1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Microsoft pulls Edge update causing 'Out of Memory' crashes
Microsoft has pulled the Microsoft Edge 122.0.2365.63 update after users reported receiving "Out of memory" errors when browsing the web or accessing the browser settings. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-pulls-edge-update-causing-out-of-memory-crashes/
Golden Corral restaurant chain data breach impacts 183,000 people
The Golden Corral American restaurant chain disclosed a data breach after attackers behind an August cyberattack stole the personal information of over 180,000 people. [...]
https://www.bleepingcomputer.com/news/security/golden-corral-restaurant-chain-data-breach-impacts-183-000-people/
Brave browser launches privacy-focused AI assistant on Android
Brave Software is the next company to jump into AI, announcing a new privacy-preserving AI assistant called "Leo" is rolling out on the Android version of its browser through the latest release, version 1.63. [...]
https://www.bleepingcomputer.com/news/security/brave-browser-launches-privacy-focused-ai-assistant-on-android/
Windows 10 KB5034843 update released with 9 new changes, fixes
Microsoft has released the optional KB5034843 Preview cumulative update for Windows 10 22H2 with an updated sharing experience and eight other fixes or changes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5034843-update-released-with-9-new-changes-fixes/
GitHub enables push protection by default to stop secrets leak
GitHub has enabled push protection by default for all public repositories to prevent accidental exposure of secrets such as access tokens and API keys when pushing new code. [...]
https://www.bleepingcomputer.com/news/security/github-enables-push-protection-by-default-to-stop-secrets-leak/
Windows 11 'Moment 5' update released, here are the new features
Microsoft has released the Windows 11 'Moment 5' update for versions 23H2 and 22H2, starting the rollout of new features, such as Windows Copilot skills and plugins, Voice Access, AI enhancements for ClipChamp and Photos, and Narrator improvements. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-moment-5-update-released-here-are-the-new-features/
20 million Cutout.Pro user records leaked on data breach forum
AI service Cutout.Pro has suffered a data breach exposing the personal information of 20 million members, including email addresses, hashed and salted passwords, IP addresses, and names. [...]
https://www.bleepingcomputer.com/news/security/20-million-cutoutpro-user-records-leaked-on-data-breach-forum/
Malicious AI models on Hugging Face backdoor users’ machines
At least 100 instances of malicious AI ML models were found on the Hugging Face platform, some of which can execute code on the victim's machine, giving attackers a persistent backdoor. [...]
https://www.bleepingcomputer.com/news/security/malicious-ai-models-on-hugging-face-backdoor-users-machines/
Rhysida ransomware wants $3.6 million for children’s stolen data
The Rhysida ransomware gang has claimed the cyberattack on Lurie Children's Hospital in Chicago at the start of the month. [...]
https://www.bleepingcomputer.com/news/security/rhysida-ransomware-wants-36-million-for-childrens-stolen-data/
Ransomware gang claims they stole 6TB of Change Healthcare data
The BlackCat/ALPHV ransomware gang has officially claimed responsibility for a cyberattack on Optum, a subsidiary of UnitedHealth Group (UHG), which led to an ongoing outage affecting the Change Healthcare platform. [...]
https://www.bleepingcomputer.com/news/security/ransomware-gang-claims-they-stole-6tb-of-change-healthcare-data/
Lazarus hackers exploited Windows zero-day to gain Kernel privileges
North Korean threat actors known as the Lazarus Group exploited a flaw in the Windows AppLocker driver (appid.sys) as a zero-day to gain kernel-level access and turn off security tools, allowing them to bypass noisy BYOVD (Bring Your Own Vulnerable Driver) techniques. [...]
https://www.bleepingcomputer.com/news/security/lazarus-hackers-exploited-windows-zero-day-to-gain-kernel-privileges/
Japan warns of malicious PyPi packages created by North Korean hackers
Japan's Computer Security Incident Response Team (JPCERT/CC) is warning that the notorious North Korean hacking group Lazarus has uploaded four malicious PyPI packages to infect developers with malware. [...]
https://www.bleepingcomputer.com/news/security/japan-warns-of-malicious-pypi-packages-created-by-north-korean-hackers/
Savvy Seahorse gang uses DNS CNAME records to power investor scams
A threat actor named Savvy Seahorse is abusing CNAME DNS records Domain Name System to create a traffic distribution system that powers financial scam campaigns. [...]
https://www.bleepingcomputer.com/news/security/savvy-seahorse-gang-uses-dns-cname-records-to-power-investor-scams/
Pharmaceutical giant Cencora says data was stolen in a cyberattack
Pharmaceutical giant Cencora says they suffered a cyberattack where threat actors stole data from corporate IT systems. [...]
https://www.bleepingcomputer.com/news/security/pharmaceutical-giant-cencora-says-data-was-stolen-in-a-cyberattack/
LabHost cybercrime service lets anyone phish Canadian bank users
The Phishing as a Service (PhaaS) platform 'LabHost' has been helping cybercriminals target North American banks, particularly financial institutes in Canada, causing a notable increase in activity. [...]
https://www.bleepingcomputer.com/news/security/labhost-cybercrime-service-lets-anyone-phish-canadian-bank-users/
U.S. charges Iranian for hacks on defense orgs, offers $10M for info
The U.S. Department of Justice (DoJ) has unveiled an indictment against Alireza Shafie Nasab, a 39-year-old Iranian national, for his role in a cyber-espionage campaign targeting U.S. government and defense entities. [...]
https://www.bleepingcomputer.com/news/security/us-charges-iranian-for-hacks-on-defense-orgs-offers-10m-for-info/
New Bifrost malware for Linux mimics VMware domain for evasion
A new Linux variant of the Bifrost remote access trojan (RAT) employs several novel evasion techniques, including the use of a deceptive domain that was made to appear as part of VMware. [...]
https://www.bleepingcomputer.com/news/security/new-bifrost-malware-for-linux-mimics-vmware-domain-for-evasion/
CISA warns against using hacked Ivanti devices even after factory resets
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) revealed today that attackers who breached Ivanti appliances using one of multiple actively exploited vulnerabilities can maintain root persistence even after performing factory resets. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-against-using-hacked-ivanti-devices-even-after-factory-resets/
Windows 11 KB5034848 preview update adds USB 80Gbps support
Microsoft has released the optional KB5034848 Preview cumulative update for Windows 11 23H2 and 22H2, which brings new features, including USB 80Gbps and nineteen other changes and fixes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5034848-preview-update-adds-usb-80gbps-support/
Citrix, Sophos software impacted by 2024 leap year bugs
Citrix and Sophos products have been impacted by leap year flaws, leading to unexpected problems in their products. [...]
https://www.bleepingcomputer.com/news/software/citrix-sophos-software-impacted-by-2024-leap-year-bugs/
Microsoft rolls back decision to stop Windows 11 22H2 preview updates
Microsoft says that systems running Windows 11 22H2 will continue to receive non-security preview updates after initially stating they would no longer receive them after February 2024. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-back-decision-to-stop-windows-11-22h2-preview-updates/
Anycubic 3D printers hacked worldwide to expose security flaw
According to a wave of online reports from Anycubic customers, someone hacked their 3D printers to warn that the devices are exposed to attacks. [...]
https://www.bleepingcomputer.com/news/security/anycubic-3d-printers-hacked-worldwide-to-expose-security-flaw/
New executive order bans mass sale of personal data to China, Russia
U.S. President Joe Biden has signed an executive order that aims to ban the bulk sale and transfer of Americans' private data to "countries of concern" such as China, Russia, Iran, North Korea, Cuba, and Venezuela. [...]
https://www.bleepingcomputer.com/news/security/new-executive-order-bans-mass-sale-of-personal-data-to-china-russia/
Kali Linux 2024.1 released with 4 new tools, UI refresh
Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. [...]
https://www.bleepingcomputer.com/news/security/kali-linux-20241-released-with-4-new-tools-ui-refresh/
LockBit ransomware returns to attacks with new encryptors, servers
The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. [...]
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-returns-to-attacks-with-new-encryptors-servers/
Epic Games: "Zero evidence" we were hacked by Mogilevich gang
Epic Games said they found zero evidence of a cyberattack or data theft after the Mogilevich extortion group claimed to have breached the company's servers. [...]
https://www.bleepingcomputer.com/news/security/epic-games-zero-evidence-we-were-hacked-by-mogilevich-gang/
Need to Know: Key Takeaways from the Latest Phishing Attacks
This article takes a look at some lessons from recent phishing attacks and highlights actionable tips to limit the risks of phishing affecting your company. [...]
https://www.bleepingcomputer.com/news/security/need-to-know-key-takeaways-from-the-latest-phishing-attacks/
Registrars can now block all domains that resemble brand names
Registrars can now block people from registering tens of thousands of domain names that look like, are spelling variations of, or otherwise infringe on brand names. [...]
https://www.bleepingcomputer.com/news/technology/registrars-can-now-block-all-domains-that-resemble-brand-names/
FBI, CISA warn US hospitals of targeted BlackCat ransomware attacks
Today, the FBI, CISA, and the Department of Health and Human Services (HHS) warned U.S. healthcare organizations of targeted ALPHV/Blackcat ransomware attacks. [...]
https://www.bleepingcomputer.com/news/security/fbi-cisa-warn-us-hospitals-of-targeted-blackcat-ransomware-attacks/
Black Basta, Bl00dy ransomware gangs join ScreenConnect attacks
The Black Basta and Bl00dy ransomware gangs have joined widespread attacks targeting ScreenConnect servers unpatched against a maximum severity authentication bypass vulnerability. [...]
https://www.bleepingcomputer.com/news/security/black-basta-bl00dy-ransomware-gangs-join-screenconnect-attacks/