Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Today is Microsoft's September 2024 Patch Tuesday, which includes security updates for 79 flaws, including four actively exploited and one publicly disclosed zero-days. [...]
Showing only posts by Lawrence Abrams. Show all posts.
Sextortion scam now use your "cheating" spouse’s name as a lure
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]
Sextortion scams now use your "cheating" spouse’s name as a lure
A new variant of the ongoing sextortion email scams is now targeting spouses, saying that their husband or wife is cheating on them, with links to the alleged proof. [...]
Microsoft removes revenge porn from Bing search using new tool
Microsoft announced today that it has partnered with StopNCII to proactively remove harmful intimate images and videos from Bing using digital hashes people create from their sensitive media. [...]
GitHub comments abused to push password stealing malware masked as fixes
GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. [...]
Halliburton cyberattack linked to RansomHub ransomware gang
The RansomHub ransomware gang is behind the recent cyberattack on oil and gas services giant Halliburton, which disrupted the company's IT systems and business operations. [...]
Windows driver zero-day exploited by Lazarus hackers to install rootkit
The notorious North Korean Lazarus hacking group exploited a zero-day flaw in the Windows AFD.sys driver to elevate privileges and install the FUDModule rootkit on targeted systems. [...]
Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited
Today is Microsoft's August 2024 Patch Tuesday, which includes security updates for 89 flaws, including six actively exploited and three publicly disclosed zero-days. Microsoft is still working on an update for a tenth publicly disclosed zero-day. [...]
Fake X content warnings on Ukraine war, earthquakes used as clickbait
X has always had a bot problem, but now scammers are utilizing the Ukraine war and earthquake warnings in Japan to entice users into clicking on fake content warnings and videos that lead to scam adult sites, malicious browser extensions, and shady affiliate sites. [...]
Hackers leak 2.7 billion data records with Social Security numbers
Almost 2.7 billion records of personal information for people in the United States were leaked on a hacking forum, exposing names, social security numbers, all known physical addresses, and possible aliases. [...]
SEC ends probe into MOVEit attacks impacting 95 million people
The SEC concludes its investigation into Progress Software's handling of the widespread exploitation of a MOVEit Transfer zero-day flaw that exposed data of over 95 million people. [...]
INTERPOL recovers over $40 million stolen in a BEC attack
A global stop-payment mechanism created by INTERPOL successfully recovered over $40 million stolen in a BEC attack on a company in Singapore. [...]
Crowdstrike: Delta Air Lines refused free help to resolve IT outage
The legal spars between Delta Air Lines and CrowdStrike are heating up, with the cybersecurity firm claiming that Delta's extended IT outage was caused by poor disaster recovery plans and the airline refusing to accept free onsite help in restoring Windows devices. [...]
Surge in Magniber ransomware attacks impact home users worldwide
[...]
Twilio kills off Authy for desktop, forcibly logs out all users
Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application. [...]
Cencora confirms patient health info stolen in February attack
Pharmaceutical giant Cencora has confirmed that patients' protected health information and personally identifiable information (PII) was exposed in a February cyberattack. [...]
Credit card users get mysterious shopify-charge.com charges
People worldwide report seeing mysterious $1 or $0 charges from Shopify-charge.com appearing on their credit card bills, even when they did not attempt to purchase anything. [...]
Dark Angels ransomware receives record-breaking $75 million ransom
A Fortune 50 company paid a record-breaking $75 million ransom payment to the Dark Angels ransomware gang, according to a report by Zscaler ThreatLabz. [...]
UK arrests suspected Scattered Spider hacker linked to MGM attack
UK police have arrested a 17-year-old boy suspected of being involved in the 2023 MGM Resorts ransomware attack and a member of the Scattered Spider hacking collective. [...]
Notorious FIN7 hackers sell EDR killer to other threat actors
The notorious FIN7 hacking group has been spotted selling its custom "AvNeutralizer" tool, used to evade detection by killing enterprise endpoint protection software on corporate networks. [...]
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks
CISA is warning that a critical GeoServer GeoTools remote code execution flaw tracked as CVE-2024-36401 is being actively exploited in attacks. [...]
Email addresses of 15 million Trello users leaked on hacking forum
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. [...]
SEXi ransomware rebrands to APT INC, continues VMware ESXi attacks
The SEXi ransomware operation, known for targeting VMware ESXi servers, has rebranded under the name APT INC and has targeted numerous organizations in recent attacks. [...]
Facebook ads for Windows desktop themes push info-stealing malware
Cybercriminals use Facebook business pages and advertisements to promote fake Windows themes that infect unsuspecting users with the SYS01 password-stealing malware. [...]
Signal downplays encryption key flaw, fixes it after X drama
Signal is finally tightening its desktop client's security by changing how it stores plain text encryption keys for the data store after downplaying the issue since 2018. [...]
« newer articles | page 3 | older articles »