bleepingcomputer | Technologies

Telegram-канал bleepingcomputer - BleepingComputer

1132

Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.

Subscribe to a channel

BleepingComputer

Planned Parenthood confirms cyberattack as RansomHub claims breach

Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage. [...]

https://www.bleepingcomputer.com/news/security/planned-parenthood-confirms-cyberattack-as-ransomhub-claims-breach/

Читать полностью…

BleepingComputer

Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel

The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore. [...]

https://www.bleepingcomputer.com/news/security/red-team-tool-macropack-abused-in-attacks-to-deploy-brute-ratel/

Читать полностью…

BleepingComputer

Cisco fixes root escalation vulnerability with public exploit code

Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems. [...]

https://www.bleepingcomputer.com/news/security/cisco-fixes-root-escalation-vulnerability-with-public-exploit-code/

Читать полностью…

BleepingComputer

Cisco warns of backdoor admin account in Smart Licensing Utility

Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges. [...]

https://www.bleepingcomputer.com/news/security/cisco-warns-of-backdoor-admin-account-in-smart-licensing-utility/

Читать полностью…

BleepingComputer

Google backports fix for Pixel EoP flaw to other Android devices

Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices. [...]

https://www.bleepingcomputer.com/news/security/google-backports-fix-for-pixel-eop-flaw-to-other-android-devices/

Читать полностью…

BleepingComputer

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks. [...]

https://www.bleepingcomputer.com/news/security/revival-hijack-supply-chain-attack-threatens-22-000-pypi-packages/

Читать полностью…

BleepingComputer

Zyxel warns of critical OS command injection flaw in routers

Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection. [...]

https://www.bleepingcomputer.com/news/security/zyxel-warns-of-critical-os-command-injection-flaw-in-routers/

Читать полностью…

BleepingComputer

FBI warns crypto firms of aggressive social engineering attacks

The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets. [...]

https://www.bleepingcomputer.com/news/security/fbi-warns-crypto-firms-of-aggressive-social-engineering-attacks/

Читать полностью…

BleepingComputer

D-Link says it is not fixing four RCE flaws in DIR-846W routers

D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [...]

https://www.bleepingcomputer.com/news/security/d-link-says-it-is-not-fixing-four-rce-flaws-in-dir-846w-routers/

Читать полностью…

BleepingComputer

Transport for London discloses ongoing “cyber security incident”

Transport for London (TfL), the city's transport authority, is investigating an ongoing cyberattack that has yet to impact its services. [...]

https://www.bleepingcomputer.com/news/security/transport-for-london-discloses-ongoing-cyber-security-incident/

Читать полностью…

BleepingComputer

Verkada to pay $2.95M for security failures leading to breaches

The Federal Trade Commission (FTC) proposes a $2.95 million penalty on security camera vendor Verkada for multiple security failures that enabled hackers to access live video feeds from 150,000 internet-connected cameras. [...]

https://www.bleepingcomputer.com/news/security/verkada-to-pay-295m-for-security-failures-leading-to-breaches/

Читать полностью…

BleepingComputer

Cicada3301 ransomware’s Linux encryptor targets VMware ESXi systems

A new ransomware-as-a-service (RaaS) operation named Cicada3301 has already listed 19 victims on its extortion portal, as it quickly attacked companies worldwide. [...]

https://www.bleepingcomputer.com/news/security/cicada3301-ransomwares-linux-encryptor-targets-vmware-esxi-systems/

Читать полностью…

BleepingComputer

Docker-OSX image used for security research hit by Apple DMCA takedown

The popular Docker-OSX project has been removed from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright. [...]

https://www.bleepingcomputer.com/news/security/docker-osx-image-used-for-security-research-hit-by-apple-dmca-takedown/

Читать полностью…

BleepingComputer

Researchers find SQL injection to bypass airport TSA security checks

Security researchers have found a vulnerability in a key air transport security system that allowed unauthorized individuals to potentially bypass airport security screenings and gain access to aircraft cockpits. [...]

https://www.bleepingcomputer.com/news/security/researchers-find-sql-injection-to-bypass-airport-tsa-security-checks/

Читать полностью…

BleepingComputer

North Korean hackers exploit Chrome zero-day to deploy rootkit

North Korean hackers have exploited a recently patched Google Chrome zero-day (CVE-2024-7971) to deploy the FudModule rootkit after gaining SYSTEM privileges using a Windows Kernel exploit. [...]

https://www.bleepingcomputer.com/news/security/north-korean-hackers-exploit-chrome-zero-day-to-deploy-rootkit/

Читать полностью…

BleepingComputer

Microchip Technology confirms data was stolen in cyberattack

American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/microchip-technology-confirms-data-was-stolen-in-cyberattack/

Читать полностью…

BleepingComputer

US cracks down on Russian disinformation before 2024 election

The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election. [...]

https://www.bleepingcomputer.com/news/security/us-cracks-down-on-russian-disinformation-before-2024-election/

Читать полностью…

BleepingComputer

New Eucleak attack lets threat actors clone YubiKey FIDO keys

A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device. [...]

https://www.bleepingcomputer.com/news/security/new-eucleak-attack-lets-threat-actors-clone-yubikey-fido-keys/

Читать полностью…

BleepingComputer

Hackers inject malicious JS in Cisco store to steal credit cards, credentials

Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout. [...]

https://www.bleepingcomputer.com/news/security/hackers-inject-malicious-js-in-cisco-store-to-steal-credit-cards-credentials/

Читать полностью…

BleepingComputer

Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security

AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine. [...]

https://www.bleepingcomputer.com/news/security/criminal-ip-earns-pci-dss-v40-certification-for-top-level-security/

Читать полностью…

BleepingComputer

FTC: Over $110 million lost to Bitcoin ATM scams in 2023

​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023. [...]

https://www.bleepingcomputer.com/news/security/ftc-americans-lost-over-110-million-to-bitcoin-atm-scams-in-2023/

Читать полностью…

BleepingComputer

New Windows PowerToy launches, repositions apps to saved layouts

​Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click. [...]

https://www.bleepingcomputer.com/news/microsoft/new-windows-powertoy-launches-repositions-apps-to-saved-layouts/

Читать полностью…

BleepingComputer

Clearview AI fined €30.5 million for unlawful data collection

The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens. [...]

https://www.bleepingcomputer.com/news/legal/clearview-ai-fined-305-million-by-dutch-dpa-for-unlawful-data-collection/

Читать полностью…

BleepingComputer

Halliburton confirms data stolen in recent cyberattack

Oil and gas giant Halliburton has confirmed in a filing today to the Securities and Exchange Commission (SEC) that data was stolen in the recent attack linked to the RansomHub ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/halliburton-confirms-data-stolen-in-recent-cyberattack/

Читать полностью…

BleepingComputer

Admins of MFA bypass service plead guilty to fraud

Three men have pleaded guilty to running OTP.Agency, an online platform that provided social engineering help to obtain one-time passcodes from customers of various banks and services in the U.K. [...]

https://www.bleepingcomputer.com/news/legal/admins-of-mfa-bypass-service-otp.agency-plead-guilty/

Читать полностью…

BleepingComputer

Business services giant CBIZ discloses customer data breach

CBIZ Benefits & Insurance Services (CBIZ) has disclosed a data breach that involves unauthorized access of client information stored in specific databases. [...]

https://www.bleepingcomputer.com/news/security/business-services-giant-cbiz-discloses-customer-data-breach/

Читать полностью…

BleepingComputer

GitHub comments abused to push password stealing malware masked as fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. [...]

https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-password-stealing-malware-masked-as-fixes/

Читать полностью…

BleepingComputer

Microsoft is trying to reduce Windows 11's desktop spotlight clutter

Windows 11's Spotlight feature is a pretty nice way to jazz up your desktop background with different wallpapers and fun facts when you hover over the image icon, but it takes up a lot of space. Microsoft is working on a new change that reduces this clutter in the Windows 11 Spotlight feature. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-is-trying-to-reduce-windows-11s-desktop-spotlight-clutter/

Читать полностью…

BleepingComputer

New Voldemort malware abuses Google Sheets to store stolen data

A campaign that started on August 5, 2024, is spreading a previously undocumented malware named "Voldemort" to organizations worldwide, impersonating tax agencies from the U.S., Europe, and Asia. [...]

https://www.bleepingcomputer.com/news/security/new-voldemort-malware-abuses-google-sheets-to-store-stolen-data/

Читать полностью…

BleepingComputer

Researcher sued for sharing data stolen by ransomware with media

The City of Columbus, Ohio, has filed a lawsuit against security researcher David Leroy Ross, aka Connor Goodwolf, accusing him of illegally downloading and disseminating data stolen from the City's IT network and leaked by the Rhysida ransomware gang. [...]

https://www.bleepingcomputer.com/news/security/researcher-sued-for-sharing-data-stolen-by-ransomware-with-media/

Читать полностью…
Subscribe to a channel