The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. | Continue reading
Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines. | Continue reading
In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) last year alone. | Continue reading
A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks. | Continue reading
A Pakistani fraudster was sentenced earlier this week to 12 years in prison after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven year scheme that led to the fraudulent unlocking of almost 2 million … | Continue reading
Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. | Continue reading
Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks. | Continue reading
It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week. | Continue reading
The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money. | Continue reading
At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations. | Continue reading
Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. | Continue reading
Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. | Continue reading
Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. | Continue reading
Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. | Continue reading
Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability. | Continue reading
Microsoft today started rolling out Office LTSC (Long Term Servicing Channel) for Windows and macOS, the non-subscription Office version for commercial and government customers. | Continue reading
The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. | Continue reading
Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines. | Continue reading
The FBI warned today that a massive spike of online romance scams this year caused Americans to lose more than $113 million since the start of 2021. | Continue reading
Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates. | Continue reading
Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. | Continue reading
A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. | Continue reading
The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. | Continue reading
Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances. | Continue reading
The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. | Continue reading
Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. | Continue reading
The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. | Continue reading
Microsoft says a OneDrive issue prevents some Android users from uploading photos and videos from their camera roll to the cloud. | Continue reading
Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface. | Continue reading
Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password. | Continue reading
Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. | Continue reading
Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. | Continue reading
Google is investigating reports of black screens showing up on users' Chromebooks when trying to log into their Chrome OS accounts. | Continue reading
Today is Microsoft's September 2021 Patch Tuesday, and with it comes fixes for two zero-day vulnerabilities and a total of 61 flaws. | Continue reading
Microsoft has reminded customers today that Windows 10 2004 (all editions) and Windows Server 2004 (Datacenter, Standard editions) will reach the end of servicing on December 14, 2021. | Continue reading
An ongoing Zloader campaign uses a new infection chain to disable Microsoft Defender Antivirus (formerly Windows Defender) on victims' computers to evade detection. | Continue reading
Millions of HP OMEN laptop and desktop gaming computers are exposed to attacks by a high severity vulnerability that can let threat actors trigger denial of service states or escalate privileges and disable security solutions. | Continue reading
Google has released Chrome 93.0.4577.82 for Windows, Mac, and Linux to fix eleven security vulnerabilities, two of them being zero-days exploited in the wild. | Continue reading
Fed up with the new Windows 11 default apps interface, Mozilla has bypassed Microsoft's policies to make it easier for users to switch their default browser. | Continue reading
Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. | Continue reading
The US Federal Trade Commission (FTC) warns of extortion scammers targeting the LGBTQ+ community via online dating apps such as Grindr and Feeld. | Continue reading
A fake Walmart press release stating that the retail chain would begin accepting Litecoin caused the cryptocurrency to jump by almost 35% this morning. | Continue reading
An unofficial Cobalt Strike Beacon version made by unknown threat actors from scratch has been spotted by security researchers while actively used in attacks targeting organizations worldwide. | Continue reading
Olympus, a leading medical technology company, is investigating a "potential cybersecurity incident" that impacted some of its EMEA (Europe, Middle East, Africa) IT systems last week. | Continue reading
Ahead of the beta testing with Insiders, Microsoft has already published the placeholder for the Android subsystem in the Microsoft Store. According to the Microsoft Store listing, Windows 11's Android support will require at least 8GB of RAM. For the best experience, 16GB is RAM … | Continue reading
Threat actors are sharing working Windows CVE-2021-40444 MSHTML zero-day exploits on hacking forums, allowing other hackers to start exploiting the new vulnerability in their own attacks. | Continue reading
The REvil ransomware gang has fully returned and is once again attacking new victims and publishing stolen files on a data leak site. | Continue reading
This week marked the return of the notorious REvil ransomware group, who disappeared in July after conducting a massive attack using a Kaseya zero-day vulnerability. | Continue reading