Cisco fixes bug allowing backdoor persistence between reboots
Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command…
Category: Bleeping Computer
Scan for outdated Office versions respects your privacy
Microsoft says the KB5021751 update is respecting users’ privacy while scanning for and identifying the number of customers running Office versions that are outdated or…
Microsoft 365 trial offer blocks access to Windows 10 desktops
Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite (formerly Office 365). These…
Google ads push ‘virtualized’ malware made for antivirus evasion
An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. KoiVM…
Hackers weaponize Microsoft Visual Studio add-ins to push malware
Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code…
Former Ubiquiti dev pleads guilty to trying to extort his employer
Nickolas Sharp, a former Ubiquiti employee who managed the networking device maker’s cloud team, pled guilty today to stealing gigabytes worth of files from Ubiquiti’s…
North Korean hackers stole research data in two-month-long breach
A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal…
Ransomware attack on ION Group impacts derivatives trading market
The LockBit ransomware gang has claimed responsibility for the cyberattack on ION Group, a UK-based software company whose products are used by financial institutions, banks,…
Over 29,000 QNAP devices vulnerable to code injection attacks
Tens of thousands of QNAP network-attached storage (NAS) devices are waiting to be patched against a critical security flaw addressed by the Taiwanese company on…
New DDoS-as-a-Service platform used in recent attacks on hospitals
A new DDoS-as-a-Service (DDoSaaS) platform named ‘Passion’ was seen used in recent attacks by pro-Russian hacktivists against medical institutions in the United States and Europe.…
Over 1,800 Android phishing forms for sale on cybercrime market
A threat actor named InTheBox is promoting on Russian cybercrime forums an inventory of 1,894 web injects (overlays of phishing windows) for stealing credentials and sensitive data from…
New HeadCrab malware infects 1,200 Redis servers to mine Monero
New stealthy malware designed to hunt down vulnerable Redis servers online has infected over a thousand of them since September 2021 to build a botnet…