BleepingComputer.com

"Cisco warns of password-spraying attacks targeting VPN services."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 28 March 2024, 1658 UTC.

Content and Source:  https://www.bleepingcomputer.com/BleepingComputer.com.

Please scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Cisco warns of password-spraying attacks targeting VPN services

  • Cisco has shared a set of recommendations for customers to mitigate password-spraying attacks that have been targeting Remote Access VPN (RAVPN) services configured on Cisco Secure Firewall devices.

  • How Pentesting-as-a-Service can Reduce Overall Security Costs
     
    SPONSORED CONTENT

How Pentesting-as-a-Service can Reduce Overall Security Costs

  • Penetration testing plays a critical role in finding application vulnerabilities before they can be exploited. Learn more from Outpost24 on the costs of Penetration-Testing-as-a-Service vs classic pentest offerings.

  • Visio
     

Diagram better — Microsoft Visio Pro 2021 is $25 through April 2nd

  • Through April 2nd at 11:59 PM PT only, you can get Microsoft Visio Professional 2021 for Windows on sale for just $24.97 (reg. $249) as a part of a limited-time price drop. 

    • BLEEPINGCOMPUTER DEALS
    •  
    • MARCH 28, 2024
    •  
    • 07:11 AM
    •  
    • Comment Count 0
  • Dracula SMS
     

New Darcula phishing service targets iPhone users via iMessage

  • A new phishing-as-a-service (PhaaS) named 'Darcula' uses 20,000 domains to spoof brands and steal credentials from Android and iPhone users in more than 100 countries.

  • Windows 11
     

Windows 11 22H2 Home and Pro get preview updates until June 26

  • Microsoft reminded customers today that the Windows 11 22H2 Home and Pro editions will continue to receive non-security preview updates until June 26.

  • Google Chrome
     

Google fixes Chrome zero-days exploited at Pwn2Own 2024

  • Google fixed seven security vulnerabilities in the Chrome web browser on Tuesday, including two zero-days exploited during the Pwn2Own Vancouver 2024 hacking competition.

  • Security Cybersecurity
     

Price drop: Get an security and IT education for just $39.97

  • Order by 4/2 to get lifetime on-demand access to all 11 courses in this bundle for just $39.97, saving $332 on the original price.

    • BLEEPINGCOMPUTER DEALS
    •  
    • MARCH 27, 2024
    •  
    • 02:11 PM
    •  
    • Comment Count 0
  • NHS Scotland
     

INC Ransom threatens to leak 3TB of NHS Scotland stolen data

  • The INC Ransom extortion gang is threatening to publish three terabytes of data allegedly stolen after breaching the National Health Service (NHS) of Scotland.

  • SharePoint
     

CISA tags Microsoft SharePoint RCE bug as actively exploited

  • CISA warns that attackers are now exploiting a Microsoft SharePoint code injection vulnerability that can be chained with a critical privilege escalation flaw for pre-auth remote code execution attacks.

  • Kucoin
     

KuCoin charged with AML violations that let cybercriminals launder billions

  • The U.S. Department of Justice (DoJ) has charged global cryptocurrency exchange KuCoin and two of its founders for failing to adhere to anti-money laundering (AML) requirements, allowing threat actors to use the platform to launder money.

  • Ransomware as a Service and the Strange Economics of the Dark Web
     
    SPONSORED CONTENT

Ransomware as a Service and the Strange Economics of the Dark Web

  • Ransomware is quickly changing in 2024, with massive disruptions and large gangs shutting down. Learn from Flare how affiliate competition is changing in 2024, and what might come next.

    • SPONSORED BY FLARE
    •  
    • MARCH 27, 2024
    •  
    • 10:02 AM
    •  
    • Comment Count 1
  • Government spy
     

Google: Spyware vendors behind 50% of zero-days exploited in 2023

  • Google's Threat Analysis Group (TAG) and Google subsidiary Mandiant said they've observed a significant increase in the number of zero-day vulnerabilities exploited in attacks in 2023, many of them linked to spyware vendors and their clients.

  • Babbel
     

Speak, read, and write in a new language with $460 off Babbel

  • Learning a new language broadens your mind and opens up new opportunities. A Babbel lifetime subscription gets you started on a new way to speak for $139.97, $460 off the $599 MSRP, a price only available through April 2 11:59pm PST.

    • BLEEPINGCOMPUTER DEALS
    •  
    • MARCH 27, 2024
    •  
    • 07:19 AM
    •  
    • Comment Count 0
  • Windows 11
     

Windows 11 KB5035942 update enables Moment 5 features for everyone

  • Microsoft has released the March 2024 non-security KB5035942 preview update for Windows 11 23H2, which enables Moment 5 features by default and fixes 18 known issues.

  • Windows 10
     

Windows 10 KB5035941 update released with lock screen widgets

  • Microsoft has released the optional KB5035941 preview cumulative update for Windows 10 22H2, introducing widgets on the lock screen, Windows Spotlight on the desktop, and 21 other fixes or changes.

  • Chinese hackers
     

Finland confirms APT31 hackers behind 2021 parliament breach

  • The Finnish Police confirmed on Tuesday that the APT31 hacking group linked to the Chinese Ministry of State Security (MSS) was behind a breach of the country's parliament disclosed in March 2021.

  • Raspberry Pi
     

$700 cybercrime software turns Raspberry Pi into an evasive fraud tool

  • Cybercriminals are selling custom Raspberry Pi software called 'GEOBOX' on Telegram, which allows inexperienced hackers to convert the mini-computers into anonymous cyberattack tools.

  • Exchange Online
     

Germany warns of 17K vulnerable Microsoft Exchange servers exposed online

  • The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and vulnerable to one or more critical security vulnerabilities.

  • AI hacker security Artificial Intelligence
     

Hackers exploit Ray framework flaw to breach servers, hijack resources

  • A new hacking campaign dubbed "ShadowRay" targets an unpatched vulnerability in Ray, a popular open-source AI framework, to hijack computing power and leak sensitive data from thousands of companies.

  • Project Management
     

Train to become a project manager with $155 off this training bundle

  • Project management is about discipline, on the individual and team level. These five project management training and exam prep courses help you marshal that discipline for $39.99, $155 off the $195 MSRP.

    • BLEEPINGCOMPUTER DEALS
    •  
    • MARCH 26, 2024
    •  
    • 02:06 PM
    •  
    • Comment Count 0
VIEW MORE

Comments

Popular posts from this blog

BleepingComputer.com

The Cyberwire Daily Briefing

SecurityWeek Briefing