BleepingComputer.com: Latest cybersecurity news

"Dashline password manager opened-sourced its Android and iOS apps."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 05 February 2023, 2142 UTC. Content supplied by "BleepingComputer.com."

Source:  https://www.bleepingcomputer.com/ (Latest cybersecurity news from "BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

Dashlane password manager open-sourced its Android and iOS apps

  • Dashlane announced it had made the source code for its Android and iOS apps available on GitHub under the Creative Commons Attribution-NonCommercial 4.0 license.

  • DingoToken
     

New Dingo crypto token found charging a 99% transaction fee

  • Researchers at IT security company Check Point security have flagged Dingo Token as a potential scam after finding a function that allows the project's owner to manipulate trading fees up to 99% of the transaction value.

  • Royalty King Chess
     

Linux version of Royal Ransomware targets VMware ESXi servers

  • Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines.

  • Hacker Spyware Surveillance
     

NY attorney general forces spyware vendor to alert victims

  • The New York attorney general's office has announced a $410,000 fine against a stalkerware developer who used 16 companies to promote surveillance tools illegally.

  • Electric Power
     

Bermuda hit by major internet and power outage

  • Bermuda experienced a widespread power outage on Friday which impacted the island's internet and phone services. Calling it a "serious incident" at BELCO, the Bermudian power supplier, the government has advised customers to "unplug all sensitive electrical equipment" as crews work around the clock on restoration efforts.

  • Lock cybersecurity
     

The Week in Ransomware - February 3rd 2023 - Ending with a mess

  • While the week started slowly, it turned into a big ransomware mess, with attacks striking a big blow at businesses running VMware ESXi servers.

  • PeopleConnect
     

TruthFinder, Instant Checkmate confirm data breach affecting 20M customers

  • PeopleConnect, the owners of the TruthFinder and Instant Checkmate background check services, confirmed they suffered a data breach after hackers leaked a 2019 backup database containing the info of millions of customers.

  • VMware
     

Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide

  • Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code execution vulnerability to deploy ransomware.

  • Tallahassee Memorial HealthCare
     

Florida hospital takes IT systems offline after cyberattack

  • Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack.

  • Fortra
     

GoAnywhere MFT zero-day vulnerability lets hackers breach servers

  • The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles.

  • Atlassian
     

Atlassian warns of critical Jira Service Management auth flaw

  • A critical vulnerability in Atlassian's Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.

  • Hacker smiley
     

Google ads push ‘virtualized’ malware made for antivirus evasion

  • An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer.

  • Windows Store down
     

Microsoft 365 trial offer blocks access to Windows 10 desktops

  • Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite (formerly Office 365).

  • Malware Phishing
     

Hackers weaponize Microsoft Visual Studio add-ins to push malware

  • Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code on a target machine via malicious Office add-ins.

  • Microsoft Office
     

Microsoft: Scan for outdated Office versions respects your privacy

  • Microsoft says the KB5021751 update is respecting users' privacy while scanning for and identifying the number of customers running Office versions that are outdated or approaching their end of support.

  • Ubiquiti
     

Former Ubiquiti dev pleads guilty to trying to extort his employer

  • Nickolas Sharp, a former Ubiquiti employee who managed the networking device maker's cloud team, pled guilty today to stealing gigabytes worth of files from Ubiquiti's network and trying to extort his employer while posing as an anonymous hacker and a whistleblower.

VIEW MORE

Comments

Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.