Microsoft Office 365 phishing evades detection with HTML Lego pieces

A recent phishing campaign used a clever trick to deliver the fraudulent web page that collects Microsoft Office 365 credentials by building it from chunks of HTML code stored locally and remotely. | Continue reading


@bleepingcomputer.com | 2 years ago

North Korean hackers use new Vyveva malware to attack freighters

The North Korean-backed Lazarus hacking group used new malware with backdoor capabilities dubbed Vyveva by ESET researchers in targeted attacks against a South African freight logistics company. | Continue reading


@bleepingcomputer.com | 2 years ago

Tech support scammers lure victims with fake antivirus billing emails

Tech support scammers are pretending to be from Microsoft, McAfee, and Norton to target users with fake antivirus billing renewals in a large-scale email campaign.  | Continue reading


@bleepingcomputer.com | 2 years ago

VISA: Hackers increasingly using web shells to steal credit cards

Global payments processor VISA warns that threat actors are increasingly deploying web shells on compromised servers to exfiltrate credit card information stolen from online store customers. | Continue reading


@bleepingcomputer.com | 2 years ago

REvil ransomware now changes password to auto-login in Safe Mode

A recent change to the REvil ransomware allows the threat actors to automate file encryption via Safe Mode after changing Windows passwords. | Continue reading


@bleepingcomputer.com | 2 years ago

Cisco fixes bug allowing remote code execution with root privileges

Cisco has released security updates to address a pre-authentication remote code execution (RCE) vulnerability affecting SD-WAN vManage Software's user management function. | Continue reading


@bleepingcomputer.com | 2 years ago

New Cring ransomware hits unpatched Fortinet VPN devices

A vulnerability impacting Fortinet VPNs is being exploited by a new human-operated ransomware strain known as Cring to breach and encrypt industrial sector companies' networks. | Continue reading


@bleepingcomputer.com | 2 years ago

Google Forms and Telegram abused to collect phished credentials

Security researchers note an increase in alternative methods to steal data from phishing attacks, as scammers obtain the stolen info through Google Forms or private Telegram bots. | Continue reading


@bleepingcomputer.com | 2 years ago

Gigaset Android phones infected by malware via hacked update server

Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. | Continue reading


@bleepingcomputer.com | 2 years ago

Microsoft's Windows 10, Exchange, and Teams hacked at Pwn2Own

During the first day of Pwn2Own 2021, contestants won $440,000 after successfully exploiting previously unknown vulnerabilities to hack Microsoft's Windows 10 OS, the Exchange mail server, and the Teams communication platform. | Continue reading


@bleepingcomputer.com | 2 years ago

Facebook attributes 533 million users' data leak to "scraping" not hacking

Facebook has now released a public statement clarifying the cause of and addressing some of the concerns related to the recent data leak. As reported last week, information of about 533 million Facebook profiles surfaced on a hacker forum. | Continue reading


@bleepingcomputer.com | 2 years ago

Android malware infects wannabe Netflix thieves via WhatsApp

Newly discovered Android malware found on Google's Play Store disguised as a Netflix tool is designed to auto-spread to other devices using WhatsApp auto-replies to incoming messages. | Continue reading


@bleepingcomputer.com | 2 years ago

Windows XP makes ransomware gangs work harder for their money

A recently created ransomware decryptor illustrates how threat actors have to support Windows XP, even when Microsoft dropped supporting it seven years ago. | Continue reading


@bleepingcomputer.com | 2 years ago

Have I Been Pwned adds search for leaked Facebook phone numbers

Facebook users can now use the Have I Been Pwned data breach notification site to check if their phone number was exposed in the social site's recent data leak. | Continue reading


@bleepingcomputer.com | 2 years ago

European Commission, other EU orgs recently hit by cyber-attack

The European Commission and several other European Union organizations were hit by a cyberattack in March according to a European Commission spokesperson. | Continue reading


@bleepingcomputer.com | 2 years ago

Hacker sells $38M worth of gift cards from thousands of shops

A Russian hacker has sold on a top-tier underground forum close to 900,000 gift cards with a total value estimated at $38 million. | Continue reading


@bleepingcomputer.com | 2 years ago

Facebook data leak now under EU data regulator investigation

Ireland's Data Protection Commission (DPC) is investigating a massive data leak concerning a database containing personal information belonging to more than 530 million Facebook users. | Continue reading


@bleepingcomputer.com | 2 years ago

Ongoing attacks are targeting unsecured mission-critical SAP apps

Threat actors are targeting mission-critical SAP enterprise applications unsecured against already patched vulnerabilities, exposing the networks of commercial and government organizations to attacks. | Continue reading


@bleepingcomputer.com | 2 years ago

EtterSilent maldoc builder used by top cybercriminal gangs

A malicious document builder named EtterSilent is gaining more attention on underground forums, security researchers note. As its popularity increased, the developer kept improving it to avoid detection from security solutions. | Continue reading


@bleepingcomputer.com | 2 years ago

Adult content from hundreds of OnlyFans creators leaked online

After a shared Google Drive was posted online containing the private videos and images from many OnlyFans accounts, a researcher has created a tool allowing content creators to check if they are part of the leak. | Continue reading


@bleepingcomputer.com | 2 years ago

New Microsoft Edge grew 1,300% this year, overtaking Firefox

The new Chromium-based Microsoft Edge browser has grown by over 1,300% in the past 12 months, while the Firefox browser is slowly losing its market share. | Continue reading


@bleepingcomputer.com | 2 years ago

Microsoft Defender for Endpoint now supports Windows 10 Arm devices

Microsoft today announced that Microsoft Defender for Endpoint, the enterprise version of its Defender antivirus, now comes with support for Windows 10 on Arm devices. | Continue reading


@bleepingcomputer.com | 2 years ago

How to check if your info was exposed in the Facebook data leak

Data breach notification service Have I Been Pwned can now be used to check if your personal information was exposed in yesterday's Facebook data leak that contains the phone numbers and information for over 500 million users. | Continue reading


@bleepingcomputer.com | 2 years ago

Windows 10 21H1 update: What's new, how to download, and more

The Windows 10 21H1 feature update, also known as the Spring 2021 Udpate, is being released in April or May 2021. Find out what's new , how to get it, and more. | Continue reading


@bleepingcomputer.com | 2 years ago

Sierra Wireless resumes production after ransomware attack

Canadian IoT solutions provider Sierra Wireless announced that it resumed production at its manufacturing sites after it halted it due to a ransomware attack that hit its internal network and corporate website on March 20. | Continue reading


@bleepingcomputer.com | 2 years ago

Malware attack is preventing car inspections in eight US states

A malware cyberattack on emissions testing company Applus Technologies is preventing vehicle inspections in eight states, including Connecticut, Georgia, Idaho, Illinois, Massachusetts, Utah, and Wisconsin. | Continue reading


@bleepingcomputer.com | 2 years ago

533 million Facebook users’ phone numbers leaked on hacker forum

The mobile phone numbers and other personal information for approximately 533 million Facebook users worldwide has been leaked on a popular hacker forum for free. | Continue reading


@bleepingcomputer.com | 2 years ago

Most loved programming language Rust sparks privacy concerns

Rust developers have repeatedly raised concerned about a privacy issue over the last few years. Rust has rapidly gained momentum among developers, for its focus on performance, safety, safe concurrency, and for having a similar syntax to C++. However, developers have been bothere … | Continue reading


@bleepingcomputer.com | 2 years ago

Ransomware gang leaks data from Stanford, Maryland universities

Stolen personal and financial information of students at Stanford Medicine, University of Maryland Baltimore (UMB), and the University of California was leaked online by the Clop ransomware group earlier this week. | Continue reading


@bleepingcomputer.com | 2 years ago

Microsoft outage caused by overloaded Azure DNS servers

Microsoft has revealed that Thursday's worldwide outage was caused by a code defect that allowed the Azure DNS service to become overwhelmed and not respond to DNS queries. | Continue reading


@bleepingcomputer.com | 2 years ago

Automated attack abuses GitHub Actions to mine cryptocurrency

GitHub Actions has been abused by attackers to mine cryptocurrency using GitHub's servers, automatically.The particular attack adds malicious GitHub Actions code to repositories forked from legitimate ones, and further creates a Pull Request for the original repository maintainer … | Continue reading


@bleepingcomputer.com | 2 years ago

GitHub Arctic Vault likely contains leaked MedData patient records

GitHub Arctic Code Vault has likely inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 year … | Continue reading


@bleepingcomputer.com | 2 years ago

Brown University hit by cyberattack, some systems still offline

Brown University, a private US research university, had to disable systems and cut connections to the data center after suffering a cyberattack on Tuesday. | Continue reading


@bleepingcomputer.com | 2 years ago

Asteelflash electronics maker hit by REvil ransomware attack

Asteelflash, a leading French electronics manufacturing services company, has suffered a cyberattack by the REvil ransomware gang who is demanding a $24 million ransom. | Continue reading


@bleepingcomputer.com | 2 years ago

FBI and CISA warn of state hackers attacking Fortinet FortiOS servers

The Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) warn of advanced persistent threat (APT) actors targeting Fortinet FortiOS servers using multiple exploits. | Continue reading


@bleepingcomputer.com | 2 years ago

Popular Twitch AdBlock shuts down after Twitch breaks extension

The popular Twitch AdBlock extension has been removed from both Chrome Web Store and Firefox Addons. Twitch AdBlock was the choice of extension among Twitch users for restricting ads when using Twitch. The extension's author stated before its removal, the ad blocker had over 150, … | Continue reading


@bleepingcomputer.com | 2 years ago

Qualys says Accellion hackers did not breach production systems

Cybersecurity firm Qualys said today that the attackers who breached its Accellion FTA server didn't infiltrate the company's production and corporate environments. | Continue reading


@bleepingcomputer.com | 2 years ago

Capital One notifies more clients of SSNs exposed in 2019 data breach

US bank Capital One notified additional customers that their Social Security numbers were exposed in a data breach announced in July 2019. | Continue reading


@bleepingcomputer.com | 2 years ago

Ransomware gang wanted $40 million in Florida schools cyberattack

Fueled by large payments from victims, ransomware gangs have started to demand ridiculous ransoms from organizations that can not afford them. An example of this is a recently revealed ransomware attack on the Broward County Public Schools district where threat actors demanded a … | Continue reading


@bleepingcomputer.com | 2 years ago

GitHub Arctic Vault captures leaked patient medical data for 1,000 years

GitHub Arctic Code Vault has inadvertently captured sensitive patient medical records from multiple healthcare facilities. The private data was leaked on GitHub repositories last year that are now part of a collection of open-source contributions bound to last a 1,000 years. | Continue reading


@bleepingcomputer.com | 2 years ago

MacKenzie Scott Grant scam more widespread than initially thought

A massive phishing campaign reaching tens of thousands of inboxes impersonated the MacKenzie Bezos-Scott grant foundation promising financial benefits to recipients in exchange of a processing fee. | Continue reading


@bleepingcomputer.com | 2 years ago

US DOJ: Phishing attacks use vaccine surveys to steal personal info

The US Department of Justice warns of phishing attacks using fake post-vaccine surveys to steal money from people or tricking them into handing over their personal information. | Continue reading


@bleepingcomputer.com | 2 years ago

Coinhive domain repurposed to warn visitors of hacked sites, routers

After taking over the domains for the notorious Coinhive in-browsing Monero mining service, a researcher is now displaying alerts on hacked websites that are still injecting the mining service's JavaScript. | Continue reading


@bleepingcomputer.com | 2 years ago

VMware fixes authentication bypass in data center security software

VMware has addressed a critical vulnerability in the VMware Carbon Black Cloud Workload appliance that could allow attackers to bypass authentication after exploiting vulnerable servers. | Continue reading


@bleepingcomputer.com | 2 years ago

Microsoft fixes Outlook 'Cannot send this item' email bug

Microsoft has fixed an Outlook bug that blocked users from forwarding or replying to emails containing embedded hyperlinks pointing to long URLs. | Continue reading


@bleepingcomputer.com | 2 years ago

Ubiquiti confirms extortion attempt following security breach

Networking device maker Ubiquiti has confirmed that it was the target of an extortion attempt following a January security breach, as revealed by a whistleblower earlier this week. | Continue reading


@bleepingcomputer.com | 2 years ago

Ubiquiti cyberattack may be far worse than originally disclosed

The data breach report from Ubiquiti in January is allegedly a cover-up of a massive incident that put at risk customer data and devices deployed on corporate and home networks. | Continue reading


@bleepingcomputer.com | 2 years ago

800Gbps DDoS extortion attack hits gambling company

Distributed denial-of-service (DDoS) attacks started strong this year, setting new records and taking the extortion trend that started last August to the next level. | Continue reading


@bleepingcomputer.com | 2 years ago