Sergiu Gatlan / BleepingComputer: CISA says it will extend funding to Mitre, which runs the CVE Program, and “there will be no lapse in critical CVE services”, after Mitre said funding expired — CISA says the U.S. government has extended funding to ensure no continuity issues with the critical Common Vulnerabilities and Exposures (CVE) program.
Bill Toulas / BleepingComputer: Tarlogic researchers find an undocumented “backdoor” in Chinese manufacturer Espressif's ESP32 microchip used in 1B+ devices for WiFi and Bluetooth connectivity — The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains …
Sergiu Gatlan / BleepingComputer: CISA and the FBI: attackers deploying Ghost ransomware breached victims from multiple industry sectors across 70+ countries, including critical infrastructure — CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries …
Sergiu Gatlan / BleepingComputer: Chase plans to stop users making Zelle payments deemed “as originating from contact through social media”; the CFPB had claimed Zelle lacked adequate safeguards — JPMorgan Chase Bank (Chase) will soon start blocking Zelle payments to social media contacts to combat a significant rise …
Sergiu Gatlan / BleepingComputer: Microsoft warns that attackers are injecting malware into ViewState, which manages state in ASP.NET web forms, using static machine keys found online — Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online.
Bill Toulas / BleepingComputer: Spanish police arrest a hacker for allegedly conducting 40 cyberattacks on critical public and private organizations, seizing 50 crypto accounts, PCs, and more — The Spanish police have arrested a suspected hacker in Alicante for allegedly conducting 40 cyberattacks targeting critical public …
Bill Toulas / BleepingComputer: Google says APT groups from 20+ countries are using Gemini primarily for productivity gains rather than to develop or conduct novel AI-enabled cyberattacks — Multiple state-sponsored groups are experimenting with the AI-powered Gemini assistant from Google to increase productivity …
Bill Toulas / BleepingComputer: Researchers find 4.5M “stars” on GitHub repos they suspect are fake; in July, Check Point found a network of inauthentic users starring repos containing malware — GitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam …
Bill Toulas / BleepingComputer: The US FTC orders Marriott and Starwood to implement a robust customer data security scheme after Starwood's 2014 to 2018 breaches and Marriott's 2018 breach — The Federal Trade Commission (FTC) has ordered Marriott International and Starwood Hotels to define and implement …
Sergiu Gatlan / BleepingComputer: Report: Russia arrested notorious cybercriminal Mikhail Matveev for developing malware and running hacking groups; US DOJ filed charges against him in 2023 — Russian citizen and notorious ransomware affiliate Mikhail Pavlovich Matveev (also known as Wazawaka, Uhodiransomwar, m1x …
Bill Toulas / BleepingComputer: ESET researchers find the first UEFI bootkit designed specifically to target Linux systems, marking a shift in bootkits that previously focused on Windows — The first UEFI bootkit specifically targeting Linux systems has been discovered, marking a shift in stealthy and hard-to-remove bootkit threats …
Ax Sharma / BleepingComputer: Some GitHub projects have been targeted with malicious commits; a Texas researcher claims someone is impersonating him to make the submissions and smear him — GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects.
Lawrence Abrams / BleepingComputer: UnitedHealth says over 100M people had their data stolen in the February ransomware attack on Change Healthcare, the largest-ever US healthcare data breach — UnitedHealth has confirmed for the first time that over 100 million people had their personal information and healthcare data stolen …
Bill Toulas / BleepingComputer: WordPress plugin Jetpack releases a critical security update to fix a bug letting logged-in users access forms from website visitors, in all versions since 2016 — WordPress plugin Jetpack released a critical security update earlier today, addressing a vulnerability that allowed a logged …
Ionut Ilascu / BleepingComputer: Cloudflare says it stopped a month long DDoS campaign targeting orgs in financial services, internet, and telecommunications sectors, that peaked at 3.8Tbps — During a distributed denial-of-service campaign targeting organizations in the financial services, internet, and telecommunications sectors …
Bill Toulas / BleepingComputer: Researchers: hackers are actively exploiting an RCE vulnerability in Zimbra email servers, disclosed on September 27, triggered by emailing the SMTP server — Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply …
Bill Toulas / BleepingComputer: The US DOJ charges two Russians for operating $1B+ money laundering services for cybercriminals; one is accused of operating the Joker's Stash marketplace — The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services …
Sergiu Gatlan / BleepingComputer: The FBI arrests and charges two people in Miami over a conspiracy to steal and launder 4,100+ BTC, worth $230M+; ZachXBT says they targeted a Genesis creditor — Two suspects were arrested in Miami this week and charged with conspiracy to steal and launder over $230 million in cryptocurrency using crypto exchanges and mixing services.
Sergiu Gatlan / BleepingComputer: The Port of Seattle says the Rhysida ransomware operation was behind an August 24 cyberattack and “it does appear that some Port data was obtained by the actor” — Port of Seattle, the United States government agency overseeing Seattle's seaport and airport …
Bill Toulas / BleepingComputer: The City of Columbus, OH, sues security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of sharing data stolen by a ransomware gang with media — The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf …
Ionut Ilascu / BleepingComputer: Background check service National Public Data confirms a breach after hackers leaked a stolen database with millions of SSNs and other sensitive personal info — Background check service National Public Data confirms that hackers breached its systems after threat actors leaked a stolen database …
Bill Toulas / BleepingComputer: Unit 42: open-source projects from Google, Microsoft, AWS, and others leaked GitHub auth tokens via GitHub Actions; GitHub decided not to address the risk — Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found …
Sergiu Gatlan / BleepingComputer: The FBI, the UK's NCA, and others seize the servers and websites of the Radar/Dispossessor ransomware operation; since August 2023, the gang targeted 43 SMBs — The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation.
Sergiu Gatlan / BleepingComputer: Google Chrome warns uBlock Origin may soon be disabled and tells users to switch to other ad blockers before deprecation of Manifest V2 extensions — Google Chrome is now encouraging uBlock Origin users who have updated to the latest version to switch to other ad blockers before Manifest v2 extensions are disabled.
Sergiu Gatlan / BleepingComputer: The UK's NCA shuts down Russian Coms, a caller ID spoofing platform used by hundreds of criminals to make 1.8M+ scam calls in 107 countries since 2021 — The United Kingdom's National Crime Agency (NCA) has shut down Russian Coms, a major caller ID spoofing platform used by hundreds of criminals to make over 1.8 million scam calls.
Bill Toulas / BleepingComputer: Infoblox and Eclypsium: since 2018, Russian hackers hijacked 35K+ registered domains using Sitting Ducks attacks that involve exploiting DNS configuration flaws — Threat actors have hijacked more than 35,000 registered domains in so-called Sitting Ducks attacks that allow claiming …
Bill Toulas / BleepingComputer: Zimperium: a massive SMS stealer campaign has targeted Android devices worldwide using Telegram bots to infect devices in 113 countries since February 2022 — A malicious campaign targeting Android devices worldwide utilizes thousands of Telegram bots to infect devices with SMS-stealing malware …
Sergiu Gatlan / BleepingComputer: A global law enforcement operation takes down 593 servers hosting unlicensed versions of Cobalt Strike, a penetration testing tool abused by cybercriminals — Europol coordinated a joint law enforcement action known as Operation Morpheus, which led to the takedown of almost 600 Cobalt Strike servers used …
Bill Toulas / BleepingComputer: Infosys McCamish Systems, which provides consulting, IT, and outsourcing services, says LockBit stole sensitive info of 6M+ people in a 2023 ransomware attack — Infosys McCamish Systems (IMS) disclosed that the LockBit ransomware attack it suffered earlier this year impacted sensitive information of more than six million individuals.
Lawrence Abrams / BleepingComputer: TeamViewer warns that its corporate environment was breached on June 26, and attributes the cyberattack to the Russian hacking group APT29 aka Midnight Blizzard — The remote access software company TeamViewer is warning that its corporate environment was breached in a cyberattack yesterday …
Sergiu Gatlan / BleepingComputer: US hospital operator Ascension says a May ransomware attack was caused by an employee downloading a malicious file, and has no proof data was taken from its EHR — Ascension, one of the largest U.S. healthcare systems, revealed that a May 2024 ransomware attack was caused by an employee …
Bill Toulas / BleepingComputer: Researchers find malicious Microsoft Visual Studio Code extensions with millions of installs, and also easily create their own, which trended in the marketplace — A group of Israeli researchers explored the security of the Visual Studio Code marketplace and managed to “infect” …
Lawrence Abrams / BleepingComputer: The New York Times confirms its internal source code and data leaked on 4chan after being stolen using an exposed GitHub token in January 2024 — Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories …
Sergiu Gatlan / BleepingComputer: The FBI urges LockBit ransomware victims to come forward after obtaining 7,000+ decryption keys to recover data; police seized 2,500+ keys in February 2024 — The FBI urges past victims of LockBit ransomware attacks to come forward after revealing that it has obtained over 7,000 LockBit decryption keys …
Sergiu Gatlan / BleepingComputer: Researchers say a threat actor claims to have hacked Ticketmaster and Santander using stolen credentials of a Snowflake employee; Snowflake disputes the claims — A threat actor claiming recent Santander and Ticketmaster breaches says they stole data after hacking into an employee's account at cloud storage company Snowflake.
Mayank Parmar / BleepingComputer: Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide after an outage that began around 3 AM ET on May 23 and lasted 24+ hours — After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem.
Lawrence Abrams / BleepingComputer: A look at the privacy and security concerns surrounding Microsoft's Recall, which will record everything users do in Windows for up to three months by default — Microsoft's announcement of the new AI-powered Windows 11 Recall feature has sparked a lot of concern, with many thinking …
Mayank Parmar / BleepingComputer: Microsoft users report a massive outage impacting Bing.com, Copilot for the web and mobile, Copilot in Windows, ChatGPT's internet search, DuckDuckGo, and more — A massive Microsoft outage affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo.
Sergiu Gatlan / BleepingComputer: Google releases an emergency Chrome update to patch the third zero-day vulnerability exploited within a week, and the seventh zero-day fix in 2024 so far — Google has released a new emergency Chrome security update to address the third zero-day vulnerability exploited in attacks within a week.
Bill Toulas / BleepingComputer: Google releases a Chrome security update to fix the fifth zero-day vulnerability exploited in the wild in 2024; the vulnerability is in the Visuals component — Google has released a security update for the Chrome browser to fix the fifth zero-day vulnerability exploited in the wild since the start of the year.
Sergiu Gatlan / BleepingComputer: Microsoft confirms the April 2024 Windows security update breaks VPN connections across client and server platforms on Windows 11, 10, and Server 2008 or later — Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms.
Sergiu Gatlan / BleepingComputer: The US OFAC sanctions four Iranian nationals over cyberattacks on the US government, defense contractors, and private companies, and the DOJ unseals indictments — The Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned four Iranian nationals for their involvement …
Bill Toulas / BleepingComputer: Europol, law enforcement in 19 countries, Microsoft, and others disrupt phishing-as-a-service platform LabHost in a year-long operation and make 37 arrests — The LabHost phishing-as-a-service (PhaaS) platform has been disrupted in a year-long global law enforcement operation that compromised …
Sergiu Gatlan / BleepingComputer: Current and former T-Mobile and Verizon employees say they are receiving texts offering up to $300 to perform a SIM swap; T-Mobile says it is investigating — Criminals are now texting T-Mobile and Verizon employees on their personal and work phones, trying to tempt them with cash to perform SIM swaps.
Lawrence Abrams / BleepingComputer: OpenTable plans to display members' first names and profile photos on all reviews, including past reviews, starting May 22 in a bid to provide more transparency — Restaurant reservation platform OpenTable says that all reviews on the platform will no longer be fully anonymous starting …
Bill Toulas / BleepingComputer: Researchers detail how hackers use hijacked Facebook pages to push ads promoting fake AI services to spread malware; a fake Midjourney page had 1.2M followers — Hackers are using Facebook advertisements and hijacked pages to promote fake Artificial Intelligence services, such as MidJourney …
Sergiu Gatlan / BleepingComputer: On the first day of Pwn2Own Vancouver 2024, contestants earned $732,500 and a Tesla Model 3 for demoing 19 zero-day flaws across Windows 11, Tesla, and others — On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities …
Bill Toulas / BleepingComputer: A US jury convicts Russian-Swedish national Roman Sterlingov over operating crypto “tumbler” Bitcoin Fog between 2011 and 2021, laundering 1.2M BTC worth ~$400M — Russian-Swedish national Roman Sterlingov was convicted by a federal jury in Washington, D.C., for operating Bitcoin Fog between 2011 and 2021.
Bill Toulas / BleepingComputer: Google paid out $10M to 632 bug bounty researchers in 2023 via its Vulnerability Reward Program, including $3.4M for Android bugs; the highest bounty was $113K — Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services.
Sergiu Gatlan / BleepingComputer: GitHub enables push protection by default for all public repositories to prevent accidental leaks of secrets, like access tokens and API keys, when pushing code — GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets …