Construction firms breached in brute force attacks on accounting software
Hackers are brute-forcing passwords for highly privileged accounts on exposed Foundation accounting servers, widely used in the construction industry, to...
Read more →Category: Bleeping Computer
Cloudflare outage cuts off access to websites in some regions
A rolling Cloudflare outage is impacting access to web sites worldwide, including BleepingComputer, with sites working in some regions and...
Read more →
AT&T pays $13 million FCC settlement over 2023 data breach
The Federal Communications Commission (FCC) has reached a $13 million settlement with AT&T to resolve a probe into whether the...
Read more →
CISA urges software devs to weed out XSS vulnerabilities
CISA and the FBI urged technology manufacturing companies to review their software and ensure that future releases are free of...
Read more →
Ransomware gangs now abuse Microsoft Azure tool for data theft
Ransomware gangs like BianLian and Rhysida increasingly use Microsoft’s Azure Storage Explorer and AzCopy to steal data from breached networks...
Read more →
Over 1,000 ServiceNow instances found leaking corporate KB data
Over 1,000 misconfigured ServiceNow enterprise instances were found exposing Knowledge Base (KB) articles that contained sensitive corporate information to external...
Read more →
PKfail Secure Boot bypass remains a significant risk two months later
Roughly nine percent of tested firmware images use non-production cryptographic keys that are publicly known or leaked in data breaches,...
Read more →
Microsoft fixes bug crashing Microsoft 365 apps when typing
Microsoft has fixed a known issue that causes Microsoft 365 apps like Outlook, Word, Excel, and OneNote to crash while...
Read more →
CISA warns of Windows flaw used in infostealer malware attacks
CISA has ordered U.S. federal agencies to secure their systems against a recently patched Windows MSHTML spoofing zero-day bug exploited by the...
Read more →
Exploit code released for critical Ivanti RCE flaw, patch now
A proof-of-concept (PoC) exploit for CVE-2024-29847, a critical remote code execution (RCE) vulnerability in Ivanti Endpoint Manager, is now publicly...
Read more →
Microsoft rolls out Office LTSC 2024 for Windows and Mac
Microsoft has announced that Office LTSC (Long Term Servicing Channel) 2024, a volume-licensed and perpetual version of Office for Windows...
Read more →
Chrome switching to NIST-approved ML-KEM quantum encryption
Google is updating the post-quantum cryptography used in the Chrome browser to protect against TLS attacks using quantum computers and...
Read more →