Lessons Learned from the Windows Remote Desktop Honeypot Report
Threat actors spend much of their time on surveillance. Typical services generate many audit logs that may be hard to parse and locate potentially malicious…
Category: Bleeping Computer
Microsoft 365 outage takes down Teams, Exchange Online, Outlook
Microsoft is investigating an ongoing outage impacting multiple Microsoft 365 services after customers have reported experiencing connection issues. “We’re investigating issues impacting multiple Microsoft 365…
75k WordPress sites impacted by critical online course plugin flaws
The WordPress online course plugin ‘LearnPress’ was vulnerable to multiple critical-severity flaws, including pre-auth SQL injection and local file inclusion. LearnPress is a learning management system…
Microsoft shares workaround for unresponsive Windows Start Menu
Microsoft has confirmed an issue causing the Windows Start menu to become unresponsive and some applications to no longer launch. The newly acknowledged issue affects…
Ransomware access brokers use Google ads to breach your network
A threat actor tracked as DEV-0569 uses Google Ads in widespread, ongoing advertising campaigns to distribute malware, steal victims’ passwords, and ultimately breach networks for…
VMware fixes critical security bugs in vRealize log analysis tool
VMware released security patches on Tuesday to address vRealize Log Insight vulnerabilities that could enable attackers to gain remote execution on unpatched appliances. vRealize Log…
U.S. sues Google for abusing dominance over online ad market
The U.S. Justice Department has filed a federal lawsuit today against Google for abusing its dominant position in the online advertising market. In October 2020,…
Riot Games receives ransom demand from hackers, refuses to pay
Riot Games says it will not pay the ransom demanded by the attackers responsible for the security breach the company disclosed last week. “Today, we…
North Korean hackers stole $100 million in Harmony crypto hack
The FBI has confirmed that the North Korean state-sponsored ‘Lazarus’ and APT38 hacking groups were behind the theft of $100 million worth of Ethereum stolen…
GoTo says hackers stole customers’ backups and encryption key
GoTo (formerly LogMeIn) is warning customers that threat actors who breached its development environment in November 2022 stole encrypted backups containing customer information and an…
Hackers use Golang source code interpreter to evade detection
A Chinese-speaking hacking group tracked as ‘DragonSpark’ was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East…
Microsoft plans to kill malware delivery via Excel XLL add-ins
Microsoft is working on adding XLL add-in protection for Microsoft 365 customers by including automated blocking of all such files downloaded from the Internet. This…