Exploit for CrushFTP RCE chain released, patch now
A proof-of-concept exploit was publicly released for a critical remote code execution vulnerability in the CrushFTP enterprise suite, allowing unauthenticated attackers to access files on…
Category: Bleeping Computer
FCC adopts new rules to protect consumers from SIM-swapping attacks
The Federal Communications Commission (FCC) has revealed new rules to shield consumers from criminals who hijack their phone numbers in SIM swapping attacks and port-out…
Windows 10 to let admins control how optional updates are deployed
Microsoft announced a new policy that allows admins to control how optional updates are deployed on Windows 10 enterprise endpoints on their networks. The policy will…
Bloomberg Crypto X account snafu leads to Discord phishing attack
Image: Bloomberg Crypto The official Twitter account for Bloomberg Crypto was used earlier today to redirect users to a deceptive website that stole Discord credentials…
The Week in Ransomware – November 17th 2023
Ransomware gangs target exposed Citrix Netscaler devices using a publicly available exploit to breach large organizations, steal data, and encrypt files. The threat actors exploit…
Yamaha Motor confirms ransomware attack on Philippines subsidiary
Yamaha Motor’s Philippines motorcycle manufacturing subsidiary was hit by a ransomware attack last month, resulting in the theft and leak of some employees’ personal information.…
Hackers exploited Zimbra zero-day in attacks on govt orgs
Google’s Threat Analysis Group (TAG) has discovered that threat actors exploited a zero-day vulnerability in Zimbra Collaboration email server to steal sensitive data from government systems in…
CISA warns of actively exploited Windows, Sophos, and Oracle bugs
The U.S. Cybersecurity & Infrastructure Security Agency has added to its catalog of known exploited vulnerabilities (KEV) three security issues that affect Microsoft devices, a…
Ongoing outage caused by ransomware attack
The British Library confirmed that a ransomware attack is behind a major outage that is still affecting services across several locations. Over 11 million visitors…
Long Beach, California turns off IT systems after cyberattack
The Californian City of Long Beach is warning that they suffered a cyberattack on Tuesday that has led them to shut down portions of their…
FBI shares tactics of notorious Scattered Spider hacker collective
The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency released an advisory about the evasive threat actor tracked as Scattered Spider, a…
MySQL servers targeted by ‘Ddostf’ DDoS-as-a-Service botnet
MySQL servers are being targeted by the ‘Ddostf’ malware botnet to enslave them for a DDoS-as-a-Service platform whose firepower is rented to other cybercriminals. This…