1132
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Fraud network uses 4,700 fake shopping sites to steal credit cards
A financially motivated Chinese threat actor dubbed "SilkSpecter" is using thousands of fake online stores to steal the payment card details of online shoppers in the U.S. and Europe. [...]
https://www.bleepingcomputer.com/news/security/fraud-network-uses-4-700-fake-shopping-sites-to-steal-credit-cards/
New Glove infostealer malware bypasses Chrome’s cookie encryption
New Glove Stealer information-stealing malware can bypass Google Chrome's Application-Bound (App-Bound) encryption to steal browser cookies. [...]
https://www.bleepingcomputer.com/news/security/new-glove-infostealer-malware-bypasses-google-chromes-cookie-encryption/
ChatGPT allows access to underlying sandbox OS, “playbook” data
OpenAI's containerized ChatGPT environment is open to limited yet extensive access to core instructions while allowing arbitrary file uploads and command execution within the isolated sandbox. [...]
https://www.bleepingcomputer.com/news/artificial-intelligence/chatgpt-allows-access-to-underlying-sandbox-os-playbook-data/
Hackers use macOS extended file attributes to hide malicious code
Hackers are using a novel technique that abuses extended attributes for macOS files to deliver a new trojan that researchers call RustyAttr. [...]
https://www.bleepingcomputer.com/news/security/hackers-use-macos-extended-file-attributes-to-hide-malicious-code/
Leaked info of 122 million linked to B2B data aggregator breach
The business contact information for 122 million people circulating since February 2024 is now confirmed to have been stolen from a B2B demand generation platform. [...]
https://www.bleepingcomputer.com/news/security/leaked-info-of-122-million-linked-to-b2b-data-aggregator-breach/
US indicts Snowflake hackers who extorted $2.5 million from 3 victims
The Department of Justice has unsealed the indictment against two suspected Snowflake hackers, who breached more than 165 organizations using the services of the Snowflake cloud storage company. [...]
https://www.bleepingcomputer.com/news/security/us-indicts-snowflake-hackers-who-extorted-25-million-from-3-victims/
New Google Pixel AI feature analyzes phone conversations for scams
Google is adding a new AI-powered scam protection feature that monitors phone call conversations on Google Pixel devices to detect patterns that warn when the caller may be a scammer. [...]
https://www.bleepingcomputer.com/news/google/new-google-pixel-ai-feature-analyzes-phone-conversations-for-scams/
Microsoft fixes bugs causing Windows Server 2025 blue screens, install issues
Microsoft has fixed several bugs that cause install, upgrade, and Blue Screen of Death (BSOD) issues on Windows Server 2025 devices with a high core count. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bugs-causing-windows-server-2025-blue-screens-install-issues/
D-Link won’t fix critical bug in 60,000 exposed EoL modems
Tens of thousands of exposed D-Link routers that have reached their end-of-life are vulnerable to a critical security issue that allows an unauthenticated remote attacker to change any user's password and take complete control of the device. [...]
https://www.bleepingcomputer.com/news/security/d-link-wont-fix-critical-bug-in-60-000-exposed-eol-modems/
Microsoft November 2024 Patch Tuesday fixes 4 zero-days, 91 flaws
Today is Microsoft's November 2024 Patch Tuesday, which includes security updates for 91 flaws, including four zero-days, two of which are actively exploited. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-november-2024-patch-tuesday-fixes-4-zero-days-91-flaws/
Signal introduces convenient "call links" for private group chats
The Signal messenger application has announced a set of new features aimed at making private group chats more convenient and easier for people to join. [...]
https://www.bleepingcomputer.com/news/software/signal-introduces-convenient-call-links-for-private-group-chats/
Volt Typhoon rebuilds malware botnet following FBI disruption
The Chinese state-sponsored hacking group Volt Typhoon has begun to rebuild its "KV-Botnet" malware botnet after it was disrupted by law enforcement in January, according to researchers from SecurityScorecard. [...]
https://www.bleepingcomputer.com/news/security/volt-typhoon-rebuilds-malware-botnet-following-fbi-disruption/
iPhones now auto-restart to block access to encrypted data after long idle times
Apple has added a new security feature with the iOS 18.1 update released last month to ensure that iPhones automatically reboot after long idle periods to re-encrypt data and make it harder to extract. [...]
https://www.bleepingcomputer.com/news/security/iphones-now-auto-restart-to-block-access-to-encrypted-data-after-long-idle-times/
New Ymir ransomware partners with RustyStealer in attacks
A new ransomware family called 'Ymir' has been spotted in the wild, being introduced onto systems that were previously compromised by the RustyStealer info-stealer malware. [...]
https://www.bleepingcomputer.com/news/security/new-ymir-ransomware-partners-with-rustystealer-in-attacks/
Amazon confirms employee data breach after vendor hack
Amazon confirmed a data breach involving employee information after data allegedly stolen during the May 2023 MOVEit attacks was leaked on a hacking forum. [...]
https://www.bleepingcomputer.com/news/security/amazon-confirms-employee-data-breach-after-vendor-hack/
CISA warns of more Palo Alto Networks bugs exploited in attacks
CISA warned today that two more critical security vulnerabilities in Palo Alto Networks' Expedition migration tool are now actively exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-more-palo-alto-networks-bugs-exploited-in-attacks/
Hacker gets 10 years in prison for extorting US healthcare provider
Robert Purbeck, a 45-year-old man from Idaho, has been sentenced to ten years in prison for hacking at least 19 organizations in the United States, stealing the personal data of more than 132,000 people, and multiple extortion attempts. [...]
https://www.bleepingcomputer.com/news/legal/hacker-gets-10-years-in-prison-for-extorting-us-healthcare-provider/
The true (and surprising) cost of forgotten passwords
Password resets are more expensive for your organization than you may realize. Learn more from Specops Software on why password resets are so expensive and how a self-service password reset solution can save you money. [...]
https://www.bleepingcomputer.com/news/security/the-true-and-surprising-cost-of-forgotten-passwords/
US govt officials’ communications compromised in recent telecom hack
CISA and the FBI confirmed that Chinese hackers compromised the "private communications" of a "limited number" of government officials after breaching multiple U.S. broadband providers. [...]
https://www.bleepingcomputer.com/news/security/chinese-hackers-compromised-us-government-officials-private-communications-in-recent-telecom-breach/
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Suspected Russian hackers were caught exploiting a recently patched Windows vulnerability as a zero-day in ongoing attacks targeting Ukrainian entities. [...]
https://www.bleepingcomputer.com/news/security/microsoft-patches-windows-zero-day-exploited-in-attacks-on-ukraine/
Critical bug in EoL D-Link NAS devices now exploited in attacks
Attackers now target a critical severity vulnerability with publicly available exploit code that affects multiple models of end-of-life D-Link network-attached storage (NAS) devices. [...]
https://www.bleepingcomputer.com/news/security/critical-bug-in-eol-d-link-nas-devices-now-exploited-in-attacks/
New ShrinkLocker ransomware decryptor recovers BitLocker password
Bitdefender has released a decryptor for the 'ShrinkLocker' ransomware strain, which uses Windows' built-in BitLocker drive encryption tool to lock victim's files. [...]
https://www.bleepingcomputer.com/news/security/new-shrinklocker-ransomware-decryptor-recovers-bitlocker-password/
Microsoft Exchange adds warning to emails abusing spoofing flaw
Microsoft has disclosed a high-severity Exchange Server vulnerability that allows attackers to forge legitimate senders on incoming emails and make malicious messages a lot more effective. [...]
https://www.bleepingcomputer.com/news/security/unpatched-microsoft-exchange-server-flaw-enables-spoofing-attacks/
Windows 10 KB5046613 update released with fixes for printer bugs
Microsoft has released the KB5046613 cumulative update for Windows 10 22H2 and Windows 10 21H2, which includes ten changes and fixes, including the new Microsoft account manager on the Start menu and fixes for multi-function printer issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5046613-update-released-with-fixes-for-printer-bugs/
Windows 11 KB5046617 and KB5046633 cumulative updates released
Microsoft has released the Windows 11 KB5046617 and KB5046633 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5046617-and-kb5046633-cumulative-updates-released/
FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023
The FBI, the NSA, and cybersecurity authorities of the Five Eyes intelligence alliance have released today a list of the top 15 routinely exploited vulnerabilities throughout last year. [...]
https://www.bleepingcomputer.com/news/security/fbi-cisa-and-nsa-reveal-most-exploited-vulnerabilities-of-2023/
North Korean hackers create Flutter apps to bypass macOS security
North Korean threat actors target Apple macOS systems using trojanized Notepad apps and minesweeper games created with Flutter, which are signed and notarized by legitimate Apple developer IDs. [...]
https://www.bleepingcomputer.com/news/security/north-korean-hackers-create-flutter-apps-to-bypass-macos-security/
VMware makes Workstation and Fusion free for everyone
VMware has announced that its VMware Fusion and VMware Workstation desktop hypervisors are now free to everyone for commercial, educational, and personal use. [...]
https://www.bleepingcomputer.com/news/software/vmware-makes-workstation-and-fusion-free-for-everyone/
HIBP notifies 57 million people of Hot Topic data breach
Have I Been Pwned warns that an alleged data breach exposed the personal information of 56,904,909 accounts for Hot Topic, Box Lunch, and Torrid customers. [...]
https://www.bleepingcomputer.com/news/security/hibp-notifies-57-million-people-of-hot-topic-data-breach/
Microsoft blames Windows Server 2025 automatic upgrades on 3rd-party tools
Microsoft has finally confirmed that some Windows Server 2019 and 2022 systems were "unexpectedly" upgraded to Windows Server 2025 on devices if updates were managed using third-party patch management tools. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-blames-windows-server-2025-automatic-upgrades-on-third-party-tools/