BleepingComputer.com: Latest Cybersecurity News

 "This week in ransomware-New gangs emerge."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 13 May 2023, 1458 UTC.  Content provided by "BleepingComputer.com."

Source:  https://www.bleepingcomputer.com/

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net

Capita warns customers they should assume data was stolen

  • Business process outsourcing firm Capita is warning customers to assume that their data was stolen in a cyberattack that affected its systems in early April.

  • Hackers Purge
     

The Week in Ransomware - May 12th 2023 - New Gangs Emerge

  • This week we have multiple reports of new ransomware families targeting the enterprise, named Cactus and Akira, both increasingly active as they target the enterprise.

  • Discord
     

Discord discloses data breach after support agent got hacked

  • Discord is notifying users of a data breach that occurred after the account of a third-party support agent was compromised.

  • CISA
     

CISA warns of critical Ruckus bug used to infect Wi-Fi access points

  • The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned today of a critical remote code execution (RCE) flaw in the Ruckus Wireless Admin panel actively exploited by a recently discovered DDoS botnet.

  • PaperCut
     

FBI: Bl00dy Ransomware targets education orgs in PaperCut attacks

  • The FBI and CISA issued a joint advisory to warn that the Bl00dy Ransomware gang is now also actively exploiting a PaperCut remote-code execution vulnerability to gain initial access to networks.

  • Toyota
     

Toyota: Car location data of 2 million customers exposed for ten years

  • Toyota Motor Corporation disclosed a data breach on its cloud environment that exposed the car-location information of 2,150,000 customers for ten years, between November 6, 2013, and April 17, 2023.

  • Outlook
     

Microsoft patches bypass for recently fixed Outlook zero-click bug

  • Microsoft fixed a security vulnerability this week that could be used by remote attackers to bypass recent patches for a critical Outlook zero-day security flaw abused in the wild.

  • Linux
     

Stealthier version of Linux BPFDoor malware spotted in the wild

  • A new, stealthier variant of the Linux malware 'BPFDoor' has been discovered, featuring more robust encryption and reverse shell communications.

  • Multinational tech firm ABB hit by Black Basta ransomware attack
     

Multinational tech firm ABB hit by Black Basta ransomware attack

  • Swiss multinational company ABB, a leading electrification and automation technology provider, has suffered a Black Basta ransomware attack, reportedly impacting business operations.

  • Brightly
     

Brightly warns of SchoolDude data breach exposing credentials

  • U.S. tech company and Siemens subsidiary Brightly Software is notifying customers that their personal information and credentials were stolen by attackers who gained access to the database of its SchoolDude online platform.

  • Ransomware
     

Babuk code used by 9 ransomware gangs to encrypt VMWare ESXi servers

  • An increasing number of ransomware operations are adopting the leaked Babuk ransomware source code to create Linux encryptors targeting VMware ESXi servers.

  • WordPress
     

WordPress Elementor plugin bug let attackers hijack accounts on 1M sites

  • One of WordPress's most popular Elementor plugins, "Essential Addons for Elementor," was found to be vulnerable to an unauthenticated privilege escalation that could allow remote attacks to gain administrator rights on the site.

  • Prison
     

Former Ubiquiti dev who extorted the firm gets six years in prison

  • Nickolas Sharp, a former senior developer of Ubiquiti, was sentenced to six years in prison for stealing company data, attempting to extort his employer, and aiding the publication of misleading news articles that severely impacted the firm's market capitalization.

  • Twitter birds encryption
     

Twitter rolls out encrypted DMs, but only for paying accounts

  • Twitter has launched its 'Encrypted Direct Messages' feature allowing paid Twitter Blue subscribers to send end-to-end encrypted messages to other users on the platform.

  • Botnet robot
     

RapperBot DDoS malware adds cryptojacking as new revenue stream

  • New samples of the RapperBot botnet malware have added cryptojacking capabilites to mine for cryptocurrency on compromised Intel x64 machines.

  • Google
     

Google brings dark web monitoring to all U.S. Gmail users

  • Google announced today that all Gmail users in the United States will soon be able to use the dark web report security feature to discover if their email address has been found on the dark web.

VIEW MORE

Comments

Popular posts from this blog

The Cyberwire Daily Briefing

BleepingComputer.com

SecurityWeek Briefing