BleepingComputer.com: Latest cybersecurity news
"GitHub now allows enabling private vulnerability reporting at scale."
Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents. Accessed on 22 April 2023, 2058 UTC. Content provided by "BleepingComputer.com."
Source: https://www.bleepingcomputer.com/ ("BleepingComputer.com").
Please click link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
-
GitHub now allows enabling private vulnerability reporting at scale
GitHub announced that private vulnerability reporting is now generally available and can be enabled at scale, on all repositories belonging to an organization.
- APRIL 22, 2023
- 12:18 PM
- 0
-
EvilExtractor malware activity spikes in Europe and the U.S.
Researchers are seeing a rise in attacks spreading the EvilExtractor data theft tool, used to steal users' sensitive data in Europe and the U.S.
- APRIL 22, 2023
- 11:14 AM
- 0
-
Google ads push BumbleBee malware used by ransomware gangs
The enterprise-targeting Bumblebee malware is distributed through Google Ads and SEO poisoning that promote popular software like Zoom, Cisco AnyConnect, ChatGPT, and Citrix Workspace.
- APRIL 22, 2023
- 10:08 AM
- 0
-
The Week in Ransomware - April 21st 2023 - Macs in the Crosshairs
A lot of news broke this week related to ransomware, with the discovery of LockBit testing macOS encryptors to an outage on NCR, causing massive headaches for restaurants.
- APRIL 21, 2023
- 06:39 PM
- 0
-
Critical infrastructure also hit by supply chain attack behind 3CX breach
The X_Trader software supply chain attack that led to last month's 3CX breach has also impacted at least several critical infrastructure organizations in the United States and Europe, according to Symantec's Threat Hunter Team.
- APRIL 21, 2023
- 03:26 PM
- 4
-
GhostToken GCP flaw let attackers backdoor Google accounts
Google has addressed a Cloud Platform (GCP) security vulnerability impacting all users and allowing attackers to backdoor their accounts using malicious OAuth applications installed from the Google Marketplace or third-party providers.
- APRIL 21, 2023
- 01:50 PM
- 0
-
Kubernetes RBAC abused to create persistent cluster backdoors
Hackers use a novel method involving RBAC (Role-Based Access Control) to create persistent backdoor accounts on Kubernetes clusters and hijack their resources for Monero crypto-mining.
- APRIL 21, 2023
- 11:35 AM
- 0
-
American Bar Association data breach hits 1.4 million members
The American Bar Association (ABA) has suffered a data breach after hackers compromised its network and gained access to older credentials for 1,466,000 members.
- APRIL 21, 2023
- 09:56 AM
- 0
-
University websites using MediaWiki, TWiki hacked to serve Fortnite spam
Websites of multiple U.S. universities are serving Fortnite and 'gift card' spam. Researchers observed Wiki and documentation pages being hosted by universities including Stanford, MIT, Berkeley, UMass Amherst, Northeastern, Caltech, among others, were compromised.
- APRIL 21, 2023
- 04:35 AM
- 0
-
Attackers use abandoned WordPress plugin to backdoor websites
Attackers are using Eval PHP, an outdated legitimate WordPress plugin, to compromise websites by injecting stealthy backdoors.
- APRIL 20, 2023
- 04:02 PM
- 0
-
Google: Ukraine targeted by 60% of Russian phishing attacks in 2023
Google's Threat Analysis Group (TAG) has been monitoring and disrupting Russian state-backed cyberattacks targeting Ukraine's critical infrastructure in 2023.
- APRIL 20, 2023
- 02:47 PM
- 0
-
VMware fixes vRealize bug that let attackers run code as root
VMware addressed a critical vRealize Log Insight security vulnerability that allows remote attackers to gain remote execution on vulnerable appliances.
- APRIL 20, 2023
- 01:22 PM
- 0
-
Lazarus hackers now push Linux malware via fake job offers
A new Lazarus campaign considered part of "Operation DreamJob" has been discovered targeting Linux users with malware for the first time.
- APRIL 20, 2023
- 11:43 AM
- 0
-
Microsoft 365 outage blocks access to web apps and services
Microsoft is investigating an ongoing outage blocking customers worldwide from accessing and using web apps and online services.
- APRIL 20, 2023
- 10:24 AM
- 2
-
Capita confirms hackers stole data in recent cyberattack
London-based professional outsourcing giant Capita has published an update on the cyber-incident that impacted it at the start of the month, now admitting that hackers exfiltrated data from its systems.
- APRIL 20, 2023
- 09:48 AM
- 0
-
3CX hack caused by trading software supply chain attack
An investigation into last month's 3CX supply chain attack discovered that it was caused by another supply chain compromise where suspected North Korean attackers breached the site of stock trading automation company Trading Technologies to push trojanized software builds.
- APRIL 20, 2023
- 08:00 AM
- 4
-
Microsoft Defender update causes Windows Hardware Stack Protection mess
In a confusing mess, a recent Microsoft Defender update rolled out a new security feature called 'Kernel-mode Hardware-enforced Stack Protection,' while removing the LSA protection feature. Unfortunately, Microsoft has not provided any documentation on this change, leading to more questions than answers.
- APRIL 19, 2023
- 05:57 PM
- 1
Comments
Post a Comment
Please leave a comment about our recent post.