French hospital CHC-SV refuses to pay LockBit extortion demand
The Hôpital de Cannes – Simone Veil (CHC-SV) in France announced it received a ransom demand from the Lockbit 3.0 ransomware gang, saying they refuse to…
Category: Bleeping Computer
CISA says GitLab account takeover bug is actively exploited in attacks
CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets. GitLab hosts sensitive…
April Windows Server updates cause NTLM auth failures
Microsoft has confirmed customer reports of NTLM authentication failures and high load after installing last month’s Windows Server security updates. According to a new entry…
New Cuttlefish malware infects routers to monitor traffic for credentials
A new malware named ‘Cuttlefish’ has been spotted infecting enterprise-grade and small office/home office (SOHO) routers to monitor data that passes through them and steal…
Microsoft says April Windows updates break VPN connections
Microsoft has confirmed that the April 2024 Windows security updates break VPN connections across client and server platforms. The company explains on the Windows health…
Qantas app exposed sensitive traveler details to random users
Qantas Airways confirms that some of its customers were impacted by a misconfiguration in its app that exposed sensitive information and boarding passes to random users. Qantas is Australia’s…
New Latrodectus malware attacks use Microsoft, Cloudflare themes
Latrodectus malware is now being distributed in phishing campaigns using Microsoft Azure and Cloudflare lures to appear legitimate while making it harder for email security…
Data of over 25,000 people stolen in 2023 breach
Daily newspaper Philadelphia Inquirer revealed that attackers behind a May 2023 security breach have stolen the personal and financial information of 25,549 individuals. The Inquirer…
Google now pays up to $450,000 for RCE bugs in some Android apps
Google has increased rewards for reporting remote code execution vulnerabilities within select Android apps by ten times, from $30,000 to $300,000, with the maximum reward…
R language flaw allows code execution via RDS/RDX files
A new vulnerability has been discovered in the R programming language that allows arbitrary code execution upon deserializing specially crafted RDS and RDX files. R is an open-source programming…
Millions of Docker repos found pushing malware, phishing sites
Three large-scale campaigns targeted Docker Hub users, planting millions of repositories that pushed malware and phishing sites since early 2021. As JFrog security researchers found, around…
New Wpeeper Android malware hides behind hacked WordPress sites
A new Android backdoor malware named ‘Wpeeper’ has been spotted in at least two unofficial app stores mimicking the Uptodown App Store, a popular third-party…