Uncovering an advanced phishing attack
This article is written by Varonis Security Specialist Tom Barnea. Think about your most recent security awareness training concerning phishing attacks. It likely included guidelines…
Category: Bleeping Computer
New Cleo zero-day RCE flaw exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in Cleo managed file transfer software to breach corporate networks and conduct data theft attacks. The flaw is…
Chinese hackers use Visual Studio Code tunnels for remote access
Chinese hackers targeting large IT service providers in Southern Europe were seen abusing Visual Studio Code (VSCode) tunnels to maintain persistent remote access to compromised…
Microsoft 365 outage takes down Office web apps, admin center
Microsoft is investigating a widespread and ongoing Microsoft 365 outage impacting Office web apps and the Microsoft 365 admin center. Since this incident started hours…
Ransomware attack hits leading heart surgery device maker
Artivion, a leading manufacturer of heart surgery medical devices, has disclosed a November 21 ransomware attack that disrupted its operations and forced it to take…
OpenWrt Sysupgrade flaw let hackers push malicious firmware images
A flaw in OpenWrt’s Attended Sysupgrade feature used to build custom, on-demand firmware images could have allowed for the distribution of malicious firmware packages. OpenWrt is a…
Radiant links $50 million crypto heist to North Korean hackers
Radiant Capital now says that North Korean threat actors are behind the $50 million cryptocurrency heist that occurred after hackers breached its systems in an…
Ubisoft fixes Windows 11 24H2 conflicts causing game crashes
Microsoft has now partially lifted a compatibility hold blocking the Windows 24H2 update on systems with some Ubisoft games after the French video game publisher has fixed…
Outdated Google Workspace Sync blocks Windows 11 24H2 upgrades
Microsoft now blocks the Windows 11 24H2 update on computers with outdated Google Workspace Sync installs because they’re causing Outlook launch issues. Google Workspace Sync…
Romanian energy supplier Electrica hit by ransomware attack
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack that was still “in progress” earlier today.…
Cybercrime gang arrested after turning Airbnbs into fraud centers
Eight members of an international cybercrime network that stole millions of Euros from victims and set up Airbnb fraud centers were arrested in Belgium and the…
QR codes bypass browser isolation for malicious C2 communication
Mandiant has identified a novel method to bypass browser isolation technology and achieve command-and-control operations through QR codes. Browser isolation is an increasingly popular security technology…