting Linux servers and workstations for at least three years, remaining largely undetected through high levels of evasion and the use of rootkits. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

Why your password policy should include a custom dictionary

Utilizing a custom dictionaries helps strengthen your password policies. Learn more from Specops Software about how to build custom dictionaries in your Windows Active Directory password policy. [...] | Continue reading


@bleepingcomputer.com | 4 days ago

CISA: Network switch RCE flaw impacts critical infrastructure

U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Microsoft warns of Windows 11 24H2 gaming performance issues

Microsoft is working to fix several known issues behind Asphalt 8 game crashes and Easy Anti-Cheat blue screens on some Windows 24H2 systems. [...] | Continue reading


@bleepingcomputer.com | 5 days ago

Arc browser launches bug bounty program after fixing RCE bug

The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Microsoft fixes Outlook email sending issue for users with many folders

​Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Rackspace monitoring data stolen in ScienceLogic zero-day attack

Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Ransomware attack forces UMC Health System to divert some patients

Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Evil Corp hit with new sanctions, BitPaymer ransomware charges

The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Police arrest four suspects linked to LockBit ransomware gang

Law enforcement authorities from 12 countries arrested four suspects linked to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two people connected to LockBit activity. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues

Microsoft fixes a known issue in the Windows KB5043145 preview update that causes reboot loops, freezes systems, and breaks USB and Bluetooth devices. [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Windows 11 24H2 now rolling out, here are the new features

Today, Microsoft announced the release of Windows 11, version 24H2, the next feature update for its operating system (also known as the Windows 11 2024 Update). [...] | Continue reading


@bleepingcomputer.com | 6 days ago

Man charged for selling forged license keys for network switches

The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Media giant AFP hit by cyberattack impacting news delivery services

Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Windows 11 KB5043145 update causes reboot loops, blue screens

​Microsoft warns that some Windows 11 systems enter reboot loops or might freeze with blue screens after installing the September 2024 KB5043145 preview update. [...] | Continue reading


@bleepingcomputer.com | 7 days ago

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...] | Continue reading


@bleepingcomputer.com | 8 days ago

Ireland fines Meta €91 million for storing passwords in plaintext

The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. [...] | Continue reading


@bleepingcomputer.com | 9 days ago

Iranian hackers charged for ‘hack-and-leak’ plot to influence election

The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

U.S. charges Joker's Stash and Rescator money launderers

The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Microsoft: Windows Recall now can be removed, is more secure

​Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Embargo ransomware escalates attacks to cloud environments

Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Progress urges admins to patch critical WhatsUp Gold bugs ASAP

Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

Windows 11 KB5043145 update released with 13 changes and fixes

​​Microsoft released the September 2024 preview update (KB5043145) for Windows 11 23H2 and 22H2, with 13 improvements and fixes for multiple issues, including Edge and task manager freezes. [...] | Continue reading


@bleepingcomputer.com | 10 days ago

CUPS flaws enable Linux remote code execution, but there’s a catch

Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

New RomCom malware variant 'SnipBot' spotted in data theft attacks

A new variant of the RomCom malware called SnipBot, has been used in attacks that pivot on the network to steal data from compromised systems. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

Kia dealer portal flaw could let attackers hack millions of cars

A group of security researchers discovered critical flaws in Kia's dealer portal that could let hackers locate and steal millions of Kia cars made after 2013 using just the targeted vehicle's license plate. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

Tails OS merges with Tor Project for better privacy, security

The Tor Project and Tails OS are merging operations to better collaborate for a free internet by protecting users from surveillance and censorship. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

US sanctions crypto exchanges used by Russian ransomware gangs

The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned PM2BTC and Cryptex, two cryptocurrency exchanges that laundered funds from Russian ransomware gangs and other cybercrime groups. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

Automattic blocks WP Engine’s access to WordPress resources

WordPress.org has banned WP Engine from accessing its resources and stopped delivering plugin updates to websites hosted on the platform, urging impacted users to choose other hosting providers. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

Fake WalletConnect app on Google Play steals Android users’ crypto

A crypto draining app mimicking the legitimate 'WalletConnect' project has been distributed over Google Play for five months getting more than 10,000 downloads. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

HPE Aruba Networking fixes critical flaws impacting Access Points

HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points. [...] | Continue reading


@bleepingcomputer.com | 11 days ago

Windows 10 KB5043131 update released with 9 changes and fixes

​​Microsoft has released the September 2024 non-security preview update for Windows 10, version 22H2, with fixes for bugs causing Edge web browser freezes and media playback issues. [...] | Continue reading


@bleepingcomputer.com | 13 days ago

AutoCanada says ransomware attack "may" impact employee data

AutoCanada is warning that employee data may have been exposed in an August cyberattack claimed by the Hunters International ransomware gang. [...] | Continue reading


@bleepingcomputer.com | 13 days ago

Kansas water plant cyberattack forces switch to manual operations

Arkansas City, a small city in Cowley County, Kansas, was forced to switch its water treatment facility to manual operations over the weekend to contain a cyberattack detected on Sunday morning. [...] | Continue reading


@bleepingcomputer.com | 13 days ago

Infostealer malware bypasses Chrome’s new cookie-theft defenses

Infostealer malware developers released updates claiming to bypass Google Chrome's recently introduced feature App-Bound Encryption to protect sensitive data such as cookies. [...] | Continue reading


@bleepingcomputer.com | 13 days ago