Category: Security

Fake LDAPNightmware exploit on GitHub spreads infostealer malware A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. […] Bill Toulas Go to bleepingcomputer

Telefónica confirms internal ticketing system breach after data leak Spanish telecommunications company Telefónica confirms its internal ticketing system was breached after stolen data was leaked on a hacking forum. […] Lawrence Abrams Go to bleepingcomputer

US charges operators of cryptomixers linked to ransomware gangs The U.S. Department of Justice indicted three operators of sanctioned Blender.io and Sinbad.io crypto mixer services used by ransomware gangs and North Korean hackers to launder ransoms and stolen cryptocurrency. […] Sergiu Gatlan Go to bleepingcomputer

Treasury hackers also breached US foreign investments review office Chinese hackers, part of the state-backed Silk Typhoon threat group, have reportedly breached the Committee on Foreign Investment in the United States (CFIUS), which reviews foreign investments to determine national security risks. […] Sergiu Gatlan Go to bleepingcomputer

Docker Desktop blocked on Macs due to false malware alert Docker is warning that Docker Desktop is not starting on macOS due to malware warnings after some files were signed with an incorrect code-signing certificate. […] Bill Toulas Go to bleepingcomputer

Fake CrowdStrike job offer emails target devs with crypto miners CrowdStrike is warning that a phishing campaign is impersonating the cybersecurity company in fake job offer emails to trick targets into infecting themselves with a Monero cryptocurrency miner (XMRig). […] Bill Toulas Go to bleepingcomputer

Banshee stealer evades detection using Apple XProtect encryption algo A new version of the Banshee info-stealing malware for macOS has been evading detection over the past two months by adopting string encryption from Apple’s XProtect. […] Bill Toulas Go to bleepingcomputer

Unpatched critical flaws impact Fancy Product Designer WordPress plugin Premium WordPress plugin Fancy Product Designer from Radykal is vulnerable to two critical severity flaws that remain unfixed in the current latest version. […] Bill Toulas Go to bleepingcomputer

Ivanti warns of new Connect Secure flaw used in zero-day attacks Ivanti is warning that a new Connect Secure remote code execution vulnerability tracked as CVE-2025-0282 was exploited in zero-day attacks to install malware on appliances. […] Lawrence Abrams Go to bleepingcomputer

Russian ISP confirms Ukrainian hackers “destroyed” its network Russian internet service provider Nodex confirmed on Tuesday that its network was “destroyed” in a cyberattack claimed by Ukrainian hacktivists part of the Ukrainian Cyber Alliance […] Sergiu Gatlan Go to bleepingcomputer

SonicWall urges admins to patch exploitable SSLVPN bug immediately SonicWall is emailing customers urging them to upgrade their firewall’s SonicOS firmware to patch an authentication bypass vulnerability in SSL VPN and SSH management that is “susceptible to actual exploitation.” […] Bill Toulas Go to bleepingcomputer

Hackers exploit KerioControl firewall flaw to steal admin CSRF tokens Hackers are trying to exploit CVE-2024-52875, a critical CRLF injection vulnerability that leads to 1-click remote code execution (RCE) attacks in GFI KerioControl firewall product. […] Bill Toulas Go to bleepingcomputer

PowerSchool hack exposes student, teacher data from K-12 districts Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform. […] Lawrence Abrams Go to bleepingcomputer

Casio says data of 8,500 people exposed in October ransomware attack Japanese electronics manufacturer Casio says that the October 2024 ransomware incident exposed the personal data of approximately 8,500 people. […] Bill Toulas Go to bleepingcomputer

New Mirai botnet targets industrial routers with zero-day exploits A relatively new Mirai-based botnet has been growing in sophistication and is now leveraging zero-day exploits for security flaws in industrial routers and smart home devices. […] Bill Toulas Go to bleepingcomputer

US govt launches cybersecurity safety label for smart devices ​Today, the White House announced the launch of the U.S. Cyber Trust Mark, a new cybersecurity safety label for internet-connected consumer devices. […] Sergiu Gatlan Go to bleepingcomputer

BIOS flaws expose iSeq DNA sequencers to bootkit attacks BIOS/UEFI vulnerabilities in the iSeq 100 DNA sequencer from U.S. biotechnology company Illumina could let attackers disable devices used for detecting illnesses and developing vaccines. […] Ionut Ilascu Go to bleepingcomputer

CISA says recent government hack limited to US Treasury The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today that the Treasury Department breach disclosed last week did not impact other federal agencies. […] Sergiu Gatlan Go to bleepingcomputer

Chinese hackers also breached Charter and Windstream networks ​More U.S. companies have been added to the list of telecommunications firms hacked in a wave of breaches by a Chinese state-backed threat group tracked as Salt Typhoon. […] Sergiu Gatlan Go to bleepingcomputer

Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs New variants of the Eagerbee malware framework are being deployed against government organizations and internet service providers (ISPs) in the Middle East. […] Bill Toulas Go to bleepingcomputer

Nuclei flaw lets malicious templates bypass signature verification A now-fixed vulnerability in the open-source vulnerability scanner Nuclei could potentially allow attackers to bypass signature verification while sneaking malicious code into templates that execute on local systems. […] Lawrence Abrams Go to bleepingcomputer

Bad Tenable plugin updates take down Nessus agents worldwide Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. […] Sergiu Gatlan Go to bleepingcomputer

US sanctions Chinese company linked to Flax Typhoon hackers ​The U.S. Treasury Department has sanctioned Beijing-based cybersecurity company Integrity Tech (also known as Yongxin Zhicheng) for its involvement in cyberattacks attributed to the Chinese state-sponsored Flax Typhoon hacking group. […] Sergiu Gatlan Go to bleepingcomputer

Malicious npm packages target Ethereum developers’ private keys Twenty malicious packages impersonating the Hardhat development environment used by Ethereum developers are targeting private keys and other sensitive data. […] Bill Toulas Go to bleepingcomputer

French govt contractor Atos denies Space Bears ransomware attack claims French tech giant Atos, which secures communications for the country’s military and secret services, has denied claims made by the Space Bears ransomware gang that they compromised one of its databases. […] Sergiu Gatlan Go to bleepingcomputer

Ransomware gang leaks data stolen in Rhode Island’s RIBridges Breach The Brain Cipher ransomware gang has begun to leak documents stolen in an attack on Rhode Island’s “RIBridges” social services platform. […] Lawrence Abrams Go to bleepingcomputer

New DoubleClickjacking attack exploits double-clicks to hijack accounts A new variation of clickjacking attacks called “DoubleClickjacking” lets attackers trick users into authorizing sensitive actions using double-clicks while bypassing existing protections against these types of attacks. […] Lawrence Abrams Go to bleepingcomputer

Chinese hackers targeted sanctions office in Treasury attack ​Chinese state-backed hackers have reportedly breached the Office of Foreign Assets Control (OFAC), a Treasury Department office that administers and enforces trade and economic sanctions programs. […] Sergiu Gatlan Go to bleepingcomputer

Over 3 million mail servers without encryption exposed to sniffing attacks Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. […] Sergiu Gatlan Go to bleepingcomputer

The biggest cybersecurity and cyberattack stories of 2024 2024 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities. Below are fourteen of what BleepingComputer believes are the most impactful cybersecurity stories of 2024. […] Lawrence Abrams Go to bleepingcomputer

New details reveal how hackers hijacked 35 Google Chrome extensions New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. […] Bill Toulas Go to bleepingcomputer

US Treasury Department breached through remote support platform Chinese state-sponsored threat actors hacked the U.S. Treasury Department after breaching a remote support platform used by the federal agency. […] Lawrence Abrams Go to bleepingcomputer

AT&T and Verizon say networks secure after Salt Typhoon breach AT&T and Verizon confirmed they were breached in a massive Chinese espionage campaign targeting telecom carriers worldwide but said the hackers have now been evicted from their networks. […] Sergiu Gatlan Go to bleepingcomputer

Malware botnets exploit outdated D-Link routers in recent attacks Two botnets tracked as ‘Ficora’ and ‘Capsaicin’ have recorded increased activity in targeting D-Link routers that have reached end of life or are running outdated firmware versions. […] Bill Toulas Go to bleepingcomputer

Hackers steal ZAGG customers’ credit cards in third-party breach ZAGG Inc. is informing customers that their credit card data has been exposed to unauthorized individuals after hackers compromised a third-party application provided by the company’s e-commerce provider, BigCommerce. […] Bill Toulas Go to bleepingcomputer

Customer data from 800,000 electric cars and owners exposed online Volkswagen’s automotive software company, Cariad, exposed data collected from around 800,000 electric cars. The info could be linked to drivers’ names and reveal precise vehicle locations. […] Ionut Ilascu Go to bleepingcomputer

White House links ninth telecom breach to Chinese hackers A White House official has added a ninth U.S. telecommunications company to the list of telecoms breached in a Chinese hacking campaign that impacted dozens of countries. […] Sergiu Gatlan Go to bleepingcomputer

Hackers exploit DoS flaw to disable Palo Alto Networks firewalls Palo Alto Networks is warning that hackers are exploiting the CVE-2024-3393 denial of service vulnerability to disable firewall protections by forcing it to reboot. […] Bill Toulas Go to bleepingcomputer

Cybersecurity firm’s Chrome extension hijacked to steal users’ data At least five Chrome extensions were compromised in a coordinated attack where a threat actor injected code that steals sensitive information from users. […] Bill Toulas Go to bleepingcomputer

Apache warns of critical flaws in MINA, HugeGraph, Traffic Control The Apache Software Foundation has released security updates to address three severe problems that affect MINA, HugeGraph-Server, and Traffic Control products. […] Bill Toulas Go to bleepingcomputer

New botnet exploits vulnerabilities in NVRs, TP-Link routers A new Mirai-based malware campaign is actively exploiting unpatched vulnerabilities in Internet of Things (IoT) devices, including DigiEver DS-2105 Pro DVRs. […] Bill Toulas Go to bleepingcomputer

European Space Agency’s official store hacked to steal payment cards European Space Agency’s official web shop was hacked as it started to load a piece of JavaScript code that generates a fake Stripe payment page at checkout. […] Ionut Ilascu Go to bleepingcomputer

Clop ransomware is now extorting 66 Cleo data-theft victims The Clop ransomware gang started to extort victims of its Cleo data theft attacks and announced on its dark web portal that 66 companies have 48 hours to respond to the demands. […] Bill Toulas Go to bleepingcomputer

Adobe warns of critical ColdFusion bug with PoC exploit code Adobe has released out-of-band security updates to address a critical ColdFusion vulnerability with proof-of-concept exploit code. […] Sergiu Gatlan Go to bleepingcomputer

Premium WPLMS WordPress plugins address seven critical flaws Two WordPress plugins required by the premium WordPress WPLMS theme, which has over 28,000 sales, are vulnerable to more than a dozen critical-severity vulnerabilities. […] Bill Toulas Go to bleepingcomputer

US court finds spyware maker NSO liable for WhatsApp hacks A U.S. federal judge has ruled that Israeli spyware maker NSO Group violated U.S. hacking laws by using WhatsApp zero-days to deploy Pegasus spyware on at least 1,400 devices. […] Sergiu Gatlan Go to bleepingcomputer

Apache fixes remote code execution bypass in Tomcat web server Apache has released a security update that addresses an important vulnerability in Tomcat web server that could lead to an attacker achieving remote code execution. […] Bill Toulas Go to bleepingcomputer

US charges Russian-Israeli as suspected LockBit ransomware coder The US Department of Justice has charged a Russian-Israeli dual-national for his suspected role in developing malware and managing the infrastructure for the notorious LockBit ransomware group. […] Lawrence Abrams Go to bleepingcomputer

Sophos discloses critical Firewall remote code execution flaw Sophos has addressed three vulnerabilities in its Sophos Firewall product that could allow remote unauthenticated threat actors to perform SQL injection, remote code execution, and gain privileged SSH access to devices. […] Bill Toulas Go to bleepingcomputer

Krispy Kreme breach, data theft claimed by Play ransomware gang The Play ransomware gang has claimed responsibility for a cyberattack that impacted the business operations of the U.S. doughnut chain Krispy Kreme in November. […] Sergiu Gatlan Go to bleepingcomputer

Romanian Netwalker ransomware affiliate sentenced to 20 years in prison ​Daniel Christian Hulea, a Romanian man charged for his involvement in NetWalker ransomware attacks, was sentenced to 20 years in prison after pleading guilty to computer fraud conspiracy and wire fraud conspiracy in June. […] Sergiu Gatlan Go to bleepingcomputer

Android malware found on Amazon Appstore disguised as health app A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. […] Bill Toulas Go to bleepingcomputer

Juniper warns of Mirai botnet scanning for Session Smart routers Juniper Networks has warned customers of Mirai malware attacks scanning the Internet for Session Smart routers using default credentials. […] Sergiu Gatlan Go to bleepingcomputer

Raccoon Stealer malware operator gets 5 years in prison after guilty plea ​​Ukrainian national Mark Sokolovsky was sentenced today to five years in prison for his involvement in the Raccoon Stealer malware cybercrime operation. […] Sergiu Gatlan Go to bleepingcomputer

Russian hackers use RDP proxies to steal data in MiTM attacks The Russian hacking group tracked as APT29 (aka “Midnight Blizzard”) is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. […] Bill Toulas Go to bleepingcomputer

US considers banning TP-Link routers over cybersecurity risks The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. […] Sergiu Gatlan Go to bleepingcomputer

HubSpot phishing targets 20,000 Microsoft Azure accounts A phishing campaign targeting automotive, chemical, and industrial manufacturing companies in Germany and the UK is abusing HubSpot to steal Microsoft Azure account credentials. […] Bill Toulas Go to bleepingcomputer

‘Bitter’ cyberspies target defense orgs with new MiyaRAT malware A cyberespionage threat group known as ‘Bitter’ was observed targeting defense organizations in Turkey using a novel malware family named MiyaRAT. […] Bill Toulas Go to bleepingcomputer

New critical Apache Struts flaw exploited to find vulnerable servers A recently patched critical Apache Struts 2 vulnerability tracked as CVE-2024-53677 is actively exploited using public proof-of-concept exploits to find vulnerable devices. […] Bill Toulas Go to bleepingcomputer

FBI spots HiatusRAT malware attacks targeting web cameras, DVRs The FBI warned today that new HiatusRAT malware attacks are now scanning for and infecting vulnerable web cameras and DVRs that are exposed online. […] Sergiu Gatlan Go to bleepingcomputer

Texas Tech University System data breach impacts 1.4 million patients The Texas Tech University Health Sciences Center and its El Paso counterpart suffered a cyberattack that disrupted computer systems and applications, potentially exposing the data of 1.4 million patients. […] Bill Toulas Go to bleepingcomputer

Windows kernel bug now exploited in attacks to gain SYSTEM privileges CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. […] Sergiu Gatlan Go to bleepingcomputer

Malicious ads push Lumma infostealer via fake CAPTCHA pages A large-scale malvertising campaign distributed the Lumma Stealer info-stealing malware through fake CAPTCHA verification pages that prompt users to run PowerShell commands to verify they are not a bot. […] Bill Toulas Go to bleepingcomputer

Clop ransomware claims responsibility for Cleo data theft attacks The Clop ransomware gang has confirmed to BleepingComputer that they are behind the recent Cleo data-theft attacks, utilizing zero-day exploits to breach corporate networks and steal data. […] Lawrence Abrams Go to bleepingcomputer

Winnti hackers target other threat actors with new Glutton PHP backdoor ​The Chinese Winnti hacking group is using a new PHP backdoor named ‘Glutton’ in attacks on organizations in China and the U.S., and also in attacks on other cybercriminals. […] Bill Toulas Go to bleepingcomputer

390,000 WordPress accounts stolen from hackers in supply chain attack A threat actor tracked as MUT-1244 has stolen over 390,000 WordPress credentials in a large-scale, year-long campaign targeting other threat actors using a trojanized WordPress credentials checker. […] Sergiu Gatlan Go to bleepingcomputer

Auto parts giant LKQ says cyberattack disrupted Canadian business unit Automobile parts giant LKQ Corporation disclosed that one of its business units in Canada was hacked, allowing threat actors to steal data from the company. […] Lawrence Abrams Go to bleepingcomputer

Citrix shares mitigations for ongoing Netscaler password spray attacks Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. […] Lawrence Abrams Go to bleepingcomputer

CISA confirms critical Cleo bug exploitation in ransomware attacks CISA confirmed today that a critical remote code execution bug in Cleo Harmony, VLTrader, and LexiCom file transfer software is being exploited in ransomware attacks. […] Sergiu Gatlan Go to bleepingcomputer

FTC warns of online task job scams hooking victims like gambling The Federal Trade Commission (FTC) warns about a significant rise in gambling-like online job scams, known as “task scams,” that draw people into earning cash through repetitive tasks, with the promises of earning more if they deposit their own money. […] Bill Toulas Go…

CISA warns water facilities to secure HMI systems exposed online CISA and the Environmental Protection Agency (EPA) warned water facilities today to secure Internet-exposed Human Machine Interfaces (HMIs) from cyberattacks. […] Sergiu Gatlan Go to bleepingcomputer

Police shuts down Rydox cybercrime market, arrests 3 admins International law enforcement operation seizes the Rydox cybercrime marketplace and arrests three administrators. […] Sergiu Gatlan Go to bleepingcomputer

New IOCONTROL malware used in critical infrastructure attacks Iranian threat actors are utilizing a new malware named IOCONTROL to compromise Internet of Things (IoT) devices and OT/SCADA systems used by critical infrastructure in Israel and the United States. […] Bill Toulas Go to bleepingcomputer

US offers $5 million for info on North Korean IT worker farms ​The U.S. State Department is offering a reward of up to $5 million for information that could help disrupt the activities of North Korean front companies and employees who generated over $88 million via illegal remote IT work schemes in six years. […] Sergiu…

Cleo patches critical zero-day exploited in data theft attacks Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, currently exploited in data theft attacks. […] Sergiu Gatlan Go to bleepingcomputer

Hunk Companion WordPress plugin exploited to install vulnerable plugins Hackers are exploiting a critical vulnerability in the “Hunk Companion” plugin to install and activate other plugins with exploitable flaws directly from the WordPress.org repository. […] Bill Toulas Go to bleepingcomputer