Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information after a cloud backup was downloaded by a threat actor. The corporate systems were not breached by the attacker.www.bleepingcomputer.com
Ransomware news is slow this week, with mostly small ransomware variants being released and a small number of attacks reported.www.bleepingcomputer.com
Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager (SolMan) component.www.bleepingcomputer.com
Bonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information.www.bleepingcomputer.com
Intel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results.www.bleepingcomputer.com
Drupal has released a security update to address a critical vulnerability in a third-party library with documented or deployed exploits available in the wild.www.bleepingcomputer.com
A hacker is selling a database with login details for two million high-paying users of the MyFreeCams adult video streaming and chat service.www.bleepingcomputer.com
A Windows 10 20H2 cumulative update released to Insiders on the 'Release' channel leaked that the next feature updated will be 21H1.www.bleepingcomputer.com
Microsoft has released the KB4598298 update for all editions of Windows 10 and Windows Server versions 1809 and 1909, with fixes for unexpected system restart issues, system crashes due to BitLocker, and multiple LSASS issues.www.bleepingcomputer.com
Windows Remote Desktop Protocol (RDP) servers are being abused as a new amplification vector by DDoS-for-hire services (aka booters or stressers) to launch Distributed Denial of Service (DDoS) attacks.www.bleepingcomputer.com
Windows Remote Desktop Protocol (RDP) servers are being abused as an amplification vector by DDoS-for-hire services (aka booters or stressers) to launch Distributed Denial of Service (DDoS) attacks.www.bleepingcomputer.com
Microsoft is rolling out a built-in password generator and a leaked credentials monitoring feature on Windows and macOS systems running the latest Microsoft Edge version.www.bleepingcomputer.com
Some of the laptops distributed by the UK Department for Education (DfE) to vulnerable students have been found to be infected with malware as reported by the BBC.www.bleepingcomputer.com
The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker.www.bleepingcomputer.com
QNAP urges customers to secure their network-attached storage (NAS) devices against an ongoing malware campaign that infects and exploits them to mine bitcoin without their knowledge.www.bleepingcomputer.com
Hackers hitting thousands of organizations worldwide in a massive phishing campaign forgot to protect their loot and let Google the stolen passwords for public searches.www.bleepingcomputer.com
Microsoft today shared details on how the SolarWinds hackers were able to remain undetected by hiding their malicious activity inside the networks of breached companies.www.bleepingcomputer.com
VideoLan released VLC Media Player 3.0.12 for Windows, Mac, and Linux last week with numerous improvements, features, and security fixes.www.bleepingcomputer.com
Cisco has released security updates to address pre-auth remote code execution (RCE) vulnerabilities affecting multiple SD-WAN products and the Cisco Smart Software Manager software.www.bleepingcomputer.com
Google has added a new feature to the Chrome web browser that will make it easier for users to check if their stored passwords are weak and easy to guess.www.bleepingcomputer.com
A stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.www.bleepingcomputer.com
A hacker has leaked 1.9 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.www.bleepingcomputer.com
Yesterday, seven Dnsmasq vulnerabilities were disclosed, collectively known as DNSPooq, that attackers can use to launch DNS Cache Poisoning, denial of service, and possibly remote code execution attacks, on affected devices. In this article we list all the available security advisories related to these vulnerabilities.www.bleepingcomputer.com
A hacker has leaked 1.4 million Pixlr user records containing information that could be used to perform targeted phishing and credential stuffing attacks.www.bleepingcomputer.com
Vulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.www.bleepingcomputer.com
A bug in Google Search is causing a browser tab to freeze when searching between a specified range of dates.www.bleepingcomputer.com
Cybersecurity firm Malwarebytes today confirmed that the threat actor behind the SolarWinds supply-chain attack were able to gain access to some company emails.www.bleepingcomputer.com
The ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network.www.bleepingcomputer.com
Google has released Chrome 88 today, January 19th, 2021, to the Stable desktop channel, and it includes security improvements and the long-awaited removal of Adobe Flash Player.www.bleepingcomputer.com
The Interpol (International Criminal Police Organisation) warns of fraudsters targeting dating app users and attempting to trick them into investing through fake trading apps.www.bleepingcomputer.com
Israel-based security consultancy firm JSOF disclosed today seven Dnsmasq vulnerabilities, collectively known as DNSpooq, that can be exploited to launch DNS cache poisoning and remote code execution against millions of affected devices.www.bleepingcomputer.com
An active malicious campaign is currently targeting Linux devices running software with critical vulnerabilities that is powering network-attached storage (NAS) devices or for developing web applications and portals.www.bleepingcomputer.com
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.www.bleepingcomputer.com
Windows utility developer IObit was hacked over the weekend to perform a widespread attack to distribute the strange DeroHE ransomware to its forum members.www.bleepingcomputer.com
Microsoft will enable fully automated threat remediation by default for Microsoft Defender for Endpoint customers who have opted into public previews starting next month, on February 16, 2021.www.bleepingcomputer.com
The administrators of the OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.www.bleepingcomputer.com
The Federal Bureau of Investigation (FBI) has issued a notification warning of ongoing vishing attacks attempting to steal corporate accounts and credentials for network access and privilege escalation from US and international-based employees.www.bleepingcomputer.com
A bug in Windows 10 causes the operating system to crash with a Blue Screen of Death simply by opening a certain path in a browser's address bar or using other Windows commands.www.bleepingcomputer.com
Windows 10X was originally designed for dual-screen devices, such as the Surface Neo, Lenovo ThinkPad X1 Fold, and Intel prototypes. In 2020, Microsoft said that the plans have changed and the operating system will first debut on single-screen devices in 2021.www.bleepingcomputer.com
A bug in Windows 10 causes the operating system to crash simply by opening a particular path.www.bleepingcomputer.com
The privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January.www.bleepingcomputer.com
Enemies of the People, the website inciting violence against U.S. officials who refused to support the President's claims to voter fraud, is still active and continues to expose personal details from more individuals.www.bleepingcomputer.com
The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month.www.bleepingcomputer.com
The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month.www.bleepingcomputer.com
The administrator of Joker's Stash, one of the longest-running marketplace for stolen credit cards, announced on Friday that they would permanently shut down the operation next month.www.bleepingcomputer.com
It has been another quiet week for ransomware, though we did have some interesting stories come out this week.www.bleepingcomputer.com
Google says that it will block third-party Chromium web browsers from using private Google APIs after discovering that they were integrating them although they're intended to be used only in Chrome.www.bleepingcomputer.com
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.www.bleepingcomputer.com
The European Medicines Agency (EMA) today revealed that some of the stolen Pfizer/BioNTech vaccine candidate data was doctored by threat actors before being leaked online with the end goal of undermining the public's trust in COVID-19 vaccines.www.bleepingcomputer.com
The Scottish Environment Protection Agency confirmed on Thursday that some of its contact center, internal systems, processes and internal communications were affected following a ransomware attack that took place on Christmas Eve.www.bleepingcomputer.com