Russian FSB hackers deploy new Spica backdoor malware
Google says the ColdRiver Russian-backed hacking group is pushing previously unknown backdoor malware using payloads masquerading as a PDF decryption tool. The attackers send PDF documents…
Category: Bleeping Computer
Leaked Credentials, Data Breaches and Dark Web Markets
Infostealer malware is one of the most substantial and underappreciated risk vectors for corporate information security teams. Infostealers infect computers, steal all of the credentials…
Critical Ivanti auth bypass bug now actively exploited
CISA warns that a critical authentication bypass vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) and MobileIron Core device management software (patched in August 2023) is now…
TeamViewer abused to breach networks in new ransomware attacks
Ransomware actors are again using TeamViewer to gain initial access to organization endpoints and attempt to deploy encryptors based on the leaked LockBit ransomware builder.…
Microsoft tests instant access to Android photos in Windows 11
Microsoft plans to provide Windows 11 users with almost instant access to photos and screenshots they’ve taken on their Android smartphones. As the company explained today,…
Kansas State University cyberattack disrupts IT network and services
Kansas State University (K-State) announced it is managing a cybersecurity incident that has disrupted certain network systems, including VPN, K-State Today emails, and video services…
Haier hits Home Assistant plugin dev with takedown notice
Appliances giant Haier issued a takedown notice to a software developer for creating Home Assistant integration plugins for the company’s home appliances and releasing them…
US govt wants BreachForums admin sentenced to 15 years in prison
The United States government has recommended that Conor Brian Fitzpatrick, the creator and lead administrator of the now-defunct BreachForums hacking forums, receive a sentence of…
Docker hosts hacked in ongoing website traffic theft scheme
A new campaign targeting vulnerable Docker services deploys an XMRig miner and the 9hits viewer app on compromised hosts, allowing a dual monetization strategy. 9hits…
Atlassian outage affecting multiple cloud services
Multiple Atlassian Jira products are experiencing an ongoing outage as of this morning. Users of Jira Work management, Jira Software, Jira Service Management and Jira…
iShutdown scripts can help detect iOS spyware on your iPhone
Security researchers found that infections with high-profile spyware Pegasus, Reign, and Predator could be discovered on compromised Apple mobile devices by checking Shutdown.log, a system log…
CISA pushes federal agencies to patch Citrix RCE within a week
Today, CISA ordered U.S. federal agencies to secure their systems against three recently patched Citrix NetScaler and Google Chrome zero-days actively exploited in attacks, pushing…