BleepingComputer.com

"Hacker arrested for cryptojacking 1 million virtual servers."

Views expressed in this cybersecurity, cybercrime update are those of the reporters and correspondents.  Accessed on 13 January 2024, 2127 UTC.

Content and Source:  https://www.bleepingcomputer.com/ ("BleepingComputer.com").

Please click link or scroll down to read your selections.

Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Hacker arrested for cryptojacking 1 million virtual servers

  • A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. 

  • PowerShell
     

Automate Windows with $58 off this Powershell course bundle

  • Scripting is a powerful tool for Windows users, regardless of their skill level. This six-course PowerShell training series shows you how to get more from Windows for $19.99, $58 off the $78 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 13, 2024
    •  
    • 08:12 AM
    •  
    • Comment Count 0
  • The Week in Ransomware - January 12th 2024 - Targeting homeowners' data
     

The Week in Ransomware - January 12th 2024 - Targeting homeowners' data

  • Mortgage lenders and related companies are becoming popular targets of ransomware gangs, with four companies in this sector recently attacked.

  • SharePoint
     

CISA: Critical Microsoft SharePoint bug now actively exploited

  • CISA warns that attackers are now exploiting a critical Microsoft SharePoint privilege escalation vulnerability that can be chained with another critical bug for remote code execution.

  • GitLab
     

GitLab warns of critical zero-click account hijacking vulnerability

  • GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.

  • Juniper
     

Juniper warns of critical RCE bug in its firewalls and switches

  • Juniper Networks has released security updates to fix a critical pre-auth remote code execution (RCE) vulnerability in its SRX Series firewalls and EX Series switches.

  • Ivanti
     

Ivanti Connect Secure zero-days exploited to deploy custom malware

  • Hackers have been exploiting the two zero-day vulnerabilities in Ivanti Connect Secure disclosed this week since early December to deploy multiple families of custom malware for espionage purposes.

  • Microsoft Office
     

Start the new year with $200 off Microsoft Office for Windows or Mac

  • Get Microsoft Office Home & Business 2019 for Mac for $29.97 from StackCommerce through the end of January 14th, 2024.

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 12, 2024
    •  
    • 07:19 AM
    •  
    • Comment Count 0
  • T-Mobile
     

Major T-Mobile outage takes down account access, mobile app

  • A major T-Mobile outage is preventing customers from logging into their accounts and using the company's mobile app.

  • Framework
     

Framework discloses data breach after accountant gets phished

  • Framework Computer disclosed a data breach exposing the personal information of an undisclosed number of customers after Keating Consulting Group, its accounting service provider, fell victim to a phishing attack.

  • Hacker
     

Over 150k WordPress sites at takeover risk via vulnerable plugin

  • Two vulnerabilities impacting the POST SMTP Mailer WordPress plugin, an email delivery tool used by 300,000 websites, could help attackers take complete control of a site authentication.

  • Halara
     

Halara probes breach after hacker leaks data for 950,000 people

  • Popular athleisure clothing brand Halara is investigating a data breach after the alleged data of almost 950,000 customers was leaked on a hacking forum.

  • Windows 11
     

Microsoft testing Windows 11 USB 80Gbps support, Copilot on login

  • Microsoft is now testing support for the USB4 Version 2.0 specification in Windows 11, enabling transfer speeds of up to 80 Gbps over USB Type-C cables.

  • Bitwarden
     

Bitwarden adds passkey support to log into web password vaults

  • The open-source Bitwarden password manager has announced that all users can now log in to their web vaults using a passkey instead of the standard username and password pairs.

  • Cybersecurity Lock World
     

Sharpen your white-hat skills with $260 off a ethical hacking course

  • Cybersecurity is a pillar of IT work. This seven-course bundle shows you how to use ethical hacking to protect your networks and data for $39.99, $260 off the $300 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 11, 2024
    •  
    • 02:08 PM
    •  
    • Comment Count 0
  • Windows
     

Microsoft shares script to update Windows 10 WinRE with BitLocker fixes

  • Microsoft has released a PowerShell script to automate updating the Windows Recovery Environment (WinRE) partition in order to fix CVE-2024-20666, a vulnerability that allowed for BitLocker encryption bypass.

  • WordPress
     

New Balada Injector campaign infects 6,700 WordPress sites

  • A new Balada Injector campaign launched in mid-December has infected over 6,700 WordPress websites using a vulnerable version of the Popup Builder campaign.

  • Hacker ransomware
     

Finland warns of Akira ransomware wiping NAS and tape backup devices

  • The Finish National Cybersecurity Center (NCSC-FI) is informing of increased Akira ransomware activity in December, targeting companies in the country and wiping backups.

  • Costco
     

Get this Costco Gold Star Membership and a digital Costco Shop Card for $60

  • Get this Costco 1-Year Gold Star Membership + $20 Digital Costco Shop Card* on sale for just $60 for a limited time only. 

    • BLEEPINGCOMPUTER DEALS
    •  
    • JANUARY 11, 2024
    •  
    • 07:14 AM
    •  
    • Comment Count 0
  • Mandiant
     

Mandiant's X account hacked by crypto Drainer-as-a-Service gang

  • Cybersecurity firm and Google subsidiary Mandiant says its Twitter/X account was hijacked last week by a Drainer-as-a-Service (DaaS) gang in what it described as "likely a brute force password attack."

VIEW MORE

Comments

Popular posts from this blog

The Cyberwire Daily Briefing

BleepingComputer.com

SecurityWeek Briefing