BleepingComputer.com

"Game mod on Stream breached to push password-stealing malware."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 29 December 2023, 1448 UTC.

Content and Source:  https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Get all-in-one online protection with up to $256 off Surfshark One

  • Using the internet shouldn't compromise your security. This one-year subscription to a set of four safety tools from Surfshark makes it easier to protect yourself when surfing for $47.99, $125 off the $173 MSRP. Or get a two year Surfshark One subscription for $89.99, $256 off the $346 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • DECEMBER 29, 2023
    •  
    • 07:09 AM
    •  
    • Comment Count 0
  • Game mod on Steam breached to push password-stealing malware
     

Game mod on Steam breached to push password-stealing malware

  • Downfall, a fan expansion for the popular Slay the Spire indie strategy game, was breached on Christmas Day to push Epsilon information stealer malware using the Steam update system.

  • Eagers Automotive
     

Eagers Automotive halts trading in response to cyberattack

  • Eagers Automotive has announced it suffered a cyberattack and was forced to halt trading on the stock exchange as it evaluates the impact of the incident.

  • EasyPark
     

EasyPark discloses data breach that may impact millions of users

  • Parking app developer EasyPark has published a notice on its website warning of a data breach it discovered on December 10, 2023, which impacts an unknown number of its millions of users.

  • Password cybersecurity mobile
     

Save $100 on ethical hacking training just in time for 2024

  • Cybersecurity should be part of every IT worker's portfolio. This 10-course bundle gets you current for $29.97, $100 off the $130 MSRP, but only through the end of New Year's Day!

    • BLEEPINGCOMPUTER DEALS
    •  
    • DECEMBER 28, 2023
    •  
    • 02:07 PM
    •  
    • Comment Count 0
  • Windows
     

Microsoft disables MSIX protocol handler abused in malware attacks

  • Microsoft has again disabled the MSIX ms-appinstaller protocol handler after multiple financially motivated threat groups abused it to infect Windows users with malware.

  • Kroll
     

Kroll reveals FTX customer info exposed in August data breach

  • Risk and financial advisory company Kroll has released additional details regarding the August data breach, which exposed the personal information of FTX bankruptcy claimants.

  • Russian hacker
     

Russian military hackers target Ukraine with new MASEPIE malware

  • Ukraine's Computer Emergency Response Team (CERT) is warning of a new phishing campaign that allowed Russia-linked hackers to deploy previously unseen malware on a network in under one hour.

  • Hacker
     

Apache OFBiz RCE flaw exploited to find vulnerable Confluence servers

  • A critical Apache OFBiz pre-authentication remote code execution vulnerability is being actively exploited using public proof of concept (PoC) exploits.

  • Costco
     

Start 2024 with savings on everyday items using a Costco membership

  • Being able to buy household items and other needs in larger lots at wholesale prices frees up your time and makes room in your budget. This Costco Gold Star Membership with a $40 Digital Costco Shop Card gets you started for $60. Get this deal while it's available through January 1.

    • BLEEPINGCOMPUTER DEALS
    •  
    • DECEMBER 28, 2023
    •  
    • 07:12 AM
    •  
    • Comment Count 0
  • Hackers cryptocurrency
     

Blockchain dev's wallet emptied in "job interview" using npm package

  • A blockchain developer shares his ordeal over the holidays when he was approached on LinkedIn by a "recruiter" for a web development job. The recruiter in question asked the developer to download npm packages from a GitHub repository, and hours later the developer discovered his MetaMask wallet had been emptied.

  • Ohio Lottery
     

Ohio Lottery hit by cyberattack claimed by DragonForce ransomware

  • The Ohio Lottery was forced to shut down some key systems after a cyberattack affected an undisclosed number of internal applications on Christmas Eve.

  • Fransiskus
     

Lockbit ransomware disrupts emergency care at German hospitals

  • German hospital network Katholische Hospitalvereinigung Ostwestfalen (KHO) has confirmed that recent service disruptions were caused by a Lockbit ransomware attack where the threat actors gained access to IT systems and encrypted devices on the network.

  • Datacenter Network Switch
     

Save $100 and prepare for IT certifications with this course bundle deal

  • Practice makes perfect, and practice labs and questions help you deliver a perfect exam. These 13 training labs get you into the exam mindset for $19.97, $100 off the $119 MSRP, now through the end of January 1st, 2024!

    • BLEEPINGCOMPUTER DEALS
    •  
    • DECEMBER 27, 2023
    •  
    • 02:09 PM
    •  
    • Comment Count 0
  • LoanCare
     

Mortgage firm LoanCare warns 1.3 million people of data breach

  • Mortgage servicing company LoanCare is warning 1,316,938 borrowers across the U.S. that their sensitive information was exposed in a data breach at its parent company, Fidelity National Financial.

  • Panasonic Avionics
     

Panasonic discloses data breach after December 2022 cyberattack

  • Panasonic Avionics Corporation, a leading supplier of in-flight communications and entertainment systems, disclosed a data breach affecting an undisclosed number of individuals after its corporate network was breached more than one year ago, in December 2022.

  • Android malware
     

New Xamalicious Android malware installed 330k times on Google Play

  • A previously unknown Android backdoor named 'Xamalicious' has infected approximately 338,300 devices via malicious apps on Google Play, Android's official app store.

  • Apple
     

iPhone Triangulation attack abused undocumented hardware feature

  • The Operation Triangulation spyware attacks targeting iPhone devices since 2019 leveraged undocumented features in Apple chips to bypass hardware-based security protections.

  • Lenovo
     

Save $160 on a refurbished low-profile Lenovo desktop PC

  • A refurbished Lenovo ThinkCentre M900 is a great option for anyone who needs the features of a desktop with the portability of a laptop for $189.99, $160 off the $349 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • DECEMBER 27, 2023
    •  
    • 07:19 AM
    •  
    • Comment Count 0
  • Barracuda
     

Barracuda fixes new ESG zero-day exploited by Chinese hackers

  • Network and email security firm Barracuda says it remotely patched all active Email Security Gateway (ESG) appliances on December 21 against a zero-day bug exploited by UNC4841 Chinese hackers.


Comments

Popular posts from this blog

SecurityWeek Briefing.

Cyber War Newswire

SecurityWeek Briefing.