BleepingComputer.com

"Breached shutdown sparks migration to ARES data forum."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 08 April 2023, 2004 UTC.  Content provided by "BleepingComputer.com."

Source:   https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net and https://paper.li/RussellRoberts).

Breached shutdown sparks migration to ARES data leak forums

  • A threat group called ARES is gaining notoriety on the cybercrime scene by selling and leaking databases stolen from corporations and public authorities.

  • Western Digital
     

Western Digital struggles to fix massive My Cloud outage, offers workaround

  • On Friday, five days into a massive outage impacting its cloud services, Western Digital finally provided customers with a workaround to access their files.

  • Micosoft Exchange
     

Microsoft delays Exchange Online CARs deprecation until 2024

  • Microsoft announced today that Client Access Rules (CARs) deprecation in Exchange Online will be delayed by one year until September 2024.

  • CISA
     

CISA orders agencies to patch Backup Exec bugs used by ransomware gang

  • On Friday, U.S. Cybersecurity and Infrastructure Security Agency (CISA) increased by five its list of security issues that threat actors have used in attacks, three of them in Veritas Backup Exec exploited to deploy ransomware.

  • Apple
     

Apple fixes two zero-days exploited to hack iPhones and Macs

  • Apple has released emergency security updates to address two new zero-day vulnerabilities exploited in attacks to compromise iPhones, Macs, and iPads.

  • Sandbox
     

Exploit available for critical bug in VM2 JavaScript sandbox library

  • Proof-of-concept exploit code has been released for a recently disclosed critical vulnerability in the popular VM2 library, a JavaScript sandbox that is used by multiple software to run code securely in a virtualized environment.

  • MSI
     

MSI confirms security breach following ransomware attack claims

  • Following reports of a ransomware attack, Taiwanese PC vendor MSI (short for Micro-Star International) confirmed today that its network was breached in a cyberattack.

  • WordPress
     

Massive Balada Injector campaign attacking WordPress sites since 2017

  • An estimated one million WordPress websites have been compromised during a long-lasting campaign that exploits "all known and recently discovered theme and plugin vulnerabilities" to inject a Linux backdoor that researchers named Balad Injector.

  • Microsoft Edge
     

Microsoft Edge can now generate images with AI

  • Microsoft Edge has become the first and only browser with an integrated AI image generator, allowing users to create images that do not exist yet, powered by the latest DALL∙E models from OpenAI.

  • FBI
     

FBI warns of companies exploiting sextortion victims for profit

  • For-profit companies reportedly linked to sextortion activity are targeting victims using various deceptive tactics to pressure them into paying for "assistance" services provided by non-profit agencies and law enforcement for free, the FBI warns.

  • Flipper Zero
     

Flipper Zero banned by Amazon for being a ‘card skimming device’

  • Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device.

  • ACRO UK criminal records office
     

UK criminal records office confirms cyber incident behind portal issues

  • The UK's Criminal Records Office (ACRO) has finally confirmed, after weeks of delaying issuing a statement, that online portal issues experienced since January 17 resulted from what it described as a "cyber security incident."

  • Chrome flare
     

Hackers use Rilide browser extension to bypass 2FA, steal crypto

  • A new malware strain called Rilide has been targeting Chromium-based web browsers like Google Chrome, Brave, Opera, and Microsoft Edge, to monitor user browsing history, snap screenshots, and inject scripts that can steal cryptocurrency.

  • Windows 10
     

Microsoft: Windows 10 21H2 is reaching end of service in June

  • Microsoft reminded customers today that multiple editions of Windows 10, version 21H2, will reach the end-of-service (EOS) in two months, on June 13, 2023.

  • Microsoft
     

Microsoft and Fortra crack down on malicious Cobalt Strike servers

  • Microsoft, Fortra, and the Health Information Sharing and Analysis Center (Health-ISAC) have announced a broad legal crackdown against servers hosting cracked copies of Cobalt Strike, one of the primary hacking tools used by cybercriminals. 

  • OUC
     

Medusa ransomware claims attack on Open University of Cyprus

  • The Medusa ransomware gang has claimed a cyberattack on the Open University of Cyprus (OUC), which caused severe disruptions of the organization's operations.

  • MSI
     

Money Message ransomware gang claims MSI breach, demands $4 million

  • Taiwanese PC parts maker MSI (Micro-Star International) has been listed on the extortion portal of a new ransomware gang known as "Money Message," which claims to have stolen source code from the company's network.

VIEW MORE

Comments

Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.