CISA: Network switch RCE flaw impacts critical infrastructure
U.S. cybersecurity agency CISA is warning about two critical vulnerabilities that allow authentication bypass and remote code execution in Optigo Networks ONS-S8 Aggregation Switch products used in critical infrastructure. [...]
https://www.bleepingcomputer.com/news/security/cisa-network-switch-rce-flaw-impacts-critical-infrastructure/
DrayTek fixed critical flaws in over 700,000 exposed routers
DrayTek has released security updates for multiple router models to address 14 vulnerabilities of varying severity, including a remote code execution flaw that received the maximum CVSS score of 10. [...]
https://www.bleepingcomputer.com/news/security/draytek-fixed-critical-flaws-in-over-700-000-exposed-routers/
Microsoft warns of Windows 11 24H2 gaming performance issues
Microsoft is working to fix several known issues behind Asphalt 8 game crashes and Easy Anti-Cheat blue screens on some Windows 24H2 systems. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-windows-11-24h2-gaming-performance-issues/
Microsoft fixes Outlook email sending issue for users with many folders
Microsoft has fixed a known issue affecting Outlook for Microsoft 365 users that caused problems sending emails for those with too many nested folders. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-email-sending-issue-for-users-with-many-folders/
Ransomware attack forces UMC Health System to divert some patients
Texas healthcare provider UMC Health System was forced to divert some patients to other locations after a ransomware attack impacted its operations. [...]
https://www.bleepingcomputer.com/news/security/ransomware-attack-forces-umc-health-system-to-divert-some-patients/
Police arrest four suspects linked to LockBit ransomware gang
Law enforcement authorities from 12 countries arrested four suspects linked to the LockBit ransomware gang, including a developer, a bulletproof hosting service administrator, and two people connected to LockBit activity. [...]
https://www.bleepingcomputer.com/news/security/police-arrest-four-suspects-linked-to-lockbit-ransomware-gang/
Windows 11 24H2 now rolling out, here are the new features
Today, Microsoft announced the release of Windows 11, version 24H2, the next feature update for its operating system (also known as the Windows 11 2024 Update). [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-24h2-now-rolling-out-here-are-the-new-features/
Hacker charged for breaching 5 companies for insider trading
The U.S. Securities and Exchange Commission (SEC) charged Robert B. Westbrook, a U.K. citizen, with hacking into the computer systems of five U.S. public companies to access confidential earnings information and conduct insider trading. [...]
https://www.bleepingcomputer.com/news/security/hacker-charged-for-breaching-5-companies-for-insider-trading/
Microsoft Defender adds detection of unsecure Wi-Fi networks
Microsoft Defender now automatically detects and notifies users with a Microsoft 365 Personal or Family subscription when they're connected to unsecured Wi-Fi networks. [...]
https://www.bleepingcomputer.com/news/security/microsoft-defender-now-automatically-detects-unsecure-wi-fi-networks/
T-Mobile pays $31.5 million FCC settlement over 4 data breaches
The Federal Communications Commission (FCC) announced a $31.5 million settlement with T-Mobile over multiple data breaches that compromised the personal information of millions of U.S. consumers. [...]
https://www.bleepingcomputer.com/news/security/t-mobile-pays-315-million-fcc-settlement-over-4-data-breaches/
Verizon outage: iPhones, Android devices stuck in SOS mode
A widespread Verizon outage is causing iPhones and Android devices to enter SOS mode, preventing them from making mobile calls unless they use WiFi calling. [...]
https://www.bleepingcomputer.com/news/technology/iphones-android-devices-stuck-in-sos-mode-after-verizon-outage/
Windows 11 KB5043145 update causes reboot loops, blue screens
Microsoft warns that some Windows 11 systems enter reboot loops or might freeze with blue screens after installing the September 2024 KB5043145 preview update. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5043145-update-causes-reboot-loops-blue-screens/
Ireland fines Meta €91 million for storing passwords in plaintext
The Data Protection Commission (DPC) in Ireland has fined Meta Platforms Ireland Limited (MPIL) €91 million ($100 million) for storing in plaintext passwords of hundreds of millions of users. [...]
https://www.bleepingcomputer.com/news/legal/ireland-fines-meta-91-million-for-storing-passwords-in-plaintext/
U.S. charges Joker's Stash and Rescator money launderers
The U.S. Department of Justice (DoJ) has announced charges against two Russian nationals for operating billion-dollar money laundering services for cybercriminals, including ransomware groups. [...]
https://www.bleepingcomputer.com/news/legal/us-charges-jokers-stash-and-rescator-money-launderers/
Embargo ransomware escalates attacks to cloud environments
Microsoft warns that ransomware threat actor Storm-0501 has recently switched tactics and now targets hybrid cloud environments, expanding its strategy to compromise all victim assets. [...]
https://www.bleepingcomputer.com/news/security/embargo-ransomware-escalates-attacks-to-cloud-environments/
Critical Zimbra RCE flaw exploited to backdoor servers using emails
Hackers are actively exploiting a recently disclosed RCE vulnerability in Zimbra email servers that can be triggered simply by sending specially crafted emails to the SMTP server. [...]
https://www.bleepingcomputer.com/news/security/critical-zimbra-rce-flaw-exploited-to-backdoor-servers-using-emails/
Microsoft blocks Windows 11 24H2 on some Intel PCs over BSOD issues
Microsoft is blocking Windows 24H2 upgrades on systems with incompatible Intel Smart Sound Technology (SST) audio drivers due to blue screen of death (BSOD) issues. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-blocks-windows-11-24h2-on-some-intel-pcs-over-bsod-issues/
Arc browser launches bug bounty program after fixing RCE bug
The Browser Company has introduced an Arc Bug Bounty Program to encourage security researchers to report vulnerabilities to the project and receive rewards. [...]
https://www.bleepingcomputer.com/news/security/arc-browser-launches-bug-bounty-program-after-fixing-rce-bug/
Rackspace monitoring data stolen in ScienceLogic zero-day attack
Cloud hosting provider Rackspace suffered a data breach exposing "limited" customer monitoring data after threat actors exploited a zero-day vulnerability in a third-party tool used by the ScienceLogic SL1 platform. [...]
https://www.bleepingcomputer.com/news/security/rackspace-monitoring-data-stolen-in-sciencelogic-zero-day-attack/
Evil Corp hit with new sanctions, BitPaymer ransomware charges
The Evil Corp cybercrime syndicate has been hit with new sanctions by the United States, United Kingdom, and Australia. The US also indicted one of its members for conducting BitPaymer ransomware attacks. [...]
https://www.bleepingcomputer.com/news/security/evil-corp-hit-with-new-sanctions-bitpaymer-ransomware-charges/
Microsoft fixes Windows KB5043145 reboot loops, USB and Bluetooth issues
Microsoft fixes a known issue in the Windows KB5043145 preview update that causes reboot loops, freezes systems, and breaks USB and Bluetooth devices. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-kb5043145-reboot-loops-usb-and-bluetooth-issues/
The Playstation Network is down in a global outage
The PlayStation Network is suffering a global outage, with subscribers confirming that they can no longer play online games or access the company's website. [...]
https://www.bleepingcomputer.com/news/gaming/the-playstation-network-is-down-in-a-global-outage/
Microsoft overhauls security for publishing Edge extensions
Microsoft has introduced an updated version of the "Publish API for Edge extension developers" that increases the security for developer accounts and the updating of browser extensions. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-overhauls-security-for-publishing-edge-extensions/
JPCERT shares Windows Event Log tips to detect ransomware attacks
Japan's Computer Emergency Response Center (JPCERT/CC) has shared tips on detecting different ransomware gang's attacks based on entries in Windows Event Logs, providing timely detection of ongoing attacks before they spread too far into a network. [...]
https://www.bleepingcomputer.com/news/security/jpcert-shares-windows-event-log-tips-to-detect-ransomware-attacks/
Man charged for selling forged license keys for network switches
The U.S. government has indicted a co-owner of a Minnesota IT company for his participation in an international conspiracy to sell forged license keys for networking devices. [...]
https://www.bleepingcomputer.com/news/legal/man-charged-for-selling-forged-license-keys-for-network-switches/
Media giant AFP hit by cyberattack impacting news delivery services
Global news agency AFP (Agence France-Presse) is warning that it suffered a cyberattack on Friday, which impacted IT systems and content delivery services for its partners. [...]
https://www.bleepingcomputer.com/news/security/media-giant-afp-hit-by-cyberattack-impacting-news-delivery-services/
Critical flaw in NVIDIA Container Toolkit allows full host takeover
A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. [...]
https://www.bleepingcomputer.com/news/security/critical-flaw-in-nvidia-container-toolkit-allows-full-host-takeover/
Iranian hackers charged for ‘hack-and-leak’ plot to influence election
The U.S. Department of Justice unsealed an indictment charging three Iranian hackers with a "hack-and-leak" campaign that aimed to influence the 2024 U.S. presidential election. [...]
https://www.bleepingcomputer.com/news/security/iranian-hackers-charged-for-hack-and-leak-plot-to-influence-election/
Microsoft: Windows Recall now can be removed, is more secure
Microsoft has announced security and privacy upgrades to its AI-powered Windows Recall feature, which now can be removed and has stronger default protection for user data and tighter access controls. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-recall-now-can-be-removed-is-more-secure/
Progress urges admins to patch critical WhatsUp Gold bugs ASAP
Progress Software warned customers to patch multiple critical and high-severity vulnerabilities in its WhatsUp Gold network monitoring tool as soon as possible. [...]
https://www.bleepingcomputer.com/news/security/progress-urges-admins-to-patch-critical-whatsup-gold-bugs-asap/