BleepingComputer – Page 2 – Cybersecurity News Everyday

MikroTik botnet uses misconfigured SPF DNS records to spread malware

January 16, 2025 BleepingComputer

Summary: A newly discovered botnet comprising 13,000 compromised MikroTik devices exploits misconfigured DNS records to bypass email protections and deliver malware. The botnet utilizes an overly permissive SPF record, allowing the spoofing of around 20,000 web domains, and has been linked to a malspam campaign impersonating DHL Express.…

Cyber Security News

Hackers use Google Search ads to steal Google Ads accounts

January 16, 2025 BleepingComputer

Summary: Cybercriminals are exploiting Google search advertisements to promote phishing sites that impersonate Google Ads, tricking users into revealing their credentials. These fake ads lead victims to counterfeit login pages hosted on Google Sites, which closely mimic the official Google Ads interface. The attackers, operating from various regions, aim to steal accounts for resale and further malicious activities.…

Cyber Attack

Windows BitLocker bug triggers warnings on devices with TPMs

January 16, 2025January 25, 2025 BleepingComputer

Summary: Microsoft is investigating a bug that triggers security alerts on systems with a Trusted Platform Module (TPM) processor when BitLocker is enabled. This issue affects both managed and unmanaged devices, causing users to see alerts indicating that some settings are managed by their administrator. Microsoft is working on a fix and will provide updates as more information becomes available.…

Cyber Attack

Over 660,000 Rsync servers exposed to code execution attacks

January 16, 2025January 25, 2025 BleepingComputer

Summary: Over 660,000 exposed Rsync servers are at risk due to six newly discovered vulnerabilities, including a critical heap-buffer overflow that allows remote code execution. These vulnerabilities can be exploited by attackers with anonymous read access to the servers, potentially leading to significant data breaches and system compromises.…

Cyber Security News

Microsoft ends support for Office apps on Windows 10 in October

January 16, 2025 BleepingComputer

Summary: Microsoft will cease support for Office applications on Windows 10 after the operating system’s end of support on October 14, 2025. Users will need to upgrade to Windows 11 to continue receiving support for Microsoft 365 Apps and standalone Office versions. While Office apps will still function post-support, Microsoft advises upgrading to avoid performance issues.…

Cyber Security News

Allstate car insurer sued for tracking drivers without permission

January 15, 2025January 25, 2025 BleepingComputer

Summary: Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its subsidiary Arity for allegedly collecting and selling driving data from over 45 million Americans without consent. The lawsuit claims violations of Texas data privacy laws and seeks various legal remedies.

Threat Actor: Allstate and Arity | Allstate, Arity Victim: Over 45 million Americans | over 45 million Americans

Key Point :

Allstate and Arity are accused of unlawfully collecting sensitive location data through popular mobile apps.…

Cyber Security News

January Windows updates may fail if Citrix SRA is installed

January 15, 2025 BleepingComputer

Summary: Microsoft has issued a warning that the January 2025 cumulative updates for Windows 11 and Windows 10 may fail if Citrix Session Recording Agent (SRA) version 2411 is installed. Users are advised to follow a workaround to successfully install the updates while Citrix and Microsoft work on a resolution.…

Cyber Attack

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

January 15, 2025January 25, 2025 BleepingComputer

Summary: A new malware campaign has compromised over 5,000 WordPress sites by creating rogue admin accounts, installing malicious plugins, and stealing sensitive data. The attack utilizes the wp3[.]xyz domain for data exfiltration, with ongoing investigations into the initial infection vector.

Threat Actor: Unknown | unknown Victim: WordPress Sites | WordPress Sites

Key Point :

The malware creates a rogue admin account named wpx_admin with hardcoded credentials.…

Cyber Security News

Windows 10 KB5049981 update released with new BYOVD blocklist

January 15, 2025 BleepingComputer

Summary: Microsoft has released the mandatory KB5049981 cumulative update for Windows 10 22H2 and 21H2, which includes an updated Kernel driver blocklist to mitigate Bring Your Own Vulnerable Driver (BYOVD) attacks. The update also addresses security vulnerabilities and includes fixes for known issues affecting OpenSSH and certain Citrix components.…

Cyber Security News

Google OAuth flaw lets attackers gain access to abandoned accounts

January 15, 2025 BleepingComputer

Summary: A vulnerability in Google’s OAuth “Sign in with Google” feature allows attackers to exploit defunct startup domains to access sensitive data from former employee accounts linked to various SaaS platforms. Despite being reported to Google, the issue remains unresolved, posing a significant risk to many users.…

Cyber Security News

Windows 11 KB5050009 & KB5050021 cumulative updates released

January 15, 2025 BleepingComputer

Summary: Microsoft has released mandatory cumulative updates KB5050009 and KB5050021 for Windows 11 to address security vulnerabilities and improve system features. These updates include various fixes and enhancements, particularly for touchscreen gestures, File Explorer, and speech functionalities.

Threat Actor: Microsoft | Microsoft Victim: Windows 11 Users | Windows 11 Users

Key Point :

Mandatory updates KB5050009 and KB5050021 fix security vulnerabilities and improve system features.…

Cyber Security News

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

January 15, 2025January 25, 2025 BleepingComputer

Summary: Threat actors are exploiting the FastHTTP Go library to execute rapid brute-force password attacks against Microsoft 365 accounts, with a notable success rate. This campaign, identified by SpearTip, began on January 6, 2024, and primarily targets the Azure Active Directory Graph API.

Threat Actor: Unknown | unknown Victim: Microsoft 365 | Microsoft 365

Key Point :

Brute-force attacks have a 10% success rate for account takeovers.…

Cyber Security News

FBI wipes Chinese PlugX malware from over 4,000 US computers

January 15, 2025January 25, 2025 BleepingComputer

Summary: The U.S. Department of Justice announced the FBI’s successful deletion of Chinese PlugX malware from over 4,200 infected computers across the United States, part of a global takedown operation. The malware, linked to the Mustang Panda group, had been used for cyber espionage against various international targets.…

Cyber Security News

Microsoft 365 apps crash on Windows Server after Office update

January 14, 2025 BleepingComputer

Summary: Microsoft has acknowledged a known issue causing crashes in Classic Outlook and Microsoft 365 applications on Windows Server 2016 and 2019 due to a recent update. The company is working on mitigation strategies and providing guidance for affected users to revert to a stable version.…

Cyber Attack

OneBlood confirms personal data stolen in July ransomware attack

January 14, 2025January 25, 2025 BleepingComputer

Summary: OneBlood, a blood donation non-profit, confirmed that a ransomware attack last summer resulted in the theft of donors’ personal information, including names and Social Security numbers. The breach has raised concerns about identity theft and financial fraud, prompting the organization to offer credit monitoring services to affected individuals.…

Cyber Security News

Stolen Path of Exile 2 admin account used to hack player accounts

January 14, 2025January 25, 2025 BleepingComputer

Summary: Path of Exile 2 developers revealed that a compromised admin account led to the hacking of at least 66 player accounts, resulting in the loss of in-game items and purchases. The breach, which has been ongoing since November, was exacerbated by inadequate logging practices and security vulnerabilities.…

Cyber Attack

CISA orders agencies to patch BeyondTrust bug exploited in attacks

January 14, 2025January 25, 2025 BleepingComputer

Summary: CISA has identified a command injection vulnerability in BeyondTrust’s software as actively exploited, prompting U.S. federal agencies to secure their networks. The vulnerabilities were discovered following a breach that allowed attackers to steal an API key, leading to further compromises linked to Chinese state-backed hackers, Silk Typhoon.…

Cyber Security News

Microsoft: macOS bug lets hackers install malicious kernel drivers

January 14, 2025 BleepingComputer

Summary: Apple has patched a critical macOS vulnerability (CVE-2024-44243) that allowed local attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers. This flaw could lead to severe security risks, including the installation of rootkits and unauthorized access to user data.

Threat Actor: Local attackers | local attackers Victim: macOS users | macOS users

Key Point :

Vulnerability allows bypassing SIP without physical access to the device.…

Cyber Security News

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

January 14, 2025 BleepingComputer

Summary: Threat actors are exploiting a critical remote command execution vulnerability (CVE-2024-50603) in Aviatrix Controller instances to install backdoors and crypto miners. This vulnerability allows attackers to execute commands without authentication, posing significant risks to cloud environments.

Threat Actor: Unknown | unknown Victim: Aviatrix Controller users | Aviatrix Controller

Key Point :

The vulnerability is caused by inadequate input sanitization in API actions, allowing remote command execution.…

Author: BleepingComputer