Federal agencies hacked using legitimate remote desktop tools
CISA, the NSA, and MS-ISAC warned today in a joint advisory that attackers are increasingly using legitimate remote monitoring and management (RMM) software for malicious…
Category: Bleeping Computer
Hackers auction alleged source code for League of Legends
Threat actors are auctioning the alleged source code for Riot Game’s League of Legends and the Packman anti-cheat software, confirmed to be stolen in a…
Botnets exploited Realtek SDK critical bug in millions of attacks
Hackers have leveraged a critical remote code execution vulnerability in Realtek Jungle SDK 134 million attacks trying to infect smart devices in the second half…
Lessons Learned from the Windows Remote Desktop Honeypot Report
Threat actors spend much of their time on surveillance. Typical services generate many audit logs that may be hard to parse and locate potentially malicious…
Microsoft 365 outage takes down Teams, Exchange Online, Outlook
Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues. “We’re investigating issues impacting multiple Microsoft 365…
75k WordPress sites impacted by critical online course plugin flaws
The WordPress online course plugin ‘LearnPress’ was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management system…
Microsoft shares workaround for unresponsive Windows Start Menu
Microsoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer launch. The newly acknowledged issue affects…
Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims’ passwords, and ultimately breach networks for…
VMware fixes critical security bugs in vRealize log analysis tool
VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. vRealize Log…
U.S. sues Google for abusing dominance over online ad market
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market. In October 2020,…
Riot Games receives ransom demand from hackers, refuses to pay
Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week. “Today, we…
North Korean hackers stole $100 million in Harmony crypto hack
The FBI has confirmed that the North Korean state-sponsored ‘Lazarus’ and APT38 hacking groups were behind the theft of $100 million worth of Ethereum stolen…