Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has released the January 2024 preview update for Windows 10, version 22H2, which adds Digital Markets Act (DMA) compliance...
Author:
FTC orders Intuit to stop pushing “free” software that isn’t really free – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Today, the U.S. Federal Trade Commission (FTC) ordered Intuit to stop promoting its software products and services as “free” unless...
Apple fixes first zero-day bug exploited in attacks this year – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Apple released security updates to address this year’s first zero-day vulnerability exploited in attacks that could impact iPhones, Macs, and...
Ivanti: VPN appliances vulnerable if pushing configs after mitigation – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Ivanti warned admins to stop pushing new device configurations to appliances after applying mitigations because this will leave them vulnerable...
loanDepot cyberattack causes data breach for 16.6 million people – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Mortgage lender loanDepot says that approximately 16.6 million people had their personal information stolen in a ransomware attack disclosed earlier...
CISA emergency directive: Mitigate Ivanti zero-days immediately – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA issued this year’s first emergency directive ordering Federal Civilian Executive Branch (FCEB) agencies to immediately mitigate two Ivanti Connect...
Chinese hackers exploit VMware bug as zero-day for two years – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan A Chinese hacking group has been exploiting a critical vCenter Server vulnerability (CVE-2023-34048) as a zero-day since at least late...
Vans, North Face owner says ransomware breach affects 35 million people – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan VF Corporation, the company behind brands like Vans, Timberland, The North Face, Dickies, and Supreme, said that more than 35...
VMware confirms critical vCenter flaw now exploited in attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan VMware has confirmed that a critical vCenter Server remote code execution vulnerability patched in October is now under active exploitation....
CISA: Critical Ivanti auth bypass bug now actively exploited – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA warns that a critical authentication bypass vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) and MobileIron Core device management software...
Microsoft tests instant access to Android photos in Windows 11 – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft plans to provide Windows 11 users with almost instant access to photos and screenshots they’ve taken on their Android smartphones....
Google: Russian FSB hackers deploy new Spica backdoor malware – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool....
Microsoft: Iranian hackers target researchers with new MediaPl malware – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft says that a group of Iranian-backed state hackers are targeting high-profile employees of research organizations and universities across Europe...
CISA pushes federal agencies to patch Citrix RCE within a week – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days...
GitHub rotates keys to mitigate impact of credential-exposing flaw – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment...
Citrix warns of new Netscaler zero-days exploited in attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Citrix urged customers on Tuesday to immediately patch Netscaler ADC and Gateway appliances exposed online against two actively exploited zero-day...
Google fixes first actively exploited Chrome zero-day of 2024 – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Google has released security updates to fix the first Chrome zero-day vulnerability exploited in the wild since the start of...
FBI: Androxgh0st malware botnet steals AWS, Microsoft credentials – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA and the FBI warned today that threat actors using Androxgh0st malware are building a botnet focused on cloud credential...
Ivanti Connect Secure zero-days now under mass exploitation – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Two zero-day vulnerabilities affecting Ivanti’s Connect Secure VPN and Policy Secure network access control (NAC) appliances are now under mass...
Windows Copilot autostart tests limited to 27″ displays or larger – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft says that tests of a controversial new Windows 11 feature that automatically opens the AI-powered Copilot assistant after Windows...
Microsoft working on a fix for Windows 10 0x80070643 errors – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft is working to fix a known issue causing 0x80070643 errors when installing the KB5034441 security update that patches the...
Over 178K SonicWall firewalls vulnerable to DoS, potential RCE attacks – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Security researchers have found over 178,000 SonicWall next-generation firewalls (NGFW) with the management interface exposed online are vulnerable to denial-of-service...
CISA: Critical Microsoft SharePoint bug now actively exploited – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another...
Juniper warns of critical RCE bug in its firewalls and switches – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series...
Major T-Mobile outage takes down account access, mobile app – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Updates added below. A major T-Mobile outage is preventing customers from logging into their accounts and using the company’s mobile app....
Framework discloses data breach after accountant gets phished – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group,...
Microsoft testing Windows 11 USB 80Gbps support, Copilot on login – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to...
Microsoft shares script to update Windows 10 WinRE with BitLocker fixes – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666,...
Mandiant’s X account hacked by crypto Drainer-as-a-Service gang – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it...
Cisco says critical Unity Connection bug lets attackers get root – Source: www.bleepingcomputer.com
Source: www.bleepingcomputer.com – Author: Sergiu Gatlan Cisco has patched a critical Unity Connection security flaw that can let unauthenticated attackers remotely gain root privileges on unpatched...