Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. | Continue reading
Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks. | Continue reading
Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer—no verification needed. Now, that might be nothing new, the feature and lax verification on career websites pave the ways for attackers to post bogus listings for malicious purp … | Continue reading
The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. | Continue reading
Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. | Continue reading
In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. | Continue reading
US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. | Continue reading
Larry Dean Harmon, the owner of a dark web cryptocurrency laundering service known as Helix, pleaded guilty today of laundering over $300 million worth of bitcoins between 2014 and 2017. | Continue reading
Microsoft has released Windows 10 21H2 19044.1200 with the awaited new Windows Hello security feature, WPA3 HPE support, and GPU computing in the Windows Subsystem for Linux. | Continue reading
GitHub is urging its user base to toggle on two-factor authentication (2FA) after deprecating password-based authentication for Git operations. | Continue reading
Microsoft's Internet Explorer browser is barely usable after Microsoft officially ends support for the browser in Microsoft 365. | Continue reading
Tokio Marine Holdings, a multinational insurance holding company in Japan, announced this week that its Singapore branch, Tokio Marine Insurance Singapore (TMiS), suffered a ransomware attack. | Continue reading
A new analysis of a Diavol ransomware sample shows a more clear connection with the gang behind the TrickBot botnet and the evolution of the malware. | Continue reading
T-Mobile has confirmed that attackers who recently breached its servers stole files containing the personal information of almost 8 million current customers. | Continue reading
Hackers associated with the Iranian government have focused attack efforts on IT and communication companies in Israel, likely in an attempt to pivot to their real targets. | Continue reading
Training material used by Conti ransomware affiliates was leaked online this month, allowing an inside look at how attackers abuse legitimate software seek out cyber insurance policies. | Continue reading
CISA today warned that IoT and OT security flaws known as BadAlloc impact BlackBerry's QNX Real Time Operating System (RTOS) used by critical infrastructure organizations. | Continue reading
An Illionois pharmacist arrested today faces 120 years in prison for allegedly selling dozens of authentic COVID-19 vaccination record cards issued by the Center for Disease Control and Prevention (CDC). | Continue reading
A malware campaign uses a clever captcha prompt to trick users into bypassing browsers warnings to download the Ursnif (aka Gozi) banking trojan. | Continue reading
The Brazilian Ministry of Economy has disclosed a ransomware attack that hit some of its computing systems on Friday night, right before the start of the weekend. | Continue reading
Security researchers are sounding the alarm on a critical vulnerability affecting tens of millions of devices worldwide connected via ThroughTek's Kalay IoT cloud platform. | Continue reading
Fortinet has released security updates to address a command injection vulnerability that can let attackers take complete control of servers running vulnerable FortiWeb web application firewall (WAF) installations. | Continue reading
Chase Bank has admitted to the presence of a technical bug on its online banking website and app that allowed accidental leakage of customer banking information to other customers. | Continue reading
In what appears to be an attack from the Hive ransomware gang, computers of the non-profit Memorial Health System have been encrypted, forcing staff to work with paper charts. | Continue reading
T-Mobile has confirmed that threat actors hacked their servers in a recent cyber attack but still investigate whether customer data was stolen. | Continue reading
A malware developer unleashed their creation on their system to try out new features and the data ended up on a cybercrime intelligence platform, exposing a glimpse of the cybercriminal endeavor. | Continue reading
The US Securities and Exchange Commission (SEC) announced today that Pearson, a British multinational educational publishing and services company, has settled charges of mishandling the disclosure process for a 2018 data breach discovered in March 2019. | Continue reading
A secret terrorist watchlist with 1.9 million records, including "no-fly" records was exposed on the internet. The list was left accessible on an Elasticsearch cluster that had no password on it. | Continue reading
Declan Harrington, a Massachusetts man charged two years ago for his alleged involvement in a series of SIM swapping attacks, pleaded guilty to stealing cryptocurrency from multiple victims and hijacking the Instagram account of others. | Continue reading
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra who previously deployed wiper malware on the networks of multiple Syrian organizations. | Continue reading
Colonial Pipeline, the largest fuel pipeline in the United States, is sending notification letters to individuals affected by the data breach resulting from the DarkSide ransomware attack that hit its network in May. | Continue reading
A threat actor claims to have hacked T-Mobile's servers and stolen databases containing the personal data of approximately 100 million customers. | Continue reading
If you can't find your favorite Windows Subsystem for Linux distribution available in the Microsoft Store, a new program called EasyWSL can convert almost any Linux Docker image into a WSL distro. | Continue reading
A bug on Ford's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega customer engagement system running on Ford's server … | Continue reading
A bug on Ford's website allowed for accessing sensitive systems and obtaining proprietary data, such as customer databases, employee records, internal tickets, etc. The data exposure stemmed from a misconfigured instance of Pega customer engagement system running on Ford's server … | Continue reading
The US Financial Industry Regulatory Authority (FINRA) warns US brokerage firms and brokers of an ongoing phishing campaign impersonating FINRA officials and asking them to hand over sensitive information under the threat of penalties. | Continue reading
Facebook has announced the roll-out of end-to-end encrypted Messenger voice and video calls five years after making it available in one-on-one text chats. | Continue reading
This week we saw an existing operation rise in attacks while existing ransomware operations turn to Windows vulnerabilities to elevate their privileges. | Continue reading
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. | Continue reading
The Lithuanian Ministry of Foreign Affairs has declined to comment about the authenticity of email files allegedly stolen from its network and offered for sale on a data-trading forum.Lith | Continue reading
A security researcher has figured out a way to dump a user's unencrypted plaintext Microsoft Azure credentials from Microsoft's new Windows 365 Cloud PC service using Mimikatz. | Continue reading
Microsoft is working on adding a spam call notification feature to the Microsoft 365 Teams collaboration platform. | Continue reading
The SynAck ransomware gang released the master decryption keys for their operation after rebranding as the new El_Cometa group. | Continue reading
Security researchers found vulnerabilities in the Wodify fitness platform that allows an attacker to view and modify user workouts from any of the more than 5,000 gyms that use the solution worldwide. | Continue reading
The Vice Society ransomware gang is now also actively exploiting Windows print spooler PrintNightmare vulnerability for lateral movement through their victims' networks. | Continue reading
GitHub has announced today that account passwords will no longer be accepted for authenticating Git operations starting tomorrow. | Continue reading
Threat actors are actively exploiting Microsoft Exchange servers using the ProxyShell vulnerability to install backdoors for later access. | Continue reading
Microsoft says that a year-long and highly evasive spear-phishing campaign has targeted Office 365 customers in multiple waves of attacks starting with July 2020. | Continue reading