BleepingComputer.com

"Windows 10 to let admins control how optional updates are deployed."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 19 November 2023, 1431 UTC.

Content and Source:   https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Windows 10 to let admins control how optional updates are deployed

  • Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks.

  • Hacker phones
     

FCC adopts new rules to protect consumers from SIM-swapping attacks

  • The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out fraud.

  • Hacker VR Spyware Surveillance
     

Exploit for CrushFTP RCE chain released, patch now

  • A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on the server, execute code, and obtain plain-text passwords.

  • Google
     

Google shares plans for blocking third-party cookies in Chrome

  • Google has officially announced plans to gradually eliminate third-party cookies, a key aspect of its Privacy Sandbox initiative.

  • Citrix
     

The Week in Ransomware - November 17th 2023 - Citrix in the Crosshairs

  • Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files.

  • Bloomberg Crypto X account snafu leads to Discord phishing attack
     

Bloomberg Crypto X account snafu leads to Discord phishing attack

  • The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials in a phishing attack.

  • Yamaha
     

Yamaha Motor confirms ransomware attack on Philippines subsidiary

  • Yamaha Motor's Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees' personal information.

  • Zimbra
     

Google: Hackers exploited Zimbra zero-day in attacks on govt orgs

  • Hackers leveraged a medium-severity security issue now identified as CVE-2023-37580 since June 29, nearly a month before the vendor addressed it in version 8.8.15 Patch 41of the software on July 25.

  • CISA
     

CISA warns of actively exploited Windows, Sophos, and Oracle bugs

  • The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a Sophos product, and an enterprise solution from Oracle.

  • Hackers library
     

British Library: Ongoing outage caused by ransomware attack

  • The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations.

  • Long Beach California
     

Long Beach, California turns off IT systems after cyberattack

  • The City of Long Beach in California is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their IT network to prevent the attack's spread.

  • Spider
     

FBI shares tactics of notorious Scattered Spider hacker collective

  • The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a loosely knit hacking collective that now collaborates with the ALPHV/BlackCat Russian ransomware operation..

  • mysql
     

MySQL servers targeted by 'Ddostf' DDoS-as-a-Service botnet

  • MySQL servers are being targeted by the 'Ddostf' malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals.

  • Toyota
     

Toyota confirms breach after Medusa ransomware threatens to leak data

  • Toyota Financial Services (TFS) has confirmed that it detected unauthorized access on some of its systems in Europe and Africa after Medusa ransomware claimed an attack on the company.

  • Copilot Windows
     

Microsoft confirms Copilot AI assistant coming to Windows 10

  • Microsoft will roll out the Copilot AI-powered assistant to Windows 10 systems enrolled in the Insider Program over the coming months.

  • Fortinet
     

Fortinet warns of critical command injection bug in FortiSIEM

  • Fortinet is alerting customers of a critical OS command injection vulnerability in FortiSIEM report server that could be exploited by remote, unauthenticated attackers to execute commands through specially crafted API requests.

VIEW MORE

Comments

Popular posts from this blog

BleepingComputer.com

The Cyberwire Daily Briefing

SecurityWeek Briefing