US cyber safety board to analyze Microsoft Exchange hack of govt emails
The Department of Homeland Security’s Cyber Safety Review Board (CSRB) has announced plans to conduct an in-depth review of cloud security practices following recent Chinese…
Category: Bleeping Computer
Amazon AWS distances itself from Moq amid data collection controversy
Amazon AWS has withdrawn its association with open source project Moq after the project drew sharp criticism for its quiet addition of data collection features,…
Police seize LOLEK bulletproof service for hosting malware
Police have taken down the Lolek bulletproof hosting provider, arresting five individuals and seizing servers for facilitating malicious activities, including DDoS attacks and malware distribution.…
Industrial PLCs worldwide impacted by CODESYS V3 RCE flaws
Millions of PLC (programmable logic controllers) used in industrial environments worldwide are at risk to 15 vulnerabilities in the CODESYS V3 software development kit, allowing…
Amazon AWS withdraws Moq sponsorship amid data collection controversy
Amazon AWS has dropped sponsorship support for open source project Moq after the project drew sharp criticism for its quiet addition of data collection features, as first reported…
Lapsus$ hackers took SIM-swapping attacks to the next level
The U.S. government released a report after analyzing simple techniques, e.g. SIM swapping, used by the Lapsus$ extortion group to breach dozens of organizations with…
Gafgyt malware exploits five-years-old flaw in EoL Zyxel router
Fortinet has issued an alert warning that the Gafgyt botnet malware is actively trying to exploit a vulnerability in the end-of-life Zyxel P660HN-T1A router in…
Microsoft Exchange updates pulled after breaking non-English installs
Microsoft has pulled Microsoft Exchange Server’s August security updates from Windows Update after finding they break Exchange on non-English installs. On August 8th, Microsoft released new…
MoustachedBouncer hackers use AiTM attacks to spy on diplomats
Image: Midjourney A cyberespionage group named ‘MoustachedBouncer’ has been observed using adversary-in-the-middle (AitM) attacks at ISPs to hack foreign embassies in Belarus. According to an…
New Whirlpool backdoor used in Barracuda ESG hacks
Image: Midjourney The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has discovered a new backdoor malware named ‘Whirlpool’ used in attacks on compromised Barracuda Email…
Exploring the Stealer Log Lifecycle
The first seven months of 2023 have seen a continued rapid evolution of the cybercrime ecosystem. Ransomware data exfiltration attacks, stealer log distribution, and new…
Dell Compellent hardcoded key exposes VMware vCenter admin creds
An unfixed hardcoded encryption key flaw in Dell’s Compellent Integration Tools for VMware (CITV) allows attackers to decrypt stored vCenter admin credentials and retrieve the…