Source: www.bleepingcomputer.com – Author: Bill Toulas Google has changed the Google Chrome security updates schedule from bi-weekly to weekly to address the growing patch gap problem...
Author:
EvilProxy phishing campaign targets 120,000 Microsoft 365 users – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas EvilProxy is becoming one of the more popular phishing platforms to target MFA-protected accounts, with researchers seeing 120,000 phishing emails...
Microsoft Visual Studio Code flaw lets extensions steal passwords – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Microsoft’s Visual Studio Code (VS Code) code editor and development environment contains a flaw that allows malicious extensions to retrieve...
Interpol takes down 16shop phishing-as-a-service platform – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A joint operation between Interpol and cybersecurity firms has led to an arrest and shutdown of the notorious 16shop phishing-as-a-service...
Android 14 to let you block connections to unencrypted cellular networks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Image: Midjourney Google has announced new cellular security features for its upcoming Android 14, expected later this month, that aim...
New Inception attack leaks sensitive data from all AMD Zen CPUs – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Researchers have discovered a new and powerful transient execution attack called ‘Inception’ that can leak privileged secrets and data using...
Hackers increasingly abuse Cloudflare Tunnels for stealthy connections – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Hackers are increasingly abusing the legitimate Cloudflare Tunnels feature to create stealthy HTTPS connections from compromised devices, bypass firewalls, and...
Google Play apps with 2.5M installs load ads when screen’s off – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The Google Play store was infiltrated by 43 Android applications with 2.5 million installs that secretly displayed advertisements while a...
North Korean hackers ‘ScarCruft’ breached Russian missile maker – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The North Korean state-sponsored hacking group ScarCruft has been linked to a cyberattack on the IT infrastructure and email server...
Tesla infotainment jailbreak unlocks paid features, extracts secrets – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Researchers from the Technical University of Berlin have developed a method to jailbreak the AMD-based infotainment systems used in all...
New acoustic attack steals data from keystrokes with 95% accuracy – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A team of researchers from British universities has trained a deep learning model that can steal data from keyboard keystrokes...
Extended warranty robocallers fined $300 million after 5 billion scam calls – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The Federal Communications Commission (FCC) has announced a record-breaking $299,997,000 fine imposed on an international network of companies for placing...
Fake VMware vConnector package on PyPI targets IT pros – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A malicious package that mimics the VMware vSphere connector module ‘vConnector’ was uploaded on the Python Package Index (PyPI) under...
New Microsoft Azure AD CTS feature can be abused for lateral movement – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Microsoft’s new Azure Active Directory Cross-Tenant Synchronization (CTS) feature, introduced in June 2023, has created a new potential attack surface...
Hacktivists fund their operations using common cybercrime tactics – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Hacktivist groups that operate for political or ideological motives employ a broad range of funding methods to support their operations....
Brave Search adds private image and video search capability – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The privacy-focused search engine Brave Search has finally introduced its own, independent image and video search capabilities, breaking free from...
Chrome malware Rilide targets enterprise users via PowerPoint guides – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas The malicious Rilide Stealer Chrome browser extension has returned in new campaigns targeting crypto users and enterprise employees to steal...
New Collide+Power side-channel attack impacts almost all CPUs – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas A new software-based power side-channel attack called ‘Collide+Power’ was discovered, impacting almost all CPUs and potentially allowing data to leak....
Amazon’s AWS SSM agent can be used as post-exploitation RAT malware – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Researchers have discovered a new post-exploitation technique in Amazon Web Services (AWS) that allows hackers to use the platform’s System...
Hackers exploited Salesforce zero-day in Facebook phishing attack – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Hackers exploited a zero-day vulnerability in Salesforce’s email services and SMTP servers to launch a sophisticated phishing campaign targeting valuable...
Hackers use new malware to breach air-gapped devices in Eastern Europe – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Chinese state-sponsored hackers have been targeting industrial organizations with new malware that can steal data from air-gapped systems. Air-gapped systems...
Threat actors abuse Google AMP for evasive phishing attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Security researchers are warning of increased phishing activity that abuses Google Accelerated Mobile Pages (AMP) to bypass email security measures...
Retail chain Hot Topic discloses wave of credential-stuffing attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas American apparel retailer Hot Topic is notifying customers about multiple cyberattacks between February 7 and June 21 that resulted in...
Cybercriminals train AI chatbots for phishing, malware attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas In the wake of WormGPT, a ChatGPT clone trained on malware-focused data, a new generative artificial intelligence hacking tool called...
Hackers steal Signal, WhatsApp user data with fake Android chat app – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Hackers are using a fake Android app named ‘SafeChat’ to infect devices with spyware malware that steals call logs, texts,...
Canon warns of Wi-Fi security risks when discarding inkjet printers – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Canon is warning users of home, office, and large format inkjet printers that their Wi-Fi connection settings stored in the...
Hackers exploit BleedingPipe RCE to target Minecraft servers, players – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Hackers are actively exploiting a ‘BleedingPipe’ remote code execution vulnerability in Minecraft mods to run malicious commands on servers and...
Google: Android patch gap makes n-days as dangerous as zero-days – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Google has published its annual 0-day vulnerability report, presenting in-the-wild exploitation stats from 2022 and highlighting a long-standing problem in...
Browser developers push back on Google’s “web DRM” WEI API – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Google’s plans to introduce the Web Environment Integrity (WEI) API on Chrome has been met with fierce backlash from internet...
New Android malware uses OCR to steal credentials from images – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Bill Toulas Two new Android malware families named ‘CherryBlos’ and ‘FakeTrade’ were discovered on Google Play, aiming to steal cryptocurrency credentials and...