BleepingComputer.com

 "Hackers email stolen student data to parents of Nevada school district."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 29 October 2023, 1341 UTC.  Content provided by "BleepingComputer.com."

Source: https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Hackers email stolen student data to parents of Nevada school district

  • The Clark County School District (CCSD) in Nevada is dealing with a potentially massive data breach, as hackers email parents their children's' data that was allegedly stolen during a recent cyberattack.

  • Hacker
     

HackerOne paid ethical hackers over $300 million in bug bounties

  • HackerOne has announced that its bug bounty programs have awarded over $300 million in rewards to ethical hackers and vulnerability researchers since the platform's inception.

  • Pwn2Own Toronto
     

Hackers earn over $1 million for 58 zero-days at Pwn2Own Toronto

  • The Pwn2Own Toronto 2023 hacking competition has ended with security researchers earning $1,038,500 for 58 zero-day exploits (and multiple bug collisions) targeting consumer products between October 24 and October 27.

  • Hackers Datacenter
     

The Week in Ransomware - October 27th 2023 - Breaking Records

  • Ransomware attacks are increasing significantly, with reports indicating that last month was a record month for ransomware attacks in 2023.

  • Microsoft 365
     

Microsoft 365 users get workaround for ‘Something Went Wrong’ errors

  • Microsoft shared a workaround for a known Microsoft 365 issue triggering 'Something Went Wrong [1001]' sign-in errors and making desktop applications unusable for many customers.

  • Lazarus
     

Lazarus hackers breached dev repeatedly to deploy SIGNBT malware

  • The North Korean Lazarus hacking group repeatedly compromised a software vendor using flaws in vulnerable software despite multiple patches and warnings being made available by the developer.

  • F5
     

F5 fixes BIG-IP auth bypass allowing remote code execution attacks

  • A critical vulnerability in the F5 BIG-IP configuration utility, tracked as CVE-2023-46747, allows an attacker with remote access to the configuration utility to perform unauthenticated remote code execution.

  • Windows 11
     

Windows 11 KB5031455 preview update enables Moment 4 features by default

  • Microsoft has released the optional KB5031455 Preview cumulative update for Windows 11 22H2, which enables 72 new Moment 4 features by default and fixes 22 issues.

  • Windows 10
     

Windows 10 KB5031445 preview update fixes ctfmon.exe memory leak, 9 issues

  • Microsoft has released the optional KB5031445 Preview cumulative update for Windows 10 22H2 with nine improvements or fixes, including a fix for a memory leak in ctfmon.exe.

  • Octopus Okto Tempest
     

Microsoft: Octo Tempest is one of the most dangerous financial hacking groups

  • Microsoft has published a detailed profile of a native English-speaking threat actor with advanced social engineering capabilities it tracks as Octo Tempest, that targets companies in data extortion and ransomware attacks.

  • Android
     

Android adware apps on Google Play amass two million installs

  • Several malicious Google Play Android apps installed over 2 million times push intrusive ads to users while concealing their presence on the infected devices.

  • Police arrests hacker
     

Nigerian Police dismantle cybercrime recruitment, mentoring hub

  • The Nigerian Police Form has arrested six suspects and dismantled a mentoring hub linked to cybercrime activities, including business email compromise, romance, and investment scams.

  • Russian Bear France
     

France says Russian state hackers breached numerous critical networks

  • The Russian APT28 hacking group (aka 'Strontium' or 'Fancy Bear') has been targeting government entities, businesses, universities, research institutes, and think tanks in France since the second half of 2021.

  • Striped Fly
     

StripedFly malware framework infects 1 million Windows, Linux hosts

  • A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.

  • DDoS
     

Cloudflare sees surge in hyper-volumetric HTTP DDoS attacks

  • The number of hyper-volumetric HTTP DDoS (distributed denial of service) attacks recorded in the third quarter of 2023 surpasses every precedent, indicating that the field has entered a new chapter.

  • Apple CPU
     

New iLeakage attack steals emails, passwords from Apple Safari

  • Academic researchers created a new speculative side-channel attack they named iLeakage that works on all recent Apple devices and can extract sensitive information from the Safari web browser.

VIEW MORE

Comments

Popular posts from this blog

The Cyberwire Daily Briefing

BleepingComputer.com

SecurityWeek Briefing