1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
Microsoft March 2024 Patch Tuesday fixes 60 flaws, 18 RCE bugs
Today is Microsoft's March 2024 Patch Tuesday, and security updates have been released for 60 vulnerabilities, including eighteen remote code execution flaws. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-march-2024-patch-tuesday-fixes-60-flaws-18-rce-bugs/
Google paid $10 million in bug bounty rewards last year
Google awarded $10 million to 632 researchers from 68 countries in 2023 for finding and responsibly reporting security flaws in the company's products and services. [...]
https://www.bleepingcomputer.com/news/google/google-paid-10-million-in-bug-bounty-rewards-last-year/
Tuta Mail adds new quantum-resistant encryption to protect email
Tuta Mail has announced TutaCrypt, a new post-quantum encryption protocol to secure communications from powerful and anticipated decryption attacks. [...]
https://www.bleepingcomputer.com/news/security/tuta-mail-adds-new-quantum-resistant-encryption-to-protect-email/
Okta says data leaked on hacking forum not from its systems
Okta denies that its company data was leaked after a threat actor shared files allegedly stolen during an October 2023 cyberattack on a hacker forum. [...]
https://www.bleepingcomputer.com/news/security/okta-says-data-leaked-on-hacking-forum-not-from-its-systems/
Equilend warns employees their data was stolen by ransomware gang
New York-based securities lending platform EquiLend Holdings confirmed in data breach notification letters sent to employees that their data was stolen in a January ransomware attack. [...]
https://www.bleepingcomputer.com/news/security/equilend-warns-employees-their-data-was-stolen-by-ransomware-gang/
Fake Leather wallet app on Apple App Store is a crypto drainer
The developers of the Leather cryptocurrency wallet are warning of a fake app on the Apple App Store, with users reporting it is a wallet drainer that stole their digital assets. [...]
https://www.bleepingcomputer.com/news/security/fake-leather-wallet-app-on-apple-app-store-is-a-crypto-drainer/
Hackers exploit WordPress plugin flaw to infect 3,300 sites with malware
Hackers are breaching WordPress sites by exploiting a vulnerability in outdated versions of the Popup Builder plugin, infecting over 3,300 websites with malicious code. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-wordpress-plugin-flaw-to-infect-3-300-sites-with-malware/
The Week in Ransomware - March 8th 2024 - Waiting for the BlackCat rebrand
We saw another ransomware operation shut down this week after first getting breached by law enforcement and then targeting critical infrastructure, putting them further in the spotlight of the US government. [...]
https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-march-8th-2024-waiting-for-the-blackcat-rebrand/
QNAP warns of critical auth bypass flaw in its NAS devices
QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. [...]
https://www.bleepingcomputer.com/news/security/qnap-warns-of-critical-auth-bypass-flaw-in-its-nas-devices/
Microsoft says Russian hackers breached its systems, accessed source code
Microsoft says the Russian 'Midnight Blizzard' hacking group recently accessed some of its internal systems and source code repositories using authentication secrets stolen during a January cyberattack. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-russian-hackers-breached-its-systems-accessed-source-code/
Switzerland: Play ransomware leaked 65,000 government documents
The National Cyber Security Centre (NCSC) of Switzerland has released a report on its analysis of a data breach following a ransomware attack on Xplain, disclosing that the incident impacted thousands of sensitive Federal government files. [...]
https://www.bleepingcomputer.com/news/security/switzerland-play-ransomware-leaked-65-000-government-documents/
Flipper Zero WiFi attack can unlock and steal Tesla cars
An easy phishing attack using a Flipper Zero device can lead to compromising Tesla accounts, unlocking cars, and starting them. The attack works on the latest Tesla app, version 4.30.6, and Tesla software version 11.1 2024.2.7. [...]
https://www.bleepingcomputer.com/news/security/flipper-zero-wifi-attack-can-unlock-and-steal-tesla-cars/
Google engineer caught stealing AI tech secrets for Chinese firms
The U.S. Department of Justice (DoJ) has announced the unsealing of an indictment against Linwei (Leon) Ding, 38, a former software engineer at Google, suspected of stealing Google AI trade secrets for Chinese companies. [...]
https://www.bleepingcomputer.com/news/google/google-engineer-caught-stealing-ai-tech-secrets-for-chinese-firms/
PetSmart warns of credential stuffing attacks trying to hack accounts
Pet retail giant PetSmart is warning some customers their passwords were reset due to an ongoing credential stuffing attack attempting to breach accounts. [...]
https://www.bleepingcomputer.com/news/security/petsmart-warns-of-credential-stuffing-attacks-trying-to-hack-accounts/
Hacked WordPress sites use visitors' browsers to hack other sites
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. [...]
https://www.bleepingcomputer.com/news/security/hacked-wordpress-sites-use-visitors-browsers-to-hack-other-sites/
Tor’s new WebTunnel bridges mimic HTTPS traffic to evade censorship
The Tor Project officially introduced WebTunnel, a new bridge type specifically designed to help bypass censorship targeting the Tor network by hiding connections in plain sight. [...]
https://www.bleepingcomputer.com/news/security/tors-new-webtunnel-bridges-mimic-https-traffic-to-evade-censorship/
Over 12 million auth secrets and keys leaked on GitHub in 2023
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [...]
https://www.bleepingcomputer.com/news/security/over-12-million-auth-secrets-and-keys-leaked-on-github-in-2023/
Microsoft says Windows 10 21H2 support is ending in June
Microsoft announced today that it would end support for Windows 10 21H2 in June when the Enterprise and Education editions reach the end of service. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-says-windows-10-21h2-support-is-ending-in-june/
Researchers expose Microsoft SCCM misconfigs usable in cyberattacks
Security researchers have created a knowledge base repository for attack and defense techniques based on improperly setting up Microsoft's Configuration Manager, which could allow an attacker to execute payloads or become a domain controller. [...]
https://www.bleepingcomputer.com/news/security/researchers-expose-microsoft-sccm-misconfigs-usable-in-cyberattacks/
Over 15,000 hacked Roku accounts sold for 50¢ each to buy hardware
Roku has disclosed a data breach impacting over 15,000 customers after hacked accounts were used to make fraudulent purchases of hardware and streaming subscriptions. [...]
https://www.bleepingcomputer.com/news/security/over-15-000-hacked-roku-accounts-sold-for-50-each-to-buy-hardware/
YouTube stops recommending videos when signed out of Google
YouTube has changed how it works for people not signed into Google account or using incoginto mode, and it's not showing suggested videos anymore. This change, which is being tested with some random users, shows a very simple YouTube homepage without any videos or tips on what to watch. [...]
https://www.bleepingcomputer.com/news/google/youtube-stops-recommending-videos-when-signed-out-of-google/
Magnet Goblin hackers use 1-day flaws to drop custom Linux malware
A financially motivated hacking group named Magnet Goblin uses various 1-day vulnerabilities to breach public-facing servers and deploy custom malware on Windows and Linux systems. [...]
https://www.bleepingcomputer.com/news/security/magnet-goblin-hackers-use-1-day-flaws-to-drop-custom-linux-malware/
Critical Fortinet flaw may impact 150,000 exposed devices
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication. [...]
https://www.bleepingcomputer.com/news/security/critical-fortinet-flaw-may-impact-150-000-exposed-devices/
UnitedHealth brings some Change Healthcare pharmacy services back online
Optum's Change Healthcare has started to bring systems back online after suffering a crippling BlackCat ransomware attack last month that led to widespread disruption to the US healthcare system. [...]
https://www.bleepingcomputer.com/news/security/unitedhealth-brings-some-change-healthcare-pharmacy-services-back-online/
CISA, NSA share best practices for securing cloud services
The NSA and the Cybersecurity and Infrastructure Security Agency (CISA) have released five joint cybersecurity bulletins containing on best practices for securing a cloud environment. [...]
https://www.bleepingcomputer.com/news/security/cisa-nsa-share-best-practices-for-securing-cloud-services/
Windows 10 KB5001716 update fails with 0x80070643 errors, how to fix
Microsoft is pushing out a Windows 10 KB5001716 update used to improve Windows Update that is ironically failing to install, showing 0x80070643 errors. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5001716-update-fails-with-0x80070643-errors-how-to-fix/
AnyCubic fixes exploited 3D printer zero day flaw with new firmware
AnyCubic has released new Kobra 2 firmware to fix a zero-day vulnerability exploited last month to print security warnings on 3D printers worldwide. [...]
https://www.bleepingcomputer.com/news/security/anycubic-fixes-exploited-3d-printer-zero-day-flaw-with-new-firmware/
FBI: U.S. lost record $12.5 billion to online crime in 2023
FBI's Internet Crime Complaint Center (IC3) has released its 2023 Internet Crime Report, which recorded a 22% increase in reported losses compared to 2022, amounting to a record of $12.5 billion. [...]
https://www.bleepingcomputer.com/news/security/fbi-us-lost-record-125-billion-to-online-crime-in-2023/
TeamCity auth bypass bug exploited to mass-generate admin accounts
Hackers have started to exploit the critical-severity authentication bypass vulnerability (CVE-2024-27198) in TeamCity On-Premises, which JetBrains addressed in an update on Monday. [...]
https://www.bleepingcomputer.com/news/security/teamcity-auth-bypass-bug-exploited-to-mass-generate-admin-accounts/
Hackers impersonate U.S. government agencies in BEC attacks
A gang of hackers specialized in business email compromise (BEC) attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. [...]
https://www.bleepingcomputer.com/news/security/hackers-impersonate-us-government-agencies-in-bec-attacks/