1131
Latest news and stories from BleepingComputer.com From a bleeping computer to a working computer.
New acoustic attack determines keystrokes from typing patterns
Researchers have demonstrated a new acoustic side-channel attack on keyboards that can deduce user input based on their typing patterns, even in poor conditions, such as environments with noise. [...]
https://www.bleepingcomputer.com/news/security/new-acoustic-attack-determines-keystrokes-from-typing-patterns/
International Monetary Fund email accounts hacked in cyberattack
The International Monetary Fund (IMF) disclosed a cyber incident on Friday after unknown attackers breached 11 IMF email accounts earlier this year. [...]
https://www.bleepingcomputer.com/news/security/international-monetary-fund-email-accounts-hacked-in-cyberattack/
US moves to recover $2.3 million from "pig butchers" on Binance
The U.S. Department of Justice (DoJ) is recovering $2.3 million worth of cryptocurrency linked to a "pig butchering" fraud scheme that victimized at least 37 people across the United States. [...]
https://www.bleepingcomputer.com/news/cryptocurrency/us-moves-to-recover-23-million-from-pig-butchers-on-binance/
Microsoft announces Office LTSC 2024 preview starting next month
Microsoft announced that Office LTSC 2024, the next Office LTSC release, will enter a commercial preview phase starting next month and will be generally available later this year. [...]
https://www.bleepingcomputer.com/news/microsoft/microsoft-announces-office-ltsc-2024-preview-starting-next-month/
Former telecom manager admits to doing SIM swaps for $1,000
A former manager at a telecommunications company in New Jersey pleaded guilty to conspiracy charges for accepting money to perform unauthorized SIM swaps that enabled an accomplice to hack customer accounts. [...]
https://www.bleepingcomputer.com/news/security/former-telecom-manager-admits-to-doing-sim-swaps-for-1-000/
StopCrypt: Most widely distributed ransomware now evades detection
A new variant of StopCrypt ransomware (aka STOP) was spotted in the wild, employing a multi-stage execution process that involves shellcodes to evade security tools. [...]
https://www.bleepingcomputer.com/news/security/stopcrypt-most-widely-distributed-ransomware-now-evades-detection/
Tech support firms Restoro, Reimage fined $26 million for scare tactics
Tech support companies Restoro and Reimage will pay $26 million to settle charges that they used scare tactics to trick their customers into paying for unnecessary computer repair services. [...]
https://www.bleepingcomputer.com/news/security/tech-support-firms-restoro-reimage-fined-26-million-for-scare-tactics/
French unemployment agency data breach impacts 43 million people
France Travail, formerly known as Pôle Emploi, is warning that hackers breached its systems and may leak or exploit personal details of an estimated 43 million individuals. [...]
https://www.bleepingcomputer.com/news/security/french-unemployment-agency-data-breach-impacts-43-million-people/
Windows 11 gets single Teams app for work and personal accounts
Microsoft will soon provide a single Teams Windows and macOS app for all account types that will allow users to switch between work, school, or personal profiles. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-gets-single-teams-app-for-work-and-personal-accounts/
US govt probes if ransomware gang stole Change Healthcare data
The U.S. Department of Health and Human Services is investigating whether protected health information was stolen in a ransomware attack that hit UnitedHealthcare Group (UHG) subsidiary Optum, which operates the Change Healthcare platform, in late February. [...]
https://www.bleepingcomputer.com/news/security/us-govt-probes-if-ransomware-gang-stole-change-healthcare-data/
PixPirate Android malware uses new tactic to hide on phones
The latest version of the PixPirate banking trojan for Android employs a previously unseen method to hide from the victim while remaining active on the infected device even if its dropper app has been removed. [...]
https://www.bleepingcomputer.com/news/security/pixpirate-android-malware-uses-new-tactic-to-hide-on-phones/
Bitcoin Fog mixer operator convicted for laundering $400 million
Russian-Swedish national Roman Sterlingov was convicted by a federal jury in Washington, D.C., for operating Bitcoin Fog between 2011 and 2021. [...]
https://www.bleepingcomputer.com/news/legal/bitcoin-fog-mixer-operator-convicted-for-laundering-400-million/
Brave: Sharp increase in installs after iOS DMA update in EU
Brave has seen a sharp increase in users installing its privacy-focused Brave Browser on iPhones after Apple introduced changes to adhere to the new European Digital Markets Act. [...]
https://www.bleepingcomputer.com/news/technology/brave-sharp-increase-in-installs-after-ios-dma-update-in-eu/
Stanford: Data of 27,000 people stolen in September ransomware attack
Stanford University says the personal information of 27,000 individuals was stolen in a ransomware attack impacting its Department of Public Safety (SUDPS) network. [...]
https://www.bleepingcomputer.com/news/security/stanford-data-of-27-000-people-stolen-in-september-ransomware-attack/
Windows 11 KB5035853 update released, here's what's new
Microsoft has released the KB5035853 cumulative update for Windows 11 23H3 and 22H2, with 21 fixes and changes, including fixing a bug causing 0x800F0922 errors when installing updates. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5035853-update-released-heres-whats-new/
Hackers exploit Aiohttp bug to find vulnerable networks
The ransomware actor 'ShadowSyndicate' was observed scanning for servers vulnerable to CVE-2024-23334, a directory traversal vulnerability in the aiohttp Python library. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-aiohttp-bug-to-find-vulnerable-networks/
McDonald's: Global outage was caused by "configuration change"
McDonald's has blamed a third-party service provider's configuration change, not a cyberattack, for the global outage that forced many of its fast-food restaurants to close. [...]
https://www.bleepingcomputer.com/news/technology/mcdonalds-global-outage-was-caused-by-configuration-change/
PornHub now also blocks Texas over age verification laws
PornHub has now added Texas to its blocklist, preventing users in the state from accessing its site in protest of age verification laws. [...]
https://www.bleepingcomputer.com/news/security/pornhub-now-also-blocks-texas-over-age-verification-laws/
Admin of major stolen account marketplace gets 42 months in prison
Moldovan national Sandu Boris Diaconu has been sentenced to 42 months in prison for operating E-Root, a major online marketplace that sold access to hacked computers worldwide. [...]
https://www.bleepingcomputer.com/news/security/admin-of-major-stolen-account-marketplace-gets-42-months-in-prison/
McDonald's IT systems outage impacts restaurants worldwide
McDonald's restaurants are suffering global IT outages that prevent employees from taking orders and accepting payments, causing some stores to close for the day. [...]
https://www.bleepingcomputer.com/news/technology/mcdonalds-it-systems-outage-impacts-restaurants-worldwide/
SIM swappers hijacking phone numbers in eSIM attacks
SIM swappers have adapted their attacks to steal a target's phone number by porting it into a new eSIM card, a digital SIM stored in a rewritable chip present on many recent smartphone models. [...]
https://www.bleepingcomputer.com/news/security/sim-swappers-hijacking-phone-numbers-in-esim-attacks/
Google Chrome gets real-time phishing protection later this month
Google will roll out a Safe Browsing update later this month that will provide real-time malware and phishing protection to all Chrome users, without compromising their browsing privacy. [...]
https://www.bleepingcomputer.com/news/google/google-chrome-gets-real-time-phishing-protection-later-this-month/
Nissan confirms ransomware attack exposed data of 100,000 people
Nissan Oceania is warning of a data breach impacting 100,000 people after suffering a cyberattack in December 2023 that was claimed by the Akira ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/nissan-confirms-ransomware-attack-exposed-data-of-100-000-people/
Hackers exploit Windows SmartScreen flaw to drop DarkGate malware
A new wave of attacks by the DarkGate malware operation exploits a now-fixed Windows Defender SmartScreen vulnerability to bypass security checks and automatically install fake software installers. [...]
https://www.bleepingcomputer.com/news/security/hackers-exploit-windows-smartscreen-flaw-to-drop-darkgate-malware/
Fortinet warns of critical RCE bug in endpoint management software
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers. [...]
https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-rce-bug-in-endpoint-management-software/
Pen test vendor rotation: do you need to change annually?
Organizations commonly change their pen test providers annually. Learn more from Outpost24 about the drawbacks of rotating pentest providers and the benefits of the Penetration Testing as a Service (PTaaS) model. [...]
https://www.bleepingcomputer.com/news/security/pen-test-vendor-rotation-do-you-need-to-change-annually/
LockBit ransomware affiliate gets four years in jail, to pay $860k
Russian-Canadian cybercriminal Mikhail Vasiliev has been sentenced to four years in prison by an Ontario court for his involvement in the LockBit ransomware operation. [...]
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-affiliate-gets-four-years-in-jail-to-pay-860k/
Windows KB5035849 update failing to install with 0xd000034 errors
The KB5035849 cumulative update released during today's Patch Tuesday fails to install on Windows 10 and Windows Server systems with 0xd0000034 errors. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-kb5035849-update-failing-to-install-with-0xd000034-errors/
Acer confirms Philippines employee data leaked on hacking forum
Acer Philippines confirmed that employee data was stolen in an attack on a third-party vendor who manages the company's employee attendance data after a threat actor leaked the data on a hacking forum. [...]
https://www.bleepingcomputer.com/news/security/acer-confirms-philippines-employee-data-leaked-on-hacking-forum/
Windows 10 KB5035845 update released with 9 new changes, fixes
Microsoft has released the KB5035845 cumulative update for Windows 10 21H2 and Windows 10 22H2, which includes nine new changes and fixes. [...]
https://www.bleepingcomputer.com/news/microsoft/windows-10-kb5035845-update-released-with-9-new-changes-fixes/