サクサク読めて、アプリ限定の機能も多数!
トップへ戻る
都知事選
www.bleepingcomputer.com
HomeNewsSecurityPyTorch discloses malicious dependency chain compromise over holidays PyTorch has identified a malicious dependency with the same name as the framework's 'torchtriton' library. This has led to a successful compromise via the dependency confusion attack vector. PyTorch admins are warning users who installed PyTorch-nightly over the holidays to uninstall the framework and the counter
HomeNewsSecurityLastpass: Hackers stole customer vault data in cloud storage breach LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. This follows a previous update issued last month when the company's CEO, Karim Toubba, only said that the threat actor gained access to "certa
Okta, a leading provider of authentication services and Identity and Access Management (IAM) solutions, says that its private GitHub repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code. Source code stolen, customer data not impacted BleepingComputer
HomeNewsSecurityEmotet botnet starts blasting malware again after 4 month break The Emotet malware operation is again spamming malicious emails after almost a four-month "vacation" that saw little activity from the notorious cybercrime operation. Emotet is a malware infection distributed through phishing campaigns containing malicious Excel or Word documents. When users open these documents and en
HomeNewsSecurityExploited Windows zero-day lets JavaScript files bypass security warnings An update was added to the end of the article explaining that any Authenticode-signed file, including executables, can be modified to bypass warnings. A new Windows zero-day allows threat actors to use malicious stand-alone JavaScript files to bypass Mark-of-the-Web security warnings. Threat actors are alread
The U.S. Cybersecurity and Infrastructure Security (CISA) agency has announced RedEye, an open-source analytic tool for operators to visualize and report command and control (C2) activity. RedEye is for both red and blue teams, providing an easy way to gauge data that leads to practical decisions. Assessing attack campaigns A joint project from CISA and DOE’s Pacific Northwest National Laboratory,
HomeNewsSecurityUS airports' sites taken down in DDoS attacks by pro-Russian hackers Update: Title of story modified to indicate it was the sites taken down. The pro-Russian hacktivist group 'KillNet' is claiming large-scale distributed denial-of-service (DDoS) attacks against websites of several major airports in the U.S., making them unaccessible. The DDoS attacks have overwhelmed the servers ho
HomeNewsSecurityNew Microsoft Exchange zero-days actively exploited in attacks Threat actors are exploiting yet-to-be-disclosed Microsoft Exchange zero-day bugs allowing for remote code execution, according to claims made by security researchers at Vietnamese cybersecurity outfit GTSC, who first spotted and reported the attacks. The attackers are chaining the pair of zero-days to deploy Chinese Ch
HomeNewsSecurityHackers use PowerPoint files for 'mouseover' malware delivery This article was updated on 9/29/22 with new information that Microsoft fixed a vulnerability in 2021 tracked as CVE-2021-40444 that also prevents this PowerPoint exploit from working. If you have installed Windows Updates since then, your device is secure. Hackers believed to work for Russia have started using a new cod
HomeNewsSecurityMicrosoft SQL servers hacked in TargetCompany ransomware attacks Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. MS-SQL servers are database management systems holding data for internet services and apps. Disrupting them can cause severe business trouble. BleepingComputer has reported similar atta
HomeNewsSecurityMFA Fatigue: Hackers’ new favorite tactic in high-profile breaches Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue. When breaching corporate networks, hackers commo
HomeNewsSecurityUber hacked, internal systems breached and vulnerability reports stolen Uber hacked, internal systems breached and vulnerability reports stolen Uber suffered a cyberattack Thursday afternoon with an allegedly 18-year-old hacker downloading HackerOne vulnerability reports and sharing screenshots of the company's internal systems, email dashboard, and Slack server. The screenshots sh
HomeNewsSecurityMicrosoft Teams stores auth tokens as cleartext in Windows, Linux, Macs Microsoft Teams stores auth tokens as cleartext in Windows, Linux, Macs Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication (MFA) turned on. Microsoft Teams is a
HomeNewsSecurityMicrosoft: Russian malware hijacks ADFS to log in as anyone in Windows Microsoft has discovered a new malware used by the Russian hacker group APT29 (a.k.a. NOBELIUM, Cozy Bear) that enables authentication as anyone in a compromised network. As a state-sponsored cyberespionage actor, APT29 employs the new capability to hide their presence on the networks of their targets, typically
HomeNewsSecurityCisco hacked by Yanluowang ransomware gang, 2.8GB allegedly stolen August 14th, 2022 update below. This post was originally published on August 10th. Cisco confirmed today that the Yanluowang ransomware group breached its corporate network in late May and that the actor tried to extort them under the threat of leaking stolen files online. The company revealed that the attackers cou
SonicWall has published a security advisory today to warn of a critical SQL injection flaw impacting the GMS (Global Management System) and Analytics On-Prem products. "SonicWall PSIRT strongly suggests that organizations using the Analytics On-Prem version outlined below should upgrade to the respective patched version immediately," warns SonicWall in an advisory. The flaw, tracked as CVE-2022-22
HomeNewsSecurityNew Firefox privacy feature strips URLs of tracking parameters Mozilla Firefox 102 was released today with a new privacy feature that strips parameters from URLs that are used to track you around the web. Numerous companies, including Facebook, Marketo, Olytics, and HubSpot, utilize custom URL query parameters to track clicks on links. For example, Facebook appends a fbclid query p
HomeNewsSecurityFBI: Stolen PII and deepfakes used to apply for remote tech jobs The Federal Bureau of Investigation (FBI) warns of increasing complaints that cybercriminals are using Americans' stolen Personally Identifiable Information (PII) and deepfakes to apply for remote work positions. Deepfakes (digital content like images, video, or audio) are sometimes generated using artificial intellig
HomeNewsSecurityEmotet malware now steals credit cards from Google Chrome users The Emotet botnet is now attempting to infect potential victims with a credit card stealer module designed to harvest credit card information stored in Google Chrome user profiles. After stealing the credit card info (i.e., name, expiration month and year, card numbers), the malware will send it to command-and-control
HomeNewsSecurityNew Microsoft Office zero-day used in attacks to execute PowerShell Security researchers have discovered a new Microsoft Office zero-day vulnerability that is being used in attacks to execute malicious PowerShell commands via Microsoft Diagnostic Tool (MSDT) simply by opening a Word document. The vulnerability, which has yet to receive a tracking number and is referred to by the in
PyPI module 'ctx' that gets downloaded over 20,000 times a week has been compromised in a software supply chain attack with malicious versions stealing the developer's environment variables. The threat actor even replaced the older, safe versions of 'ctx' with code that exfiltrates the developer's environment variables, to collect secrets like Amazon AWS keys and credentials. Additionally, version
HomeNewsSecurityMalicious PyPI package opens backdoors on Windows, Linux, and Macs Yet another malicious Python package has been spotted in the PyPI registry performing supply chain attacks to drop Cobalt Strike beacons and backdoors on Windows, Linux, and macOS systems. PyPI is a repository of open-source packages that developers can use to share their work or benefit from the work of others, dow
HomeNewsSecurityHackers exploiting critical F5 BIG-IP bug, public exploits released Threat actors have started massively exploiting the critical vulnerability tracked as CVE-2022-1388, which affects multiple versions of all F5 BIG-IP modules, to drop malicious payloads. F5 last week released patches for the security issue (9.8 severity rating), which affects the BIG-IP iControl REST authentication
HomeNewsSoftwarenpm package with 1.4M weekly downloads ditches npmjs.com for own CDN In a surprising move, the popular open source project, SheetJS aka "xlsx," has dropped support for the npm registry. Downloaded about 1.4 million times weekly on npm, SheetJS is relied upon by NodeJS developers looking to craft and parse Excel spreadsheets using nothing but JavaScript. The project's maintainer sug
Docker images with a download count of over 150,000 have been used to run distributed denial-of-service (DDoS) attacks against a dozen Russian and Belarusian websites managed by government, military, and news organizations. Behind the incidents are believed to be pro-Ukrainian actors such as hacktivists, likely backed by the country's IT Army. DDoS cyberattacks aim to cripple operations of by send
Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts. Last night, some Heroku users began receiving emails titled 'Heroku security notification - resetting user account passwords on May 4, 2022'
Phishing actors abuse Google's SMTP relay service to bypass email security products and successfully deliver malicious emails to targeted users. According to a report from email security firm Avanan, there has been a sudden uptick in threat actors abusing Google's SMTP relay service starting in April 2022. The company has detected at least 30,000 emails in the first two weeks of April being distri
HomeNewsSecurityOpen source 'Package Analysis' tool finds malicious npm, PyPI packages The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. In a pilot run that lasted less than a month, the open source project released on
HomeNewsSecurityIndia to require cybersecurity incident reporting within six hours The Indian government has issued new directives requiring organizations to report cybersecurity incidents to CERT-IN within six hours, even if those incidents are port or vulnerability scans of computer systems. This requirement was promoted by India's Computer Emergency Response Team (CERT-In), who states it has id
次のページ
このページを最初にブックマークしてみませんか?
『BleepingComputer.com - News, Reviews, and Technical Support』の新着エントリーを見る
j次のブックマーク
k前のブックマーク
lあとで読む
eコメント一覧を開く
oページを開く