Bleepingcomputer.com

"Veeam warns of critical RCE flaw in backup & replication software."

Views expressed in this cybersecurity and cyber crime update are those of the reporters and correspondents.  Accessed on 05 September 2024, 1516 UTC.

Content and Source:   https://www.bleepingcomputer.com/

Please check link or scroll down to read your selections. Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Veeam warns of critical RCE flaw in Backup & Replication software

  • Veeam has released security updates for several of its products as part of a single September 2024 security bulletin that addresses 18 high and critical severity flaws in Veeam Backup & Replication, Service Provider Console, and One.

  • Save on a refurbished Chromebook now marked down to $80
     

Save on a refurbished Chromebook now marked down to $80

  • These are no-frill computers that can manage basic tasks and don't look out of place stuffed in a backpack, and this Chromebook 4 is the perfect example for the right price. It's also only $80. 

    • BleepingComputer Deals
    •  
    • September 05, 2024
    •  
    • 07:16 AM
    •  
    • Comment Count 0
  • OnlyFans
     

Fake OnlyFans cybercrime tool infects hackers with malware

  • Hackers are targeting other hackers with a fake OnlyFans tool that claims to help steal accounts but instead infects threat actors with the Lumma stealer information-stealing malware.

  • Planned Parenthood
     

Planned Parenthood confirms cyberattack as RansomHub claims breach

  • Planned Parenthood has confirmed it suffered a cyberattack affecting its IT systems, forcing it to take parts of its infrastructure offline to contain the damage.

  • Microchip Technology
     

Microchip Technology confirms data was stolen in cyberattack

  • American semiconductor supplier Microchip Technology Incorporated has confirmed that employee information was stolen from systems compromised in an August cyberattack, which was later claimed by the Play ransomware gang.

  • red hacker grin
     

Red team tool ‘MacroPack’ abused in attacks to deploy Brute Ratel

  • The MacroPack framework, initially designed for Red Team exercises, is being abused by threat actors to deploy malicious payloads, including Havoc, Brute Ratel, and PhatomCore.

  • Russian hackers
     

US cracks down on Russian disinformation before 2024 election

  • The FBI seized 32 web domains used by the Doppelgänger Russian-linked influence operation network in a disinformation campaign targeting the American public ahead of this year's presidential election.

  • Cisco
     

Cisco fixes root escalation vulnerability with public exploit code

  • Cisco has fixed a command injection vulnerability in the Identity Services Engine (ISE) with public exploit code that lets attackers escalate privileges to root on vulnerable systems.

  • CompTIA
     

Get started in IT and cybersecurity with this CompTIA course bundle deal

  • If you're looking for a low-cost information technology and cybersecurity course bundle with just as much exhaustive material as the expensive ones, check out the Complete 2024 CompTIA Course Super Bundle.

    • BleepingComputer Deals
    •  
    • September 04, 2024
    •  
    • 02:07 PM
    •  
    • Comment Count 0
  • Lock
     

New Eucleak attack lets threat actors clone YubiKey FIDO keys

  • A new "EUCLEAK" flaw found in FIDO devices using the Infineon SLE78 security microcontroller, like Yubico's YubiKey 5 Series, allows attackers to extract Elliptic Curve Digital Signature Algorithm (ECDSA) secret keys and clone the FIDO device.

  • Cisco
     

Cisco warns of backdoor admin account in Smart Licensing Utility

  • Cisco has removed a backdoor account in the Cisco Smart Licensing Utility (CSLU) that can be used to log into unpatched systems with administrative privileges.

  • Cisco
     

Hackers inject malicious JS in Cisco store to steal credit cards, credentials

  • Cisco's site for selling company-themed merchandise is currently offline and under maintenance due to hackers compromising it with JavaScript code that steals sensitive customer details provided at checkout.

  • Android
     

Google backports fix for Pixel EoP flaw to other Android devices

  • Google has released the September 2024 Android security updates to fix 34 vulnerabilities, including CVE-2024-32896, an actively exploited elevation of privilege flaw that was previously fixed on Pixel devices.

  • Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security
     
    Security· Sponsored Content

Criminal IP Earns PCI DSS v4.0 Certification for Top-Level Security

  • AI Spera has achieved PCI DSS v4.0 certification for its threat intel search engine solution, Criminal IP. Learn more from the Criminal IP cyber threat intelligence search engine.

  • Package Container
     

Revival Hijack supply-chain attack threatens 22,000 PyPI packages

  • Threat actors are utilizing an attack called "Revival Hijack," where they register new PyPi projects using the names of previously deleted packages to conduct supply chain attacks.

  • Get massive portable storage with this 512GB USB-C thumb drive deal
     

Get massive portable storage with this 512GB USB-C thumb drive deal

  • Whether you're upgrading your file security, need to backup your phone, or just need extra storage, you can get dual USB-C/USB-A 512GB Flash Drive for $47.99.

    • BleepingComputer Deals
    •  
    • September 04, 2024
    •  
    • 07:16 AM
    •  
    • Comment Count 0
  • bitcoin hacker
     

FTC: Over $110 million lost to Bitcoin ATM scams in 2023

  • ​The U.S. Federal Trade Commission (FTC) has reported a massive increase in losses to Bitcoin ATM scams, nearly ten times the amount from 2020 and reaching over $110 million in 2023.

  • Zyxel
     

Zyxel warns of critical OS command injection flaw in routers

  • Zyxel has released security updates to address a critical vulnerability impacting multiple models of its business routers, potentially allowing unauthenticated attackers to perform OS command injection.

  • Windows
     

New Windows PowerToy launches, repositions apps to saved layouts

  • ​Microsoft has released a new Workspaces PowerToy that helps launch sets of applications using custom desktop layouts and configurations with a mouse click.

  • Hackers cryptocurrency
     

FBI warns crypto firms of aggressive social engineering attacks

  • The FBI warns of North Korean hackers aggressively targeting cryptocurrency companies and their employees in sophisticated social engineering attacks, aiming to deploy malware that steals their crypto assets.

Comments

Popular posts from this blog

SecurityWeek Briefing.

SecurityWeek Briefing.

Cyber War Newswire