The Week in Ransomware – February 3rd 2023
While the week started slowly, it turned into a big ransomware mess, with attacks striking a big blow at businesses running VMware ESXi servers. The…
Category: Bleeping Computer
Florida hospital takes IT systems offline after cyberattack
Tallahassee Memorial HealthCare (TMH) has taken its IT systems offline and suspended non-emergency procedures following a late Thursday cyberattack. While all its network systems were…
Massive ESXiArgs ransomware attack targets VMware ESXi servers worldwide
Admins, hosting providers, and the French Computer Emergency Response Team (CERT-FR) warn that attackers actively target VMware ESXi servers unpatched against a two-year-old remote code…
GoAnywhere MFT zero-day vulnerability lets hackers breach servers
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles. GoAnywhere is a…
Atlassian fixes critical bug giving access to Jira Service Management
A critical vulnerability in Atlassian’s Jira Service Management Server and Data Center could allow an unauthenticated attacker to impersonate other users and gain remote access to the systems.…
Cisco fixes bug allowing backdoor persistence between reboots
Cisco has released security updates this week to address a high-severity vulnerability in the Cisco IOx application hosting environment that can be exploited in command…
Scan for outdated Office versions respects your privacy
Microsoft says the KB5021751 update is respecting users’ privacy while scanning for and identifying the number of customers running Office versions that are outdated or…
Microsoft 365 trial offer blocks access to Windows 10 desktops
Windows 10 users are reportedly being blocked from accessing their desktops by full-screen trial offers for the Microsoft 365 productivity suite (formerly Office 365). These…
Google ads push ‘virtualized’ malware made for antivirus evasion
An ongoing Google ads malvertising campaign is spreading malware installers that leverage KoiVM virtualization technology to evade detection when installing the Formbook data stealer. KoiVM…
Hackers weaponize Microsoft Visual Studio add-ins to push malware
Security researchers warn that hackers may start using Microsoft Visual Studio Tools for Office (VSTO) more often as method to achieve persistence and execute code…
Former Ubiquiti dev pleads guilty to trying to extort his employer
Nickolas Sharp, a former Ubiquiti employee who managed the networking device maker’s cloud team, pled guilty today to stealing gigabytes worth of files from Ubiquiti’s…
North Korean hackers stole research data in two-month-long breach
A new cyber espionage campaign dubbed ‘No Pineapple!’ has been attributed to the North Korean Lazarus hacking group, allowing the threat actors to stealthily steal…