Bleeping Computer
Ransomware attack on indie game maker wiped all player accounts
A ransomware attack on the "Ethyrial: Echoes of Yore" MMORPG last Friday destroyed 17,000 player accounts, deleting their in-game items and progress in the game.
Bleeping Computer
Ukraine says it hacked Russian aviation agency, leaks data
Ukraine's intelligence service, operating under the Defense Ministry, claims they hacked Russia's Federal Air Transport Agency, 'Rosaviatsia,' to expose a purported collapse of Russia's aviation sector.
Bleeping Computer
Ardent hospital ERs disrupted in 6 states after ransomware attack
Ardent Health Services, a healthcare provider operating 30 hospitals across five U.S. states, disclosed today that its systems were hit by a ransomware attack on Thursday.
Bleeping Computer
Slovenia's largest power provider HSE hit by ransomware attack
Slovenian power company Holding Slovenske Elektrarne (HSE) has suffered a ransomware attack that compromised its systems and encrypted files, yet the company says the incident did not disrupt electric power production.
Bleeping Computer
Google Drive users angry over losing months of stored data
Google Drive users are reporting that recent files stored in the cloud have suddenly disappeared, with the cloud service reverting to a storage snapshot as it was around April-May 2023.
CSO
GE investigates alleged data breach into confidential projects: Report
General Electric has confirmed that it has started an investigation into the data breach claims made by IntelBroker.
Bleeping Computer
General Electric investigates claims of cyber attack, data theft
General Electric is investigating claims that a threat actor breached the company's development environment in a cyberattack and leaked allegedly stolen data.
Bleeping Computer
Cyberattack on IT provider CTS impacts dozens of UK law firms
A cyberattack on CTS, a leading managed service provider (MSP) for law firms and other organizations in the UK legal sector, is behind a major outage impacting numerous law firms and home buyers in the country since Wednesday.
The Record
Vanderbilt University Medical Center investigating cybersecurity incident
Vanderbilt University Medical Center said it is investigating a cybersecurity incident that led to the compromise of a database.
Bleeping Computer
Black Friday 2023: Get 25% off the Zero2Automated malware analysis course
The popular Zero2Automated malware analysis and reverse-engineering course has a Black Friday 2023 through Cyber Monday sale, where you can get 25% off sitewide, including gift certificates and courses.
Bleeping Computer
Microsoft: Lazarus hackers breach CyberLink in supply chain attack
Microsoft says a North Korean hacking group has breached Taiwanese multimedia software company CyberLink and trojanized one of its installers to push malware in a supply chain attack targeting potential victims worldwide.
Bleeping Computer
The Black Friday 2023 Security, IT, VPN, & Antivirus Deals
Black Friday 2023 is here, and great deals are live in computer security, software, online courses, system admin services, antivirus, and VPN software.
Bleeping Computer
Hacktivists breach U.S. nuclear research lab, steal employee data
The Idaho National Laboratory (INL) confirms they suffered a cyberattack after 'SiegedSec' hacktivists leaked stolen human resources data online.
Bleeping Computer
Lumma malware can allegedly restore expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Bleeping Computer
Malware dev says they can revive expired Google auth cookies
The Lumma information-stealer malware (aka 'LummaC2') is promoting a new feature that allegedly allows cybercriminals to restore expired Google cookies, which can be used to hijack Google accounts.
Bleeping Computer
Auto parts giant AutoZone warns of MOVEit data breach
AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks.
Bleeping Computer
Black Friday deal: Get 50% off Malwarebytes Premium + Privacy VPN
Malwarebytes' is running a Black Friday 2023 deal now through Cyber Monday, offering a 50% discount to the Malwarebytes Premium + Privacy VPN bundle until November 30th.
Bleeping Computer
Tor Project removes relays because of for-profit, risky activity
The Tor Project has explained its recent decision to remove multiple network relays that represented a threat to the safety and security of all Tor network users.
Bleeping Computer
VX-Underground malware collective framed by Phobos ransomware
A new Phobos ransomware variant frames the popular VX-Underground malware-sharing collective, indicating the group is behind attacks using the encryptor.
Bleeping Computer
Canadian government discloses data breach after contractor hacks
The Canadian government says two of its contractors have been hacked, exposing sensitive information belonging to an undisclosed number of government employees.
Bleeping Computer
Rhysida ransomware gang claims British Library cyberattack
The Rhysida ransomware gang has claimed responsibility for a cyberattack on the British Library in October, which has caused a major ongoing IT outage.
The Record
British Library says ransomware hackers stole data from HR files
The British Library — one of the largest libraries in the world and the national library of the United Kingdom — said the ransomware gang behind a recent attack on its systems appeared to leak data stolen from its human resources files.
Bleeping Computer
Bloomberg Crypto X account snafu leads to Discord phishing attack
The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.
Bleeping Computer
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information.
Bleeping Computer
British Library: Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.
Bleeping Computer
Long Beach, California turns off IT systems after cyberattack
The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread.
Bleeping Computer
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..
Bleeping Computer
Toyota confirms breach after Medusa ransomware threatens to leak data
Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.
Security Affairs
Samsung suffered a new data breach
Samsung Electronics disclosed a data breach that exposed customer personal information to an unauthorized individual.
Bleeping Computer
Ransomware gang files SEC complaint over victim’s undisclosed breach
The ALPHV/BlackCat ransomware operation has taken extortion to a new level by filing a U.S. Securities and Exchange Commission complaint against one of their alleged victims for not complying with the four-day rule to disclose a cyberattack.
Bleeping Computer
Samsung hit by new data breach impacting UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
New Samsung data breach impacts UK store customers
Samsung Electronics is notifying some of its customers of a data breach that exposed their personal information to an unauthorized individual.
Bleeping Computer
Toronto Public Library confirms data stolen in ransomware attack
The Toronto Public Library (TPL) confirmed that the personal information of employees, customers, volunteers, and donors was stolen from a compromised file server during an October ransomware attack.
Bleeping Computer
FBI and CISA warn of opportunistic Rhysida ransomware attacks
The FBI and CISA warned today of Rhysida ransomware gang's opportunistic attacks targeting organizations across multiple industry sectors.
Bleeping Computer
PJ&A says cyberattack exposed data of nearly 9 million patients
PJ&A (Perry Johnson & Associates) is warning that a cyberattack in March 2023 exposed the personal information of almost nine million patients.
Bleeping Computer
Fraud researchers impersonated on X to push crypto-stealing sites
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
Fraudsters make $50,000 a day by spoofing crypto researchers
Multiple fake accounts impersonating cryptocurrency scam investigators and blockchain security companies are promoting phishing pages to drain wallets in an ongoing campaign on X (former Twitter).
Bleeping Computer
LockBit ransomware exploits Citrix Bleed in attacks, 10K servers exposed
The Lockbit ransomware attacks use publicly available exploits for the Citrix Bleed vulnerability (CVE-2023-4966) to breach the systems of large organizations, steal data, and encrypt files.
Bleeping Computer
Microsoft November 2023 Patch Tuesday fixes 5 zero-days, 58 flaws
Today is Microsoft's November 2023 Patch Tuesday, which includes security updates for a total of 58 flaws and five zero-day vulnerabilities.
Bleeping Computer
Windows 10 KB5032189 update released with 11 improvements
Microsoft has released the KB5032189 cumulative update for Windows 10 21H2 and Windows 10 22H2, which contains eleven fixes for various issues.
The Record
CISA, FBI warn that Royal ransomware gang may rebrand as ‘BlackSuit’
The leading cybersecurity agencies in the U.S. released startling new data on the Royal ransomware gang on Monday, confirming previous reports that the gang may be preparing for a rebrand.
Bleeping Computer
FBI: Royal ransomware asked 350 victims to pay $275 million
The FBI and CISA revealed in a joint advisory that the Royal ransomware gang has breached the networks of at least 350 organizations worldwide since September 2022.
Bleeping Computer
DP World cyberattack blocks thousands of containers in ports
A cyberattack on international logistics firm DP World Australia has severely disrupted the regular freight movement in multiple large Australian ports.
Bleeping Computer
LockBit ransomware leaks gigabytes of Boeing data
The LockBit ransomware gang published data stolen from Boeing, one of the largest aerospace companies that services commercial airplanes and defense systems.
Bleeping Computer
Iranian hackers launch malware attacks on Israel’s tech sector
Security researchers have tracked a new campaign from Imperial Kitten targeting transportation, logistics, and technology firms.
Bleeping Computer
Mortgage giant Mr. Cooper says customer data exposed in breach
Mr. Cooper, the largest home loan servicer in the United States, says it found evidence of customer data exposed during a cyberattack disclosed last week, on October 31.
Bleeping Computer
McLaren Health Care says data breach impacted 2.2 million people
McLaren Health Care (McLaren) is notifying nearly 2.2 million people of a data breach that occurred between late July and August this year, exposing sensitive personal information.
Bleeping Computer
Cloudflare website downed by DDoS attack claimed by Anonymous Sudan
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
Bleeping Computer
Cloudflare website down, showing ‘We’re sorry’ Google errors
Cloudflare is investigating an ongoing outage causing 'We're sorry" Google errors to be shown on the company's website.
Bleeping Computer
Industrial and Commercial Bank of China hit by ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Bleeping Computer
World’s largest commercial bank ICBC confirms ransomware attack
The Industrial & Commercial Bank of China (ICBC) is restoring systems and services following a ransomware attack that disrupted the U.S. Treasury market, causing equities clearing issues.
Bleeping Computer
Russian hackers switch to LOTL technique to cause power outage
Russian state hackers have evolved their methods for breaching industrial control systems by adopting living-off-the-land techniques that enable reaching the final stage of the attack quicker and with less resources
Bleeping Computer
OpenAI confirms DDoS attacks behind ongoing ChatGPT outages
During the last 24 hours, OpenAI has been addressing what it describes as "periodic outages" linked to DDoS attacks affecting its API and ChatGPT services.
Bleeping Computer
ChatGPT down after major outage impacting OpenAI systems
OpenAI's AI-powered ChatGPT large language model-based chatbot is down because of a major ongoing outage that also took down the company's Application Programming Interface (API).
Bleeping Computer
ChatGPT back online after major OpenAI systems outage
OpenAI's AI-powered ChatGPT large language model-based chatbot is down because of a major ongoing outage that also took down the company's Application Programming Interface (API).
Bleeping Computer
Russian-speaking threat actor "farnetwork" linked to 5 ransomware gangs
The operator of the Nokoyawa ransomware-as-a-service (RaaS), a threat actor known as 'farnetwork', built experience over the years by helping the JSWORM, Nefilim, Karma, and Nemty affiliate programs with malware development and operation management.
Bleeping Computer
TransForm says ransomware data breach affects 267,000 patients
Shared service provider TransForm has published an update on the cyberattack that recently impacted operations in multiple hospitals in Ontario, Canada, clarifying that it was a ransomware attack.
Bleeping Computer
Fake Ledger Live app in Microsoft Store steals $768,000 in crypto
Microsoft has recently removed from its store a fraudulent Ledger Live app for cryptocurrency management after multiple users lost at least $768,000 worth of cryptocurrency assets.
Bleeping Computer
Marina Bay Sands discloses data breach impacting 665,000 customers
The Marina Bay Sands (MBS) luxury resort and casino in Singapore has disclosed a data breach that impacts personal data of 665,000 customers.
Bleeping Computer
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to "Looney Tunables," a Linux security issue identified as CVE-2023-4911 that allows a local attacker to gain root privileges on the system.
Bleeping Computer
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) named 'SecuriDropper' has emerged, using a method that bypasses Android 13's 'Restricted Settings' to install malware on devices and grant them access to the Accessibility Services.
Bleeping Computer
Discord will switch to temporary file links to block malware delivery
Discord will switch to temporary file links for all users by the end of the year to block attackers from using its CDN (content delivery network) for hosting and pushing malware.
Bleeping Computer
Apple 'Find My' network can be abused to steal keylogged passwords
Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards.
Bleeping Computer
American Airlines pilot union hit by ransomware attack
Allied Pilots Association (APA), a labor union representing 15,000 American Airlines pilots, disclosed a ransomware attack that hit its systems on Monday.
Bleeping Computer
Google Play adds security audit badges for Android VPN apps
Google Play, Android's official app store, is now tagging VPN apps with an 'independent security reviews' badge if they conducted an independent security audit of their software and platform.
Bleeping Computer
New Microsoft Exchange zero-days allow RCE, data theft attacks
Microsoft Exchange is impacted by four zero-day vulnerabilities that attackers can exploit remotely to execute arbitrary code or disclose sensitive information on affected installations.
Bleeping Computer
Okta breach: 134 customers exposed in October support system hack
Okta says attackers who breached its customer support system last month gained access to files belonging to 134 customers, five of them later being targeted in session hijacking attacks with the help of stolen session tokens.
Bleeping Computer
Ace Hardware says 1,202 devices were hit during cyberattack
Ace Hardware confirmed that a cyberattack is preventing local stores and customers from placing orders as the company works to restore 196 servers.
Bleeping Computer
BlackCat ransomware claims breach of healthcare giant Henry Schein
The BlackCat (ALPHV) ransomware gang claims it breached the network of healthcare giant Henry Schein and stole dozens of terabytes of data, including payroll data and shareholder information.
Bleeping Computer
Mortgage giant Mr. Cooper hit by cyberattack impacting IT systems
U.S. mortgage lending giant Mr. Cooper was breached in a cyberattack that caused the company to shut down IT systems, including access to their online payment portal.
Bleeping Computer
Cloudflare Dashboard and APIs down after data center power outage
An ongoing Cloudflare outage has taken down many of its products, including the company's dashboard and related application programming interfaces (APIs) customers use to manage and read service configurations.
Bleeping Computer
Boeing confirms cyberattack amid LockBit ransomware claims
Aerospace giant Boeing is investigating a cyberattack that impacted its parts and distribution business after the LockBit ransomware gang claimed that they breached the company's network and stole data.
Bleeping Computer
Okta hit by third-party data breach exposing employee information
Okta is warning nearly 5,000 current and former employees that their personal information was exposed after a third-party vendor was breached.
Bleeping Computer
Toronto Public Library outages caused by Black Basta ransomware attack
The Toronto Public Library is experiencing ongoing technical outages due to a Black Basta ransomware attack.
Bleeping Computer
Avast confirms it tagged Google app as malware on Android phones
Czech cybersecurity company Avast confirmed that its antivirus SDK has been flagging a Google Android app as malware on Huawei, Vivo, and Honor smartphones since Saturday.
Bleeping Computer
Flipper Zero Bluetooth spam attacks ported to new Android app
Recent Flipper Zero Bluetooth spam attacks have now been ported to an Android app, allowing a much larger number of devices to implement these annoying spam alerts.
Bleeping Computer
How to download a Windows 11 23H2 ISO from Microsoft
Microsoft released Windows 11 23H2, the Windows 11 2023 Update, today, and you can now download an ISO image for the new version to put aside for emergencies or clean installs.
Bleeping Computer
British Library knocked offline by weekend cyberattack
The British Library has been hit by a major IT outage affecting its website and many of its services following a "cyber incident" that impacted its systems on Saturday, October 28.
Bleeping Computer
Malicious NuGet packages abuse MSBuild to install malware
A new NuGet typosquatting campaign pushes malicious packages that abuse Visual Studio's MSBuild integration to execute code and install malware stealthily.
Bleeping Computer
Exploit released for critical Cisco IOS XE flaw, many hosts still hacked
Public exploit code is now available for the critical Cisco IOS XE vulnerability tracked as CVE-2023-20198 that was leveraged as a zero-day to hack tens of thousands of devices.
Bleeping Computer
LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
Bleeping Computer
RCE exploit for Wyze Cam v3 publicly released, patch now
A security researcher has published a proof-of-concept (PoC) exploit for Wyze Cam v3 devices that opens a reverse shell and allows the takeover of vulnerable devices.
Bleeping Computer
New BiBi-Linux wiper malware targets Israeli orgs in destructive attacks
A new malware wiper known as BiBi-Linux is being used to destroy data in attacks targeting Linux systems belonging to Israeli companies.
Bleeping Computer
Huawei, Vivo phones tag Google app as TrojanSMS-PA malware
Huawei, Honor, and Vivo smartphones and tablets are displaying strange 'Security threat' alerts urging the deletion of the Google app, warning that it is detected as the 'TrojanSMS-PA' malware.
Bleeping Computer
New Hunters International ransomware possible rebrand of Hive
A new ransomware-as-a-service brand named Hunters International has emerged using code used by the Hive ransomware operation, leading to the valid assumption that the old gang has resumed activity under a different flag.
Bleeping Computer
Windows 11 adds support for 11 file archives, including 7-Zip and RAR
Microsoft says Windows 11 22H2 now natively supports almost a dozen additional archive formats, including RAR, 7-Zip, Tar, and GZ archives.
Bleeping Computer
Hackers email stolen student data to parents of Nevada school district
The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack.
Bleeping Computer
Windows 11 KB5031455 preview update enables Moment 4 features by default
Microsoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues.
Bleeping Computer
Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues
Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe.
Bleeping Computer
Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks
The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.
Bleeping Computer
Chilean telecom giant GTD hit by the Rorschach ransomware gang
Chile's Grupo GTD warns that a cyberattack has impacted its Infrastructure as a Service (IaaS) platform, disrupting online services.
Bleeping Computer
Decentralized Matrix messaging network says it now has 115M users
The team behind the Matrix open standard and real-time communication protocol has announced the release of its second major version, bringing end-to-end encryption to group VoIP, faster loading times, and more.
Bleeping Computer
Cyberattack on health services provider impacts 5 Canadian hospitals
A cyberattack on shared service provider TransForm has impacted operations in five hospitals in Ontario, Canada, impacting patient care and causing appointments to be rescheduled.
Bleeping Computer
1Password discloses security incident linked to Okta breach
1Password, a popular password management platform used by over 100,000 businesses, suffered a security breach after hackers gained access to its Okta ID management tenant.
Bleeping Computer
Palestine crypto donation scams emerge amid Israel-Hamas war
As thousands of civilians die amid the deadly Israel-Hamas war, scammers are capitalizing on the horrific events to collect donations by pretending to be legitimate charities. BleepingComputer has come across several posts on X (formerly Twitter), Telegram and Instagram where scammers list dubious cryptocurrency wallet addresses.
Bleeping Computer
Cisco patches IOS XE zero-days used to hack over 50,000 devices
Cisco has addressed the two vulnerabilities (CVE-2023-20198 and CVE-2023-20273) that hackers exploited to compromise tens of thousands of IOS XE devices over the past week.
Bleeping Computer
D.C. Board of Elections: Hackers may have breached entire voter roll
The District of Columbia Board of Elections (DCBOE) says that a threat actor who breached a web server operated by the DataNet Systems hosting provider in early October may have obtained access to the personal information of all registered voters.
Bleeping Computer
Number of hacked Cisco IOS XE devices plummets from 50K to hundreds
The number of Cisco IOS XE devices hacked with a malicious backdoor implant has mysteriously plummeted from over 50,000 impacted devices to only a few hundred, with researchers unsure what is causing the sharp decline.
Bleeping Computer
New TetrisPhantom hackers steal data from secure USB drives on govt systems
A new sophisticated threat tracked as 'TetrisPhantom' has been using compromised secure USB drives to target government systems in the Asia-Pacific region.
Bleeping Computer
American Family Insurance confirms cyberattack is behind IT outages
Insurance giant American Family Insurance has confirmed it suffered a cyberattack and shut down portions of its IT systems after customers reported website outages all week.
Bleeping Computer
The Week in Ransomware - October 20th 2023 - Fighting Back
This was a bad week for ransomware, with the Trigona ransomware suffering a data breach and law enforcement disrupting the RagnarLocker ransomware operation.
Bleeping Computer
Cisco discloses new IOS XE zero-day exploited to deploy malware implant
Cisco disclosed a new high-severity zero-day (CVE-2023-20273) today, actively exploited to deploy malicious implants on IOS XE devices compromised using the CVE-2023-20198 zero-day unveiled earlier this week.
Bleeping Computer
Police arrests Ragnar Locker ransomware developer in France
Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation.
Bleeping Computer
Ragnar Locker ransomware developer arrested in France
Law enforcement agencies arrested a malware developer linked with the Ragnar Locker ransomware gang and seized the group's dark web sites in a joint international operation.
Bleeping Computer
Kwik Trip finally confirms cyberattack was behind ongoing outage
Two weeks into an ongoing IT outage, Kwik Trip finally confirmed that it's investigating a cyberattack impacting the convenience store chain's internal network since October 9.
Bleeping Computer
Over 40,000 Cisco IOS XE devices infected with backdoor using zero-day
More than 40,000 Cisco devices running the IOS XE operating system have been compromised after hackers exploited a recently disclosed maximum severity vulnerability tracked as CVE-2023-20198.
Bleeping Computer
Fake KeePass site uses Google Ads and Punycode to push malware
A Google Ads campaign was found pushing a fake KeePass download site that used Punycode to appear as the official domain of the KeePass password manager to distribute malware.
Bleeping Computer
Ragnar Locker ransomware’s dark web extortion sites seized by police
The Ragnar Locker ransomware operation's Tor negotiation and data leak sites were seized Thursday morning as part of an international law enforcement operation.
Bleeping Computer
Casio discloses data breach impacting customers in 149 countries
Japanese electronics manufacturer Casio disclosed a data breach impacting customers from 149 countries after hackers gained to the servers of its ClassPad education platform.
Bleeping Computer
Ukrainian activists hack Trigona ransomware gang, wipe servers
A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available.
Bleeping Computer
Hacker leaks millions of new 23andMe genetic data profiles
A hacker has leaked an additional 4.1 million stolen 23andMe genetic data profiles for people in Great Britain and Germany on a hacking forum.
Bleeping Computer
KwikTrip all but says IT outage was caused by a cyberattack
Kwik Trip has released another statement on an ongoing outage, all but confirming it suffered a cyberattack that has led to IT system disruptions.
Bleeping Computer
Amazon adds passkey support as new passwordless login option
Amazon has quietly added passkey support as a new passwordless login option for customers, offering better protection from information-stealing malware and phishing attacks.
Bleeping Computer
D-Link confirms data breach after employee phishing attack
Taiwanese networking equipment manufacturer D-Link confirmed a data breach linked to information stolen from its network and put up for sale on BreachForums earlier this month.
Bleeping Computer
Over 10,000 Cisco devices hacked in IOS XE zero-day attacks
Attackers have exploited a recently disclosed critical zero-day bug to compromise and infect more than 10,000 Cisco IOS XE devices with malicious implants.
Bleeping Computer
October Windows Server updates cause Hyper-V VM boot issues
According to customer reports, this month's Patch Tuesday updates are breaking virtual machines on Hyper-V hosts, causing them to no longer boot and display "failed to start" errors.
Bleeping Computer
Cisco warns of new IOS XE zero-day actively exploited in attacks
Cisco warned admins today of a new and maximum severity zero-day vulnerability in its IOS XE Software that can let attackers gain full administrator privileges and take complete control of affected routers.
Bleeping Computer
Signal says there is no evidence rumored zero-day bug is real
Signal messenger has investigated rumors spreading online over the weekend of a zero-day security vulnerability related to the 'Generate Link Previews' feature, stating that there is no evidence this vulnerability is real.
Bleeping Computer
Ubuntu discovers 'hate speech' in release 23.10 — how to upgrade?
Ubuntu, the most popular Linux distribution, has pulled its Desktop release 23.10 after its Ukrainian translations were discovered to contain hate speech. According to the Ubuntu project, a malicious contributor is behind anti-Semitic, homophobic, and xenophobic slurs that were injected into the distro via a "third party tool."
Bleeping Computer
23andMe hit with lawsuits after hacker leaks stolen genetics data
Genetic testing provider 23andMe faces multiple class action lawsuits in the U.S. following a large-scale data breach that is believed to have impacted millions of its customers.
Bleeping Computer
Kwik Trip IT systems outage caused by mysterious ‘network incident’
Kwik Trip has been impacted by a wide range of mysterious business disruptions since this weekend that are indicative of a ransomware attack.
Bleeping Computer
Hackers use Binance Smart Chain contracts to store malicious scripts
Cybercriminals are employing a novel code distribution technique dubbed 'EtherHiding,' which abuses Binance's Smart Chain (BSC) contracts to hide malicious scripts in the blockchain.
Bleeping Computer
Hyped up curl vulnerability falls short of expectations
curl 8.4.0 has been released to patch and release details on a hyped up high-severity security vulnerability (CVE-2023-38546), easing week-long concerns regarding the flaw's severity.
Bleeping Computer
Shadow PC warns of data breach as hacker tries to sell gamers' info
Shadow PC, a provider of high-end cloud computing services, is warning customers of a data breach that exposed customers' private information, as a threat actor claims to be selling the stolen data for over 500,000 customers.
Bleeping Computer
BianLian extortion group claims recent Air Canada breach
The BianLian extortion group claims to have stolen 210GB of data after breaching the network of Air Canada, the country's largest airline and a founding member of Star Alliance.
Bleeping Computer
Windows 11 21H2 and Windows Server 2012 reach end of support
Windows Server 2012 and multiple editions of Windows 11, version 21H2, have reached the end of support with this month's Patch Tuesday.
Bleeping Computer
Simpson Manufacturing shuts down IT systems after cyberattack
Simpson Manufacturing disclosed via a SEC 8-K filing a cybersecurity incident that has caused disruptions in its operations, which are expected to continue.
Bleeping Computer
Windows 10 KB5031356 update released with 25 improvements
Microsoft has released the KB5031356 cumulative update for Windows 10 21H2 and Windows 10 22H2, with twenty-five fixes for various issues.
Bleeping Computer
Microsoft October 2023 Patch Tuesday fixes 3 zero-days, 104 flaws
Today is Microsoft's October 2023 Patch Tuesday, with security updates for 104 flaws, including three actively exploited zero-day vulnerabilities.
Bleeping Computer
Air Europa data breach: Customers warned to cancel credit cards
Spanish airline Air Europa, the country's third-largest airline and a member of the SkyTeam alliance, warned customers on Monday to cancel their credit cards after attackers accessed their card information in a recent data breach.
Bleeping Computer
Microsoft to kill off VBScript in Windows to block malware delivery
Microsoft is planning to phase out VBScript in future Windows releases after 30 years of use, making it an on-demand feature until it is removed.
Bleeping Computer
ALPHV ransomware gang claims attack on Florida circuit court
The ALPHV (BlackCat) ransomware gang has claimed an attack that affected state courts across Northwest Florida (part of the First Judicial Circuit) last week.
Bleeping Computer
Over 17,000 WordPress sites hacked in Balada Injector attacks last month
Multiple Balada Injector campaigns have compromised and infected over 17,000 WordPress sites using known flaws in premium theme plugins.
Bleeping Computer
HelloKitty ransomware source code leaked on hacking forum
A threat actor has leaked the complete source code for the first version of the HelloKitty ransomware on a Russian-speaking hacking forum, claiming to be developing a new, more powerful encryptor.
Bleeping Computer
Third Flagstar Bank data breach since 2021 affects 800,000 customers
Flagstar Bank is warning that over 800,000 US customers had their personal information stolen by cybercriminals due to a breach at a third-party service provider.
Bleeping Computer
D.C. Board of Elections confirms voter data stolen in site hack
The District of Columbia Board of Elections (DCBOE) is currently probing a data leak involving an unknown number of voter records following breach claims from a threat actor known as RansomedVC.
Bleeping Computer
Genetics firm 23andMe says user data stolen in credential stuffing attack
23andMe has confirmed to BleepingComputer that it is aware of user data from its platform circulating on hacker forums and attributes the leak to a credential-stuffing attack.
Bleeping Computer
Exploits released for Linux flaw giving root on major distros
Proof-of-concept exploits have already surfaced online for a high-severity flaw in GNU C Library's dynamic loader, allowing local attackers to gain root privileges on major Linux distributions.
Bleeping Computer
Lyca Mobile investigates customer data leak after cyberattack
Lyca Mobile has released a statement about an unexpected disruption on its network caused by a cyberattack that may have also compromised customer data.
Bleeping Computer
Researchers warn of 100,000 industrial control systems exposed online
About 100,000 industrial control systems (ICS) were found on the public web, exposed to attackers probing them for vulnerabilities and at risk of unauthorized access. Among them are power grids, traffic light systems, security and water systems.
Bleeping Computer
Sony confirms data breach impacting thousands in the U.S.
Sony Interactive Entertainment (Sony) has notified current and former employees and their family members about a cybersecurity breach that exposed personal information.
Bleeping Computer
Microsoft now lets you play a game during Windows 11 installs
Microsoft has introduced a new twist to the Windows 11 installation and update process, transforming it from a mundane task into an enjoyable experience.
The Record
Hackers seen exploiting bugs in browsers and popular file transfer tool
One flaw is in open source code known as "libvpx," which is involved with handling media such as images. The other issue is with software known as WS_FTP.
Bleeping Computer
Motel One discloses data breach following ransomware attack
The Motel One Group has announced that it has been targeted by ransomware actors who managed to steal some customer data, including the details of 150 credit cards.
Bleeping Computer
Amazon sends Mastercard, Google Play gift card order emails by mistake
Amazon mistakenly sent out purchase confirmation emails for Hotels.com, Google Play, and Mastercard gift cards to customers, making many worried their accounts were compromised.
Bleeping Computer
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
The LostTrust ransomware operation is believed to be a rebrand of MetaEncryptor, utilizing almost identical data leak sites and encryptors.
Bleeping Computer
Cloudflare DDoS protections ironically bypassed using Cloudflare
Cloudflare's Firewall and DDoS prevention can be bypassed through a specific attack process that leverages logic flaws in cross-tenant security controls.
Bleeping Computer
The Week in Ransomware - September 29th 2023 - Dark Angels
This week has been a busy ransomware week, with ransomware attacks having a massive impact on organizations and the fallout of the MOVEit breaches to be disclosed.
Bleeping Computer
ShinyHunters member pleads guilty to $6 million in data theft damages
Sebastien Raoult, a 22-year-old from France, has pleaded guilty in the U.S. District Court of Seattle to conspiracy to commit wire fraud and aggravated identity theft as part of his activities in the ShinyHunters hacking group.
The Record
Johnson Controls cyberattack disrupting operations, may involve DHS info
On Thursday, CNN reported on an an internal memo from the U.S. Department of Homeland Security raising alarm about the incident and warning that the attack on Johnson Controls may have “compromised sensitive physical security information such as DHS floor plans.”
Bleeping Computer
FBI: Dual ransomware attack victims now get hit within 48 hours
The FBI has warned about a new trend in ransomware attacks where multiple strains are deployed on victims' networks to encrypt systems in under two days.
Bleeping Computer
Security researcher stopped at US border for investigating crypto scam
Security researcher Sam Curry describes a stressful situation he encountered upon his return to the U.S. when border officials and federal agents seized and searched his electronic devices. Curry was further served with a 'Grand Jury' subpoena that demanded him to appear in court for testimony.
Bleeping Computer
Google fixes fifth actively exploited Chrome zero-day of 2023
Google has patched the fifth Chrome zero-day vulnerability exploited in attacks since the start of the year in emergency security updates released today.
Bleeping Computer
Building automation giant Johnson Controls hit by ransomware attack
Johnson Controls International has suffered what is described as a massive ransomware attack that encrypted many of the company devices, including VMware ESXi servers, impacting the company's and its subsidiaries' operations.
Bleeping Computer
US and Japan warn of Chinese hackers backdooring Cisco routers
A joint cybersecurity advisory by the FBI, NSA, CISA, and the Japanese NISC (cybersecurity) and NPA (police) sheds light on the techniques the Chinese threat actors known as BlackTech use to attack Japanese and U.S. organizations.
Bleeping Computer
Windows 11's new ‘Never Combine’ icons feature is almost usable
After almost three years, Microsoft has finally added the 'Never combine taskbar button' back to Windows, and it still doesn't work correctly.
Bleeping Computer
Sony investigates cyberattack as hackers fight over who's responsible
Sony says that it is investigating allegations of a cyberattack this week as different hackers have stepped up to claim responsibility for the purported hack. Thus far, over 3.14 GB of uncompressed data, allegedly belonging to Sony, has been dumped on hacker forums.
Bleeping Computer
Windows 11 KB5030310 preview update released with 26 fixes
Microsoft has released the September 2023 preview update for Windows 11, version 22H2, which adds frequently visited websites to the Start menu and addresses 24 issues.
Bleeping Computer
Windows 11 KB5030310 update adds recommended websites, fixes 24 issues
Microsoft has released the September 2023 preview update for Windows 11, version 22H2, which adds frequently visited websites to the Start menu and addresses 24 issues.
Bleeping Computer
Windows 11 ‘Moment 4’ update released, here are the many new features
Microsoft has released the Windows 11 22H2 'Moment 4' update, bringing 150 new features, including new AI-powered versions of Paint, ClipChamp, Snipping tool, and the new Microsoft Copilot.
Bleeping Computer
Windows 11 22H2 adds a built-in passkey manager for Windows Hello
Today's Windows 11 update includes several security improvements, including a new passkeys management dashboard designed to help users go passwordless more easily and tools to reduce the attack surface.
Bleeping Computer
Google assigns new maximum rated CVE to libwebp bug exploited in attacks
Google has assigned a new CVE ID (CVE-2023-5129) to a libwebp security vulnerability exploited as a zero-day in attacks and patched two weeks ago.
Bleeping Computer
Hackers actively exploiting Openfire flaw to encrypt servers
Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers.
Bleeping Computer
SickKids impacted by BORN Ontario data breach that hit 3.4 million
The Hospital for Sick Children, more commonly known as SickKids, is among healthcare providers that were impacted by the recent breach at BORN Ontario. The top Canadian pediatric hospital disclosed that as a part of its operations, it shares personal health information with BORN Ontario "related to pregnancy, birth and newborn care."
Bleeping Computer
Mixin Network suspends operations following $200 million hack
Mixin Network, an open-source, peer-to-peer transactional network for digital assets, has announced today on Twitter that deposits and withdrawals are suspended effective immediately due to a $200 million hack the platform suffered on Saturday.
Bleeping Computer
Fake celebrity photo leak videos flood TikTok with Temu referral codes
TikTok is flooded with videos promoting fake nude celebrity photo leaks used to push referral rewards for the Temu online megastore.
Bleeping Computer
Dallas says Royal ransomware breached its network using stolen account
The City of Dallas, Texas, said this week that the Royal ransomware attack that forced it to shut down all IT systems in May started with a stolen account.
Bleeping Computer
T-Mobile denies new data breach rumors, points to authorized retailer
T-Mobile has denied suffering another data breach following Thursday night reports that a threat actor leaked a large database allegedly containing T-Mobile employees' data.
Bleeping Computer
Microsoft Copilot rolls out with Windows 11 22H2 update next week
Microsoft will start rolling out its Copilot digital assistant to all customers next week, on September 26th, together with a host of new AI-powered capabilities as part of a new Windows 11 22H2 update.
Bleeping Computer
T-Mobile app glitch let users see other people's account info
T-Mobile customers today were able to see other people's account and billing information after logging into the company's official mobile application.
Bleeping Computer
TransUnion denies it was hacked, links leaked data to 3rd party
Credit reporting firm TransUnion has denied claims of a security breach after a threat actor known as USDoD leaked data allegedly stolen from the company's network.
Bleeping Computer
Claimants in Celsius crypto bankruptcy targeted in phishing attack
Scammers are impersonating the bankruptcy claim agent for crypto lender Celsius in phishing attacks that attempt to steal funds from cryptocurrency wallets.
Bleeping Computer
Hackers breached International Criminal Court’s systems last week
The International Criminal Court (ICC) disclosed a cyberattack on Tuesday after discovering last week that its systems had been breached.
Bleeping Computer
Microsoft leaks 38TB of private data via unsecured Azure storage
The Microsoft AI research division accidentally leaked dozens of terabytes of sensitive data starting in July 2020 while contributing open-source AI learning models to a public GitHub repository.
Bleeping Computer
TikTok flooded by 'Elon Musk' cryptocurrency giveaway scams
TikTok is flooded by a surge of fake cryptocurrency giveaways posted to the video-sharing platform, with almost all of the videos pretending to be themes based on Elon Musk, Tesla, or SpaceX.
Bleeping Computer
Microsoft Edge is losing tablet-friendly "Web Select" feature
Microsoft's Edge browser, known for its innovative features, is now shedding one of its most applauded functions, Web Select.
Bleeping Computer
Retool blames breach on Google Authenticator MFA cloud sync feature
Software company Retool says the accounts of 27 cloud customers were compromised following a targeted and multi-stage social engineering attack.
Bleeping Computer
ORBCOMM ransomware attack causes trucking fleet management outage
Trucking and fleet management solutions provider ORBCOMM has confirmed that a ransomware attack is causing recent service outages that prevent trucking companies from managing their fleets.
Bleeping Computer
Bing Chat AI is down, affecting Windows Copilot and more
Bing Chat, the famous ChatGPT-powered chatbot that allows users to converse with various personalities and topics has connectivity issues worldwide.
The Record
Major trucking software provider confirms ransomware incident
ORBCOMM confirmed that an incident causing customers to complain of disruptions and use paper logs was indeed a ransomware attack.
Bleeping Computer
MGM casino's ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
Bleeping Computer
MGM Resorts ESXi servers allegedly encrypted in ransomware attack
An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems.
Bleeping Computer
Iranian hackers breach defense orgs in password spray attacks
Microsoft says an Iranian-backed threat group has targeted thousands of organizations in the U.S. and worldwide in password spray attacks since February 2023.
Bleeping Computer
France demands Apple pull iPhone 12 due to high RF radiation levels
The Agence Nationale des Fréquences (ANFR) has asked Apple to withdraw iPhone 12 smartphones from the French market because the device emits radiofrequency energy that is beyond the limit permitted to be absorbed by the human body.
Bleeping Computer
Hackers use new 3AM ransomware to save failed LockBit attack
A new ransomware strain called 3AM has been uncovered after a threat actor used it in an attack that failed to deploy LockBit ransomware on a target network.
Trend Micro
RedLine/Vidar Abuses EV Certificates, Shifts to Ransomware
In this blog, we investigate how threat actors used information-stealing malware with EV code signing certificates and later delivered ransomware payloads to its victims via the same delivery method.
Bleeping Computer
Free Download Manager site redirected Linux users to malware for years
A reported Free Download Manager supply chain attack redirected Linux users to a malicious Debian package repository that installed information-stealing malware.
Bleeping Computer
Google fixes another Chrome zero-day bug exploited in attacks
Google released emergency security updates to fix the fourth Chrome zero-day vulnerability exploited in attacks since the start of the year.
Bleeping Computer
MGM Resorts shuts down IT systems after cyberattack
MGM Resorts International disclosed today that it is dealing with a cybersecurity issue that impacted some of its systems, including its main website and online reservations.
Bleeping Computer
Associated Press warns that AP Stylebook data breach led to phishing attack
The Associated Press is warning of a data breach impacting AP Stylebook customers where the attackers used the stolen data to conduct targeted phishing attacks.
Bleeping Computer
'Evil Telegram' Android apps on Google Play infected 60K with spyware
Several malicious Telegram clones for Android on Google Play were installed over 60,000 times, infecting people with spyware that steals user messages, contacts lists, and other data.
Bleeping Computer
Google rolls out Privacy Sandbox to use Chrome browsing history for ads
Google has started to roll out its new interest-based advertising platform called the Privacy Sandbox, shifting the tracking of user's interests from third-party cookies to the Chrome browser.
Bleeping Computer
Ragnar Locker claims attack on Israel's Mayanei Hayeshua hospital
The Ragnar Locker ransomware gang has claimed responsibility for an attack on Israel's Mayanei Hayeshua hospital, threatening to leak 1 TB of data allegedly stolen during the cyberattack.
Bleeping Computer
Dymocks Booksellers suffers data breach impacting 836k customers
Dymocks Booksellers is warning customers their personal information was exposed in a data breach after the company's database was shared on hacking forums.
Bleeping Computer
Cisco warns of VPN zero-day exploited by ransomware gangs
Cisco is warning of a zero-day vulnerability in its Cisco Adaptive Security Appliance (ASA) and Cisco Firepower Threat Defense (FTD) that is actively exploited by ransomware operations to gain initial access to corporate networks.
Bleeping Computer
Microsoft Paint in Windows 11 gets a background removal tool
Microsoft is rolling out a new version of the Paint application on Windows 11 Insider builds that can remove the background from any picture with the click of a button.
Bleeping Computer
Google is enabling Chrome real-time phishing protection for everyone
Google announced today that it is deprecating the standard Google Chrome Safe Browsing feature and moving everyone to its Enhanced Safe Browsing feature in the coming weeks, bringing real-time phishing protection to all users while browsing the web.
Bleeping Computer
Google Looker Studio abused in cryptocurrency phishing attacks
Cybercriminals are abusing Google Looker Studio to create counterfeit cryptocurrency phishing websites that phish digital asset holders, leading to account takeovers and financial losses.
Bleeping Computer
Johnson & Johnson discloses IBM data breach impacting patients
Johnson & Johnson Health Care Systems ("Janssen") has informed its CarePath customers that their sensitive information has been compromised in a third-party data breach involving IBM.
Bleeping Computer
Rogers silent as Canadian customers report internet outages
Rogers customers, primarily those located in Downtown Toronto and parts of Ontario, are reporting outages this week affecting their internet service. Some report being without internet for days, while others are experiencing intermittent disruptions and slowdowns when using their internet.