Columbus investigates whether data was stolen in ransomware attack
The City of Columbus, Ohio, says it’s investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City’s…
Category: Bleeping Computer
Microsoft 365 and Azure outage takes down multiple services
Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. “We’re currently investigating access issues and degraded performance…
UK govt links 2021 Electoral Commission breach to Exchange server
Image: MidjourneyThe United Kingdom’s Information Commissioner’s Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its…
New Specula tool uses Outlook for remote code execution in Windows
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released…
Apple iOS 18.1 Beta previews Apple Intelligence for the first time
Apple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released…
Former Avaya employee gets 4 years for $88M license piracy scheme
Three individuals who orchestrated a massive software pirating operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have been sentenced…
Ransomware gangs exploit VMware ESXi auth bypass in attacks
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. Tracked as CVE-2024-37085, this medium-severity security flaw was…
HealthEquity says data breach impacts 4.3 million people
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. HealthEquity, one of the largest…
Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed “EchoSpoofing” exploited now-fixed, weak permissions in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney,…
Misconfigured Selenium Grid servers abused for Monero mining
Threat actors are exploiting a misconfiguration in Selenium Grid, a popular web app testing framework, to deploy a modified XMRig tool for mining Monero cryptocurrency. Selenium…
WhatsApp for Windows lets Python, PHP scripts execute with no warning
A security issue in the latest version of WhatsApp for Windows allows sending Python and PHP attachments that are executed without any warning when the…
X begins training Grok AI with your posts, here’s how to disable
X has quietly begun training its Grok AI chat platform using members’ public posts without first alerting anyone that it is doing it by default. As AI…