Realst info-stealing malware targets macOS cryptocurrency users
A new Mac malware named “Realst” is being used in a massive campaign targeting Apple computers, with some of its latest variants including support for…
Category: Bleeping Computer
VMware fixes bug exposing CF API admin credentials in audit logs
VMware has patched an information disclosure vulnerability in VMware Tanzu Application Service for VMs (TAS for VMs) and Isolation Segment caused by credentials being logged…
Microsoft shares temp fix for Outlook Desktop slow saving bug
Microsoft is investigating a known issue causing Microsoft 365 customers to experience significant delays when saving attachments in Outlook Desktop to a network share. This…
Mysterious Decoy Dog malware toolkit still lurks in DNS shadows
New details have emerged about Decoy Dog, a largely undetected sophisticated toolkit likely used for at least a year in cyber intelligence operations, relying on…
More US States are ramping up data privacy laws in 2023
In the US, California has traditionally dominated the privacy conversation. This is changing. Now organizations doing business in Virginia, Colorado, Utah, and Connecticut all have…
Over 400,000 corporate credentials stolen by info-stealing malware
The analysis of nearly 20 million information-stealing malware logs sold on the dark web and Telegram channels revealed that they had achieved significant infiltration into…
Flipper Zero now has an app store to install third-party apps
The Flipper Zero team has launched its very own ‘Flipper Apps’ mobile app store, allowing mobile users to install 3rd-party apps and extend the functionality…
Norway says Ivanti zero-day was used to hack govt IT systems
The Norwegian National Security Authority (NSM) has confirmed that attackers used a zero-day vulnerability in Ivanti’s Endpoint Manager Mobile (EPMM) solution to breach a software…
Microsoft Sharepoint outage caused by use of wrong TLS certificate
Microsoft Sharepoint and OneDrive for Business were briefly interrupted today after a German TLS certificate was mistakenly added to the main .com domains for the…
Ivanti patches MobileIron zero-day bug exploited in attacks
US-based IT software company Ivanti has patched an actively exploited zero-day vulnerability impacting its Endpoint Manager Mobile (EPMM) mobile device management software (formerly MobileIron Core). Ivanti…
Zenbleed attack leaks sensitive data from AMD Zen2 processors
Google’s security researcher Tavis Ormandy discovered a new vulnerability impacting AMD Zen2 CPUs that could allow a malicious actor to steal sensitive data, such as…
Lazarus hackers hijack Microsoft IIS servers to spread malware
The North Korean state-sponsored Lazarus hacking group is breaching Windows Internet Information Service (IIS) web servers to hijack them for malware distribution. IIS is Microsoft’s…