1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Duvel says it has "more than enough" beer after ransomware attack
Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities [...]
https://www.bleepingcomputer.com/news/security/duvel-says-it-has-more-than-enough-beer-after-ransomware-attack/
VMware fixes critical sandbox escape flaws in ESXi, Workstation, and Fusion
VMware released security updates to fix critical sandbox escape vulnerabilities in VMware ESXi, Workstation, Fusion, and Cloud Foundation products, allowing attackers to escape virtual machines and access the host operating system. [...]
https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-sandbox-escape-flaws-in-esxi-workstation-and-fusion/
NSA shares zero-trust guidance to limit adversaries on the network
The National Security Agency is sharing new guidance to help organizations limit an adversary's movement on the internal network by adopting zero-trust framework principles. [...]
https://www.bleepingcomputer.com/news/security/nsa-shares-zero-trust-guidance-to-limit-adversaries-on-the-network/
New WogRAT malware abuses online notepad service to store malware
A new malware dubbed 'WogRAT' targets both Windows and Linux in attacks abusing an online notepad platform named 'aNotepad' as a covert channel for storing and retrieving malicious code. [...]
https://www.bleepingcomputer.com/news/security/new-wograt-malware-abuses-online-notepad-service-to-store-malware/
U.S. sanctions Predator spyware operators for spying on Americans
The U.S. has imposed sanctions on two individuals and five entities linked to the development and distribution of the Predator commercial spyware used to target Americans, including government officials and journalists. [...]
https://www.bleepingcomputer.com/news/legal/us-sanctions-predator-spyware-operators-for-spying-on-americans/
Facebook and Instagram outage logs out users, passwords not working
Facebook and Instagram users worldwide have been logged out of the sites and are having trouble logging in, receiving errors that their passwords are incorrect. [...]
https://www.bleepingcomputer.com/news/technology/facebook-and-instagram-outage-logs-out-users-passwords-not-working/
Passwords are Costing Your Organization Money - How to Minimize Those Costs
Getting rid of passwords completely isn't a realistic option for most orgs, but there are things you can do to make them more secure. Learn more from Specops Software on maximizing security while mitigating costs. [...]
https://www.bleepingcomputer.com/news/security/passwords-are-costing-your-organization-money-how-to-minimize-those-costs/
ScreenConnect flaws exploited to drop new ToddleShark malware
The North Korean APT hacking group Kimsuky is exploiting ScreenConnect flaws, particularly CVE-2024-1708 and CVE-2024-1709, to infect targets with a new malware variant dubbed ToddleShark. [...]
https://www.bleepingcomputer.com/news/security/screenconnect-flaws-exploited-to-drop-new-toddleshark-malware/
Apple blames Spotify for $1.95 billion fine over "abusive" App store rules
The European Commission has fined Apple €1.8 billion, or approximately $1.95 million, for allegedly abusing its market dominance in music streaming app distribution to prevent developers from promoting cheaper services outside the app. [...]
https://www.bleepingcomputer.com/news/apple/apple-blames-spotify-for-195-billion-fine-over-abusive-app-store-rules/
Ukraine claims it hacked Russian Ministry of Defense servers
The Main Intelligence Directorate (GUR) of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense (Minoborony) and stole sensitive documents. [...]
https://www.bleepingcomputer.com/news/security/ukraine-claims-it-hacked-russian-ministry-of-defense-servers/
American Express credit cards exposed in vendor data breach
American Express is warning customers that credit cards were exposed in a third-party data breach after one of its service providers was hacked. [...]
https://www.bleepingcomputer.com/news/security/american-express-credit-cards-exposed-in-vendor-data-breach/
Microsoft: Windows 11 “invites” coming to more Windows 10 Pro PCs
Starting next month, Microsoft nag screens pushing Windows 11 will also show up on non-managed enterprise devices running Windows 10 Pro and Pro Workstation. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-11-invites-coming-to-more-windows-10-pro-pcs/
Hackers target FCC, crypto firms in advanced Okta phishing attacks
A new phishing kit named CryptoChameleon is being used to target Federal Communications Commission (FCC) employees, using specially crafted single sign-on (SSO) pages for Okta that appear remarkably similar to the originals. [...]
https://www.bleepingcomputer.com/news/security/hackers-target-fcc-crypto-firms-in-advanced-okta-phishing-attacks/
The Week in Ransomware - March 1st 2024 - Healthcare under siege
Ransomware attacks on healthcare over the last few months have been relentless, with numerous ransomware operations targeting hospitals and medical services, causing disruption to patient care and access to prescription drugs in the USA. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-1st-2024-healthcare-under-siege/
Germany takes down largest cybercrime market in the country, arrests 6
The Düsseldorf Police in Germany have seized Crimemarket, the largest German-speaking illicit trading platform on the internet, arresting six people, including one of its operators. [...]
https://www.bleepingcomputer.com/news/legal/germany-takes-down-largest-cybercrime-market-in-the-country-arrests-6/
Canada's anti-money laundering agency offline after cyberattack
The Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) has announced that a "cyber incident" forced it to take its corporate systems offline as a precaution. [...]
https://www.bleepingcomputer.com/news/security/canadas-anti-money-laundering-agency-offline-after-cyberattack/
Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware
Hackers are targeting misconfigured servers running Apache Hadoop YARN, Docker, Confluence, or Redis with new Golang-based malware that automates the discovery and compromise of the hosts. [...]
https://www.bleepingcomputer.com/news/security/hackers-target-docker-hadoop-redis-confluence-with-new-golang-malware/
Apple fixes two new iOS zero-days exploited in attacks on iPhones
Apple released emergency security updates to fix two iOS zero-day vulnerabilities that were exploited in attacks on iPhones. [...]
https://www.bleepingcomputer.com/news/apple/apple-fixes-two-new-ios-zero-days-exploited-in-attacks-on-iphones/
Microsoft is killing off the Android apps in Windows 11 feature
Microsoft has unexpectedly announced they are ending support for the Windows Subsystem for Android next year on March 5th. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-killing-off-the-android-apps-in-windows-11-feature/
Hackers abuse QEMU to covertly tunnel network traffic in cyberattacks
Malicious actors were detected abusing the open-source hypervisor platform QEMU as a tunneling tool in a cyberattack against a large company. [...]
https://www.bleepingcomputer.com/news/security/hackers-abuse-qemu-to-covertly-tunnel-network-traffic-in-cyberattacks/
BlackCat ransomware shuts down in exit scam, blames the "feds"
The BlackCat ransomware gang is pulling an exit scam, trying to shut down and run off with affiliates' money by pretending the FBI seized their site and infrastructure. [...]
https://www.bleepingcomputer.com/news/security/blackcat-ransomware-shuts-down-in-exit-scam-blames-the-feds/
Exploit available for new critical TeamCity auth bypass bug, patch now
A critical vulnerability (CVE-2024-27198) in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. [...]
https://www.bleepingcomputer.com/news/security/exploit-available-for-new-critical-teamcity-auth-bypass-bug-patch-now/
Hackers steal Windows NTLM authentication hashes in phishing attacks
The hacking group known as TA577 has recently shifted tactics by using phishing emails to steal NT LAN Manager (NTLM) authentication hashes to perform account hijacks. [...]
https://www.bleepingcomputer.com/news/security/hackers-steal-windows-ntlm-authentication-hashes-in-phishing-attacks/
BlackCat ransomware turns off servers amid claim they stole $22 million ransom
The ALPHV/BlackCat ransomware gang has shut down its servers amid claims that they scammed the affiliate responsible for the attack on Optum, the operator of the Change Healthcare platform, of $22 million. [...]
https://www.bleepingcomputer.com/news/security/blackcat-ransomware-turns-off-servers-amid-claim-they-stole-22-million-ransom/
North Korea hacks two South Korean chip firms to steal engineering data
The National Intelligence Service (NIS) in South Korea warns that North Korean hackers target domestic semiconductor manufacturers in cyber espionage attacks. [...]
https://www.bleepingcomputer.com/news/security/north-korea-hacks-two-south-korean-chip-firms-to-steal-engineering-data/
Stealthy GTPDOOR Linux malware targets mobile operator networks
Security researcher HaxRob discovered a previously unknown Linux backdoor named GTPDOOR, designed for covert operations within mobile carrier networks. [...]
https://www.bleepingcomputer.com/news/security/stealthy-gtpdoor-linux-malware-targets-mobile-operator-networks/
News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian...
BleepingComputer has discovered a content farm operating some 60+ domains named after popular media outlets, including the BBC, CNBC, CNN, Forbes, Huffington Post, The Guardian, and Washington Post, among others. These sites build SEO for their online gambling ventures and sell "press release" slots at hefty prices. [...]
https://www.bleepingcomputer.com/news/security/news-farm-impersonates-60-plus-major-outlets-bbc-cnn-cnbc-guardian/
Windows Kernel bug fixed last month exploited as zero-day since August
Microsoft patched a high-severity Windows Kernel privilege escalation vulnerability in February, six months after being informed that the flaw was being exploited as a zero-day. [...]
https://www.bleepingcomputer.com/news/security/windows-kernel-bug-fixed-last-month-exploited-as-zero-day-since-august/
CISA warns of Microsoft Streaming bug exploited in malware attacks
CISA ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their Windows systems against a high-severity vulnerability in the Microsoft Streaming Service (MSKSSRV.SYS) that's actively exploited in attacks. [...]
https://www.bleepingcomputer.com/news/security/cisa-warns-of-microsoft-streaming-bug-exploited-in-malware-attacks/
Microsoft fixes Outlook clients not syncing over Exchange ActiveSync
Microsoft has fixed an issue causing some Microsoft 365 users' Outlook desktop clients to stop connecting to email servers via Exchange ActiveSync. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-outlook-clients-not-syncing-over-exchange-activesync/