1132
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
It's not just you: ChatGPT is down worldwide
The famous ChatGPT is down for thousands of users on March 25. [...]
https://www.bleepingcomputer.com/news/technology/its-not-just-you-chatgpt-is-down-worldwide/
CISA urges software devs to weed out SQL injection vulnerabilities
CISA and the FBI urged executives of technology manufacturing companies to prompt formal reviews of their organizations' software and implement mitigations to eliminate SQL injection (SQLi) security vulnerabilities before shipping. [...]
https://www.bleepingcomputer.com/news/security/cisa-urges-software-devs-to-weed-out-sql-injection-vulnerabilities/
New MFA-bypassing phishing kit targets Microsoft 365, Gmail accounts
Cybercriminals have been increasingly using a new phishing-as-a-service (PhaaS) platform named 'Tycoon 2FA' to target Microsoft 365 and Gmail accounts and bypass two-factor authentication (2FA) protection. [...]
https://www.bleepingcomputer.com/news/security/new-mfa-bypassing-phishing-kit-targets-microsoft-365-gmail-accounts/
New ZenHammer memory attack impacts AMD Zen CPUs
Academic researchers developed ZenHammer, the first variant of the Rowhammer DRAM attack that works on CPUs based on recent AMD Zen microarchitecture that map physical addresses on DDR4 and DDR5 memory chips. [...]
https://www.bleepingcomputer.com/news/security/new-zenhammer-memory-attack-impacts-amd-zen-cpus/
Over 100 US and EU orgs targeted in StrelaStealer malware attacks
A new large-scale StrelaStealer malware campaign has impacted over a hundred organizations across the United States and Europe, attempting to steal email account credentials. [...]
https://www.bleepingcomputer.com/news/security/over-100-us-and-eu-orgs-targeted-in-strelastealer-malware-attacks/
Microsoft to shut down 50 cloud services for Russian businesses
Microsoft plans to limit access to over fifty cloud products for Russian organizations by the end of March as part of the sanctions requirements against the country issued by EU regulators last December. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-shut-down-50-cloud-services-for-russian-businesses/
Russian hackers target German political parties with WineLoader malware
Researchers are warning that a notorious hacking group linked to Russia's Foreign Intelligence Service (SVR) is targeting political parties in Germany for the first time, shifting their focus away from the typical targeting of diplomatic missions. [...]
https://www.bleepingcomputer.com/news/security/russian-hackers-target-german-political-parties-with-wineloader-malware/
Darknet marketplace Nemesis Market seized by German police
The German police have seized infrastructure for the darknet Nemesis Market cybercrime marketplace in Germany and Lithuania, disrupting the site's operation. [...]
https://www.bleepingcomputer.com/news/security/darknet-marketplace-nemesis-market-seized-by-german-police/
Hackers earn $1,132,500 for 29 zero-days at Pwn2Own Vancouver
Pwn2Own Vancouver 2024 has ended with security researchers collecting $1,132,500 after demoing 29 zero-days (and some bug collisions). [...]
https://www.bleepingcomputer.com/news/security/hackers-earn-1-132-500-for-29-zero-days-at-pwn2own-vancouver/
KDE advises extreme caution after theme wipes Linux user's files
On Wednesday, the KDE team warned Linux users to exercise "extreme caution" when installing global themes, even from the official KDE Store, because these themes run arbitrary code on devices to customize the desktop's appearance. [...]
https://www.bleepingcomputer.com/news/linux/kde-advises-extreme-caution-after-theme-wipes-linux-users-files/
Evasive Sign1 malware campaign infects 39,000 WordPress sites
A previously unknown malware campaign called Sign1 has infected over 39,000 websites over the past six months, causing visitors to see unwanted redirects and popup ads. [...]
https://www.bleepingcomputer.com/news/security/evasive-sign1-malware-campaign-infects-39-000-wordpress-sites/
What the Latest Ransomware Attacks Teach About Defending Networks
Recent ransomware attacks have shared valuable lessons on how to limit risk to your own networks. Learn from Blink Ops about how organizations can limit their ransomware risk. [...]
https://www.bleepingcomputer.com/news/security/what-the-latest-ransomware-attacks-teach-about-defending-networks/
Windows 11, Tesla, and Ubuntu Linux hacked at Pwn2Own Vancouver
On the first day of Pwn2Own Vancouver 2024, contestants demoed Windows 11, Tesla, and Ubuntu Linux zero-day vulnerabilities and exploit chains to win $732,500 and a Tesla Model 3 car. [...]
https://www.bleepingcomputer.com/news/security/windows-11-tesla-and-ubuntu-linux-hacked-at-pwn2own-vancouver/
Spa Grand Prix email account hacked to phish banking info from fans
Hackers hijacked the official contact email for the Belgian Grand Prix event and used it to lure fans to a fake website promising a €50 gift voucher. [...]
https://www.bleepingcomputer.com/news/security/spa-grand-prix-email-account-hacked-to-phish-banking-info-from-fans/
GitHub’s new AI-powered tool auto-fixes vulnerabilities in your code
GitHub introduced a new AI-powered feature capable of speeding up vulnerability fixes while coding. This feature is in public beta and automatically enabled on all private repositories for GitHub Advanced Security (GHAS) customers [...]
https://www.bleepingcomputer.com/news/security/githubs-new-ai-powered-tool-auto-fixes-vulnerabilities-in-your-code/
US sanctions crypto exchanges used by Russian darknet market, banks
The U.S. Treasury Department's Office of Foreign Assets Control (OFAC) has sanctioned three cryptocurrency exchanges for working with OFAC-designated Russian dark web markets and banks. [...]
https://www.bleepingcomputer.com/news/security/us-sanctions-crypto-exchanges-used-by-russian-darknet-market-banks/
Hackers poison source code from largest Discord bot platform
The Top.gg Discord bot community with over 170,000 members has been impacted by a supply-chain attack aiming to infect developers with malware that steals sensitive information. [...]
https://www.bleepingcomputer.com/news/security/hackers-poison-source-code-from-largest-discord-bot-platform/
US sanctions APT31 hackers behind critical infrastructure attacks
The U.S. Treasury Department has sanctioned a Wuhan-based company used by the Chinese Ministry of State Security (MSS) as cover in attacks against U.S. critical infrastructure organizations. [...]
https://www.bleepingcomputer.com/news/security/us-sanctions-apt31-hackers-behind-critical-infrastructure-attacks/
Google's new AI search results promotes sites pushing malware, scams
Google's new AI-powered 'Search Generative Experience' algorithms recommend scam sites that redirect visitors to unwanted Chrome extensions, fake iPhone giveaways, browser spam subscriptions, and tech support scams. [...]
https://www.bleepingcomputer.com/news/google/googles-new-ai-search-results-promotes-sites-pushing-malware-scams/
Opera sees big jump in EU users on iOS, Android after DMA update
Opera has reported a substantial 164% increase in new European Union users on iOS devices after Apple introduced a new feature to comply with the EU's Digital Markets Act (DMA). [...]
https://www.bleepingcomputer.com/news/technology/opera-sees-big-jump-in-eu-users-on-ios-android-after-dma-update/
Microsoft releases emergency fix for Windows Server crashes
Microsoft has released emergency out-of-band (OOB) updates to fix a known issue causing Windows domain controllers to crash after installing the March 2024 Windows Server security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fix-for-windows-server-crashes/
Mozilla fixes two Firefox zero-day bugs exploited at Pwn2Own
Mozilla has released security updates to fix two zero-day vulnerabilities in the Firefox web browser exploited during the Pwn2Own Vancouver 2024 hacking competition. [...]
https://www.bleepingcomputer.com/news/security/mozilla-fixes-two-firefox-zero-day-bugs-exploited-at-pwn2own/
New GoFetch attack on Apple Silicon CPUs can steal crypto keys
A new side-channel attack called "GoFetch" impacts Apple M1, M2, and M3 processors and can be used to steal secret cryptographic keys from data in the CPU's cache. [...]
https://www.bleepingcomputer.com/news/security/new-gofetch-attack-on-apple-silicon-cpus-can-steal-crypto-keys/
Windows 11 Notepad finally gets spellcheck and autocorrect
Microsoft continues to add new features to the Windows Notepad, today announcing a preview release with built-in spellchecking and an autocorrect feature. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-notepad-finally-gets-spellcheck-and-autocorrect/
Unsaflok flaw can let hackers unlock millions of hotel doors
Security vulnerabilities in over 3 million Saflok electronic RFID locks deployed in 13,000 hotels and homes worldwide allowed researchers to easily unlock any door in a hotel by forging a pair of keycards. [...]
https://www.bleepingcomputer.com/news/security/unsaflok-flaw-can-let-hackers-unlock-millions-of-hotel-doors/
Exploit released for Fortinet RCE bug used in attacks, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/exploit-released-for-fortinet-rce-bug-used-in-attacks-patch-now/
Microsoft confirms Windows Server issue behind domain controller crashes
Microsoft confirmed that a memory leak introduced with the March 2024 Windows Server security updates is behind a widespread issue causing Windows domain controllers to crash. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-windows-server-issue-behind-domain-controller-crashes/
New Windows Server updates cause domain controller crashes, reboots
The March 2024 Windows Server updates are causing some domain controllers to crash and restart, according to widespread reports from Windows administrators. [...]
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-domain-controller-crashes-reboots/
New ‘Loop DoS’ attack may impact up to 300,000 online systems
A new denial-of-service attack dubbed 'Loop DoS' targeting application layer protocols can pair network services into an indefinite communication loop that creates large volumes of traffic. [...]
https://www.bleepingcomputer.com/news/security/new-loop-dos-attack-may-impact-up-to-300-000-online-systems/
Ivanti fixes critical Standalone Sentry bug reported by NATO
Ivanti warned customers to immediately patch a critical severity Standalone Sentry vulnerability reported by NATO Cyber Security Centre researchers. [...]
https://www.bleepingcomputer.com/news/security/ivanti-fixes-critical-standalone-sentry-bug-reported-by-nato/