CISA warns of VMware ESXi bug exploited in ransomware attacks
CISA has ordered U.S. Federal Civilian Executive Branch (FCEB) agencies to secure their servers against a VMware ESXi authentication bypass vulnerability exploited in ransomware attacks.…
Category: Bleeping Computer
Black Basta ransomware switches to more evasive custom malware
The Black Basta ransomware gang has shown resilience and an ability to adapt to a constantly shifting space, using new custom tools and tactics to…
Google Chrome adds app-bound encryption to block infostealer malware
Google Chrome has added app-bound encryption for better cookie protection on Windows systems and improved defenses against information-stealing malware attacks. As Chrome software engineer Will Harris explained in…
Columbus investigates whether data was stolen in ransomware attack
The City of Columbus, Ohio, says it’s investigating whether personal data was stolen in a ransomware attack on July 18, 2024 that disrupted the City’s…
Microsoft 365 and Azure outage takes down multiple services
Microsoft is investigating an ongoing and widespread outage blocking access to some Microsoft 365 and Azure services. “We’re currently investigating access issues and degraded performance…
UK govt links 2021 Electoral Commission breach to Exchange server
Image: MidjourneyThe United Kingdom’s Information Commissioner’s Office (ICO) revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its…
New Specula tool uses Outlook for remote code execution in Windows
Microsoft Outlook can be turned into a C2 beacon to remotely execute code, as demonstrated by a new red team post-exploitation framework named “Specula,” released…
Apple iOS 18.1 Beta previews Apple Intelligence for the first time
Apple has released the iOS 18.1 Beta to developers, allowing them to test some of its upcoming AI-powered Apple Intelligence features before they are released…
Former Avaya employee gets 4 years for $88M license piracy scheme
Three individuals who orchestrated a massive software pirating operation involving the sale of Avaya business telephone system software licenses worth over $88,000,000 have been sentenced…
Ransomware gangs exploit VMware ESXi auth bypass in attacks
Microsoft warned today that ransomware gangs are actively exploiting a VMware ESXi authentication bypass vulnerability in attacks. Tracked as CVE-2024-37085, this medium-severity security flaw was…
HealthEquity says data breach impacts 4.3 million people
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. HealthEquity, one of the largest…
Proofpoint settings exploited to send millions of phishing emails daily
A massive phishing campaign dubbed “EchoSpoofing” exploited now-fixed, weak permissions in Proofpoint’s email protection service to dispatch millions of spoofed emails impersonating big entities like Disney,…