1132
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
First American December data breach impacts 44,000 people
First American Financial Corporation, the second-largest title insurance company in the United States, revealed on Tuesday that a December cyberattack led to a breach impacting 44,000 individuals. [...]
https://www.bleepingcomputer.com/news/security/first-american-december-data-breach-impacts-44-000-people/
US govt sanctions cybercrime gang behind massive 911 S5 botnet
The U.S. Treasury Department has sanctioned a cybercrime network comprising three Chinese nationals and three Thailand-based companies linked to a massive botnet controlling a residential proxy service known as "911 S5." [...]
https://www.bleepingcomputer.com/news/security/us-govt-sanctions-cybercrime-gang-behind-massive-911-s5-botnet-linked-to-illegitimate-residential-proxy-service/
Microsoft links North Korean hackers to new FakePenny ransomware
Microsoft has linked a North Korean hacking group it tracks as Moonstone Sleet to FakePenny ransomware attacks, which have led to millions of dollars in ransom demands. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-links-moonstone-sleet-north-korean-hackers-to-new-fakepenny-ransomware/
Christie’s confirms breach after RansomHub threatens to leak data
Christie's confirmed that it suffered a security incident earlier this month after the RansomHub extortion gang claimed responsibility and threatened to leak stolen data. [...]
https://www.bleepingcomputer.com/news/security/christies-confirms-breach-after-ransomhub-threatens-to-leak-data/
TP-Link fixes critical RCE bug in popular C5400X gaming router
The TP-Link Archer C5400X gaming router is vulnerable to security flaws that could enable an unauthenticated, remote attacker to execute commands on the device. [...]
https://www.bleepingcomputer.com/news/security/tp-link-fixes-critical-rce-bug-in-popular-c5400x-gaming-router/
Sav-Rx discloses data breach impacting 2.8 million Americans
Prescription management company Sav-Rx is warning over 2.8 million people in the United States that it suffered a data breach, stating that their personal data was stolen in a 2023 cyberattack. [...]
https://www.bleepingcomputer.com/news/security/sav-rx-discloses-data-breach-impacting-28-million-americans/
Arc browser’s Windows launch targeted by Google ads malvertising
A new Google Ads malvertising campaign, coinciding with the launch of the Arc web browser for Windows, was tricking people into downloading trojanized installers that infect them with malware payloads. [...]
https://www.bleepingcomputer.com/news/security/arc-browsers-windows-launch-targeted-by-google-ads-malvertising/
ICQ messenger shuts down after almost 28 years
The ICQ messaging app is shutting down on June 26th, marking the end of a much-beloved communication application. [...]
https://www.bleepingcomputer.com/news/software/icq-messenger-shuts-down-after-almost-28-years/
Microsoft: Windows 24H2 will remove Cortana and WordPad apps
Microsoft says the Cortana, Tips, and WordPad applications will be automatically removed on systems upgraded to the upcoming Windows 11 24H2 release. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-24h2-will-remove-cortana-and-wordpad-apps/
Cencora data breach exposes US patient info from 8 drug companies
Some of the largest drug companies in the world have disclosed data breaches due to a February 2024 cyberattack at Cencora, whom they partner with for pharmaceutical and business services. [...]
https://www.bleepingcomputer.com/news/security/cencora-data-breach-exposes-us-patient-info-from-8-drug-companies/
Google fixes eighth actively exploited Chrome zero-day this year
Google has released a new emergency security update to address the eighth zero-day vulnerability in Chrome browser confirmed to be actively exploited in the wild. [...]
https://www.bleepingcomputer.com/news/security/google-fixes-eighth-actively-exploited-chrome-zero-day-this-year/
JAVS courtroom recording software backdoored in supply chain attack
Attackers have backdoored the installer of widely used Justice AV Solutions (JAVS) courtroom video recording software with malware that lets them take over compromised systems. [...]
https://www.bleepingcomputer.com/news/security/javs-courtroom-recording-software-backdoored-in-supply-chain-attack/
High-severity GitLab flaw lets attackers take over accounts
GitLab patched a high-severity vulnerability that unauthenticated attackers could exploit to take over user accounts in cross-site scripting (XSS) attacks. [...]
https://www.bleepingcomputer.com/news/security/high-severity-gitlab-flaw-lets-attackers-take-over-accounts/
Northern Ireland police faces £750k fine after exposing staff info
UK's Information Commissioner Office (ICO) has announced the intention to impose a fine of £750,000 ($954,000) on the Police Service of Northern Ireland (PSNI) for exposing the entire workforce's personal details by inadvertently publishing a spreadsheet file online. [...]
https://www.bleepingcomputer.com/news/security/northern-ireland-police-faces-750k-fine-after-exposing-staff-info/
Windows 11 24H2 now rolling out to Release Preview Insiders
Microsoft is rolling out Windows 11 24H2 to testers in the Release Preview Channel, confirming that it is in the final stages of testing. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-now-rolling-out-to-release-preview-insiders/
Over 90 malicious Android apps with 5.5M installs found on Google Play
Over 90 malicious Android apps were found installed over 5.5 million times through Google Play to deliver malware and adware, with the Anatsa banking trojan seeing a recent surge in activity. [...]
https://www.bleepingcomputer.com/news/security/over-90-malicious-android-apps-with-55m-installs-found-on-google-play/
Russian indicted for selling access to US corporate networks
A 31-year-old Russian national named Evgeniy Doroshenko has been indicted for wire and computer fraud in the United States for allegedly acting as an "initial access broker" from February 2019 to May 2024. [...]
https://www.bleepingcomputer.com/news/security/russian-indicted-for-selling-access-to-us-corporate-networks/
Exploit released for maximum severity Fortinet RCE bug, patch now
Security researchers have released a proof-of-concept (PoC) exploit for a maximum-severity vulnerability in Fortinet's security information and event management (SIEM) solution, which was patched in February. [...]
https://www.bleepingcomputer.com/news/security/exploit-released-for-maximum-severity-fortinet-rce-bug-patch-now/
Ad blocker users say YouTube videos are now skipping to the end
Many users report that YouTube videos automatically skip to the end or muting video if they are using an ad blocker, making it impossible for them to watch the video. [...]
https://www.bleepingcomputer.com/news/google/ad-blocker-users-say-youtube-videos-are-now-skipping-to-the-end/
Hackers target Check Point VPNs to breach enterprise networks
Threat actors are targeting Check Point Remote Access VPN devices in an ongoing campaign to breach enterprise networks, the company warned in a Monday advisory. [...]
https://www.bleepingcomputer.com/news/security/hackers-target-check-point-vpns-to-breach-enterprise-networks/
Hackers phish finance orgs using trojanized Minesweeper clone
Hackers are utilizing code from a Python clone of Microsoft's venerable Minesweeper game to hide malicious scripts in attacks on European and US financial organizations. [...]
https://www.bleepingcomputer.com/news/security/hackers-phish-finance-orgs-using-trojanized-minesweeper-clone/
Indian man stole $37 million in crypto using fake Coinbase Pro site
An Indian national pleaded guilty to wire fraud conspiracy for stealing over $37 million through a fake Coinbase website used to steal credentials. [...]
https://www.bleepingcomputer.com/news/security/indian-man-stole-37-million-in-crypto-using-fake-coinbase-pro-site/
Hacker defaces spyware app’s site, dumps database and source code
A hacker has defaced the website of the pcTattletale spyware application, found on the booking systems of several Wyndham hotels in the United States, and leaked over a dozen archives containing database and source code data. [...]
https://www.bleepingcomputer.com/news/security/hacker-defaces-spyware-apps-site-dumps-database-and-source-code/
Microsoft Copilot fixed worldwide after 24 hour outage
After over a 24-hour outage, Microsoft's Bing, Copilot, and Copilot in Windows services are back online worldwide, with no information released as to what caused the problem. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-copilot-fixed-worldwide-after-24-hour-outage/
New ShrinkLocker ransomware uses BitLocker to encrypt your files
A new ransomware strain called ShrinkLocker creates a new boot partition to encrypt corporate systems using Windows BitLocker. [...]
https://www.bleepingcomputer.com/news/security/new-shrinklocker-ransomware-uses-bitlocker-to-encrypt-your-files/
Microsoft pushes emergency fix for Windows Server 2019 update errors
Microsoft has released an emergency out-of-band (OOB) update for Windows Server 2019 that fixes a bug causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-pushes-emergency-fix-for-windows-server-2019-0x800f0982-update-errors/
Microsoft spots gift card thieves using cyber-espionage tactics
Microsoft has published a "Cyber Signals" report sharing new information about the hacking group Storm-0539 and a sharp rise in gift card theft as we approach the Memorial Day holiday in the United States. [...]
https://www.bleepingcomputer.com/news/security/microsoft-spots-gift-card-thieves-using-cyber-espionage-tactics/
Apple wasn’t storing deleted iOS photos in iCloud after all
Security researchers reverse-engineered Apple's recent iOS 17.5.1 update and found that a recent bug that restored images deleted months or even years ago was caused by an iOS bug and not an issue with iCloud. [...]
https://www.bleepingcomputer.com/news/security/apple-wasnt-storing-deleted-ios-photos-in-icloud-after-all/
Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search
A massive Microsoft outage in some regions affects Bing.com, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search and DuckDuckGo. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-outage-affects-bing-copilot-duckduckgo-and-chatgpt-internet-search/
Microsoft to start killing off VBScript in second half of 2024
Microsoft announced today that it will start deprecating VBScript in the second half of 2024 by making it an on-demand feature until it's completely removed. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-to-start-killing-off-vbscript-in-second-half-of-2024/