Windows 11 to require SMB signing to prevent NTLM relay attacks
Microsoft says SMB signing (aka security signatures) will be required by default for all connections to defend against NTLM relay attacks, starting with today’s Windows…
Category: Bleeping Computer
Kimsuky hackers pose as journalists to steal intel
State-sponsored North Korean hacker group Kimsuky (a.ka. APT43) has been impersonating journalists and academics for spear-phishing campaigns to collect intelligence from think tanks, research centers, academic institutions,…
Burton Snowboards discloses data breach after February attack
Leading snowboard maker Burton Snowboards confirmed notified customers of a data breach after some of their sensitive information was “potentially” accessed or stolen during what…
Malicious Chrome extensions with 75M installs removed from Web Store
Google has removed from the Chrome Web Store 32 malicious extensions that could alter search results and push spam or unwanted ads. Collectively, they come…
New Horabot campaign takes over victim’s Gmail, Outlook accounts
A previously unknown campaign involving the Hotabot botnet malware has targeted Spanish-speaking users in Latin America since at least November 2020, infecting them with a…
Windows 11 will let you view phone photos in File Explorer
Microsoft is now rolling out a new Windows 11 dev build allowing Insiders to view their phone’s camera roll in the File Explorer Gallery. Once…
Harvard Pilgrim Health Care ransomware attack hits 2.5 million people
Harvard Pilgrim Health Care (HPHC) has disclosed that a ransomware attack it suffered in April 2023 impacted 2,550,922 people, with the threat actors also stealing…
Google triples rewards for Chrome sandbox escape chain exploits
Google announced today that bug bounty hunters who report sandbox escape chain exploits targeting its Chrome web browser are now eligible for triple the standard…
Russia says US hacked thousands of iPhones in iOS zero-click attacks
Russian cybersecurity firm Kaspersky says some iPhones on its network were hacked using an iOS vulnerability that installed malware via iMessage zero-click exploits. The delivery…
New MOVEit Transfer zero-day mass-exploited in data theft attacks
Hackers are actively exploiting a zero-day vulnerability in the MOVEit Transfer file transfer software to steal data from organizations. MOVEit Transfer is a managed file…
Exploit released for RCE flaw in popular ReportLab PDF library
A researcher has published a working exploit for a remote code execution (RCE) flaw impacting ReportLab Toolkit, a popular Python library used by numerous projects…
Amazon faces $30 million fine over Ring, Alexa privacy violations
Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual…