Collecting Cyber-News from over 60 sources

Tag: computer

Critical Mozilla Vulnerabilities Prompt Urgent Updates for Firefox and Thunderbird Users

Jan 21, 2025 3:22 PM

Tags: advisory, browser, computer, email, flaw, india, update, vulnerability

Mozilla Firefox and Thunderbird users are facing a series of high-severity vulnerabilities that could leave systems open to exploitation. The Indian Computer Emergency Response Team (CERT-In) issued an advisory on January 20, 2025, highlighting multiple security flaws in Mozilla’s popular browser and email client. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cert-in-reports-mozilla-vulnerabilities/
CERT-UA warned of scammers impersonating the agency using fake AnyDesk requests

Jan 21, 2025 2:22 PM

Tags: computer, cyber, scam, software, threat, ukraine

CERT-UA warned of scammers impersonating the agency, using fake AnyDesk requests to conduct fraudulent security audits. The Computer Emergency Response Team of Ukraine (CERT-UA) warned of cyber scams involving threat actors impersonating the agency by sending fraudulent AnyDesk connection requests under the guise of security audits. CERT-UA pointed out that it uses the software AnyDesk…
CERT-UA Warns of Cyber Scams Using Fake AnyDesk Requests for Fraudulent Security Audits

Jan 21, 2025 7:22 AM

Tags: computer, cyber, cybersecurity, scam, social-engineering, threat, ukraine

The Computer Emergency Response Team of Ukraine (CERT-UA) is warning of ongoing attempts by unknown threat actors to impersonate the cybersecurity agency by sending AnyDesk connection requests.The AnyDesk requests claim to be for conducting an audit to assess the “level of security,” CERT-UA added, cautioning organizations to be on the lookout for such social engineering…
Privacy Roundup: Week 3 of Year 2025

Jan 20, 2025 7:22 PM

Tags: access, ai, android, apt, blockchain, breach, cctv, china, computer, cve, cyber, cybersecurity, data, detection, email, exploit, finance, firmware, github, google, group, guide, leak, malicious, malware, microsoft, phishing, privacy, regulation, router, scam, service, smishing, social-engineering, software, technology, threat, tool, update, virus, vulnerability, windows

This is a news item roundup of privacy or privacy-related news items for 12 JAN 2025 – 18 JAN 2025. Information and summaries provided here are as-is for warranty purposes. Note: You may see some traditional “security” content mixed-in here due to the close relationship between online privacy and cybersecurity – many things may overlap;…
CERT-UA warns against >>security audit<< requests via AnyDesk

Jan 20, 2025 11:22 AM

Tags: access, computer, ukraine

Attackers are impersonating the Computer Emergency Response Team of Ukraine (CERT-UA) via AnyDesk to gain access to target computers. The request (Source: CERT-UA) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/20/cert-ua-warns-against-security-audit-requests-via-anydesk/
Cyberangriff auf eine Universität in Georgia, USA

Jan 18, 2025 11:22 PM

Tags: computer, cyberattack, usa

Cyberattack continues to disrupt classes and computer labs at Valdosta State University First seen on wtxl.com Jump to article: www.wtxl.com/valdosta/cyberattack-continues-to-disrupt-classes-and-computer-labs-at-valdosta-state-university
Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network

Jan 18, 2025 1:22 PM

Tags: breach, china, computer, network

The Treasury Department announced sanctions in connection with a massive Chinese hack of American telecommunications companies and a breach of its own computer network. The post Treasury Levels Sanctions Tied to a Massive Hack of Telecom Companies and Breach of Its Own Network appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/treasury-levels-sanctions-tied-to-a-massive-hack-of-telecom-companies-and-breach-of-its-own-network/
US hits back against China’s Salt Typhoon group

Jan 18, 2025 5:22 AM

Tags: attack, backdoor, china, cisa, ciso, communications, computer, control, crypto, cve, cyber, cyberattack, cybersecurity, defense, detection, disinformation, espionage, exploit, finance, government, group, infosec, infrastructure, intelligence, ivanti, law, malicious, mandiant, microsoft, network, north-korea, office, tactics, technology, theft, threat, tool, vpn, vulnerability

The US is hitting back against the threat group, dubbed Salt Typhoon by Microsoft, which is allegedly behind recent cyber attacks against American telecommunications providers, as part of a wider campaign against Chinese-based hacking.On Friday the Department of the Treasury’s Office of Foreign Assets Control (OFAC) said it is sanctioning Sichuan Juxinhe Network Technology, a…
FBI Deletes PlugX Malware From Computers Infected by China Group

Jan 15, 2025 8:02 PM

Tags: china, computer, group, malicious, malware, threat, windows

A Chinese-based threat group called Mustang Panda was using a variant of the PlugX malware to infected U.S. Windows computers and steal information. The FBI, with help from French authorities and a private company, deleted the malicious code from more than 4,200 systems. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/01/fbi-deletes-plugx-malware-from-computers-infected-by-china-group/
FBI removed PlugX malware from U.S. computers

Jan 15, 2025 2:02 PM

Tags: computer, international, malware

The Justice Department announced on Tuesday that, alongside international partners, the FBI deleted >>PlugX
FBI deletes Chinese PlugX malware from thousands of US computers

Jan 15, 2025 10:02 AM

Tags: china, computer, malware, network

The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fbi-deletes-chinese-plugx-malware-from-thousands-of-us-computers/
Adobe-Patchday: Gefährliche Sicherheitslücken in Photoshop & Co. geschlossen

Jan 15, 2025 10:02 AM

Tags: adobe, computer

Angreifer können Adobe-Anwendungen attackieren, um Computer zu kompromittieren. Sicherheitsupdates schaffen Abhilfe. First seen on heise.de Jump to article: www.heise.de/news/Adobe-Patchday-Schadcode-Attacken-auf-Photoshop-Co-moeglich-10243019.html
FBI Deletes PlugX Malware from 4,250 Hacked Computers in Multi-Month Operation

Jan 15, 2025 9:02 AM

Tags: access, china, computer, law, malware, threat

The U.S. Department of Justice (DoJ) on Tuesday disclosed that a court-authorized operation allowed the Federal Bureau of Investigation (FBI) to delete PlugX malware from over 4,250 infected computers as part of a “multi-month law enforcement operation.”PlugX, also known as Korplug, is a remote access trojan (RAT) widely used by threat actors associated with the…
International effort erases PlugX malware from thousands of Windows computers

Jan 15, 2025 6:07 AM

Tags: access, awareness, botnet, ceo, china, cisco, computer, conference, control, country, crime, crimes, cyber, cybersecurity, data, email, endpoint, espionage, government, group, hacker, hacking, incident response, infection, infrastructure, international, Internet, law, malicious, malware, microsoft, military, network, office, phishing, privacy, router, russia, service, strategy, threat, ukraine, unauthorized, windows

The US has again taken court-approved action to remove malware from privately-held internet-connected computers across the country, part of an effort by a number of countries to combat infections of a version of the PlugX malware from a Chinese-based group that has infected thousands of Windows machines around the world.PlugX is a remote access Trojan…
FBI forces Chinese malware to delete itself from thousands of US computers

Jan 15, 2025 1:02 AM

Tags: china, computer, malware

Self-delete commands sent from commandeered server to malware on infected PCs. First seen on arstechnica.com Jump to article: arstechnica.com/tech-policy/2025/01/fbi-forces-chinese-malware-to-delete-itself-from-thousands-of-us-computers/
FBI deleted China-linked PlugX malware from over 4,200 US computers

Jan 15, 2025 1:02 AM

Tags: china, computer, international, law, malware, network

The FBI has removed Chinese PlugX malware from over 4,200 computers in networks across the United States, the U.S. Department of Justice reported. The Justice Department and FBI, along with international partners, announced they deleted PlugX malware from thousands of infected computers worldwide as part of a multi-month law enforcement operation. The malware was operated…
DOJ deletes China-linked PlugX malware off more than 4,200 US computers

Jan 14, 2025 9:04 PM

Tags: china, computer, control, group, hacker, law, malware

U.S law enforcement accused the People’s Republic of China of paying hackers that are part of a well-known group called Mustang Panda to deploy the PlugX malware, which allows them to “infect, control, and steal information from victim computers.”]]> First seen on therecord.media Jump to article: therecord.media/doj-deletes-china-linked-plugx-malware
Russia-linked APT UAC-0063 target Kazakhstan in with HATVIBE malware

Jan 14, 2025 6:43 PM

Tags: apt, computer, cyber, espionage, intelligence, malware, russia, threat, ukraine

Russia-linked threat actor UAC-0063 targets Kazakhstan to gather economic and political intelligence in Central Asia. Russia-linked threat actors UAC-0063 is targeting Kazakhstan as part of a cyber espionage campaign to gather economic and political intelligence in Central Asia. The Computer Emergency Response Team of Ukraine (CERT-UA) first detailed the activity of UAC-0063 in early 2023.…
Fifteen Best Practices to Navigate the Data Sovereignty Waters

Jan 14, 2025 9:46 AM

Tags: access, attack, automation, awareness, backup, best-practice, breach, cloud, compliance, computer, computing, container, control, country, crypto, cybersecurity, data, encryption, governance, iam, identity, international, law, least-privilege, monitoring, network, privacy, ransomware, regulation, resilience, risk, security-incident, service, software, strategy, threat, tool, unauthorized, update, zero-trust

Fifteen Best Practices to Navigate the Data Sovereignty Waters josh.pearson@t“¦ Tue, 01/14/2025 – 08:04 Data sovereignty”, the idea that data is subject to the laws and regulations of the country it is collected or stored in”, is a fundamental consideration for businesses attempting to balance harnessing the power of data analytics, ensuring compliance with increasingly…
Microsoft sues overseas threat actor group over abuse of OpenAI service

Jan 14, 2025 8:46 AM

Tags: access, ai, computer, country, credentials, crime, crimes, cybercrime, data-breach, exploit, fraud, group, hacker, Internet, law, malicious, microsoft, openai, organized, service, software, threat, tool

Microsoft has filed suit against 10 unnamed people (“Does”), who are apparently operating overseas, for misuse of its Azure OpenAI platform, asking the Eastern District of Virginia federal court for damages and injunctive relief.The suit was filed in late December but was not made public until last Friday, when the initial sealed filings were revealed.…
Sicherheitsmängel gefährden DNA-Sequenziergeräte

Jan 14, 2025 8:46 AM

Tags: advisory, bug, cisa, computer, cyberattack, data, firmware, Hardware, iot, malware, rce, remote-code-execution, risk, software, update, vulnerability, windows

srcset=”https://b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?quality=50&strip=all 5283w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=300%2C168&quality=50&strip=all 300w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=768%2C432&quality=50&strip=all 768w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1024%2C576&quality=50&strip=all 1024w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1536%2C864&quality=50&strip=all 1536w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=2048%2C1152&quality=50&strip=all 2048w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=1240%2C697&quality=50&strip=all 1240w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=150%2C84&quality=50&strip=all 150w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=854%2C480&quality=50&strip=all 854w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=640%2C360&quality=50&strip=all 640w, b2b-contenthub.com/wp-content/uploads/2025/01/shutterstock_1941013627.jpg?resize=444%2C250&quality=50&strip=all 444w” width=”1024″ height=”576″ sizes=”(max-width: 1024px) 100vw, 1024px”>Security-Forscher haben festgestellt, dass bei einem DNA-Sequenziergerät wichtige Sicherheitsfunktionen fehlen. angellodeco Shutterstock.comDas DNA-Sequenziergerät iSeq 100 von Illumina wird von medizinischen Laboren auf der ganzen Welt für eine Vielzahl…
Microsoft took legal action against crooks who developed a tool to abuse its AI-based services

Jan 13, 2025 9:26 AM

Tags: ai, breach, cloud, computer, credentials, group, microsoft, openai, service, software, tool

In December, Microsoft sued a group for creating tools to bypass safety measures in its cloud AI products. Microsoft filed a complaint with the Eastern District Court of Virginia against ten individuals for using stolen credentials and custom software to breach computers running Microsoft’s Azure OpenAI services to generate content for harmful purposes. >>Defendants used…
BayMark Health Services Reports Data Breach, Exposing Patient Information

Jan 10, 2025 9:20 AM

Tags: breach, computer, cyberattack, data, data-breach, service, unauthorized

The BayMark Health Services, Inc. has reported a data breach to the California Attorney General, revealing that an unauthorized party had accessed sensitive files within the company’s computer network. The BayMark Health Services data breach follows an apparent cyberattack on BayMark’s systems, which led to the exposure of personal information belonging to many individuals who…
Legitimate PoC exploited to spread information stealer

Jan 10, 2025 5:18 AM

Tags: access, awareness, backdoor, ceo, computer, cve, exploit, github, hacker, identity, infosec, Internet, linux, malicious, malware, open-source, RedTeam, social-engineering, software, tactics, threat, tool, training, vulnerability, windows

A recently copied and abused open source proof of concept (PoC) exploit from a reputable security company, aimed at helping threat researchers, is the latest example of the novel tactics hackers will use to spread malware.PoCs for known vulnerabilities are created to be shared by students, researchers, and IT pros to improve software and toughen…
DNA sequencer vulnerabilities signal firmware issues across medical device industry

Jan 9, 2025 12:18 AM

Tags: access, advisory, attack, best-practice, computer, computing, control, credentials, data, exploit, firmware, flaw, Hardware, iot, leak, malicious, malware, mitigation, privacy, rce, remote-code-execution, risk, side-channel, software, supply-chain, update, vulnerability, windows

In highlighting vulnerabilities in a widely used DNA gene sequencing device, security researchers have brought further attention to the likely poor state of security in the medical device industry, where hardware and firmware development is often outsourced to external equipment manufacturers under questionable support contracts.The device, Illumina’s iSeq 100 compact DNA sequencer, is used by…
Casio Hacked Servers Compromised by a Ransomware Attack

Jan 8, 2025 7:18 AM

Tags: access, attack, breach, computer, cyber, cybersecurity, ransomware, unauthorized

Casio Computer Co., Ltd. has confirmed a significant cybersecurity breach after its servers were targeted in a sophisticated ransomware attack. The incident, which occurred on October 5, prompted an immediate forensic investigation involving external security specialists. Casio deeply regrets any inconvenience this has caused to customers and stakeholders. The investigation revealed that unauthorized access was…
Casio Discloses Data Leak Following Ransomware Attack

Jan 8, 2025 5:18 AM

Tags: attack, computer, data, leak, ransomware

Casio Computer Co., Ltd. has disclosed the results of its investigation into a ransomware attack that compromised its First seen on securityonline.info Jump to article: securityonline.info/casio-discloses-data-leak-following-ransomware-attack/
ADFS”Š”, “ŠLiving in the Legacy of DRS

Jan 7, 2025 6:18 PM

Tags: access, api, attack, authentication, breach, cloud, computer, container, control, credentials, data, data-breach, endpoint, group, identity, infosec, Internet, login, mfa, microsoft, network, phishing, powershell, service, windows

ADFS”Š”, “ŠLiving in the Legacy of DRS It’s no secret that Microsoft have been trying to move customers away from ADFS for a while. Short of slapping a “deprecated” label on it, every bit of documentation I come across eventually explains why Entra ID should now be used in place of ADFS. And yet”¦ we still encounter…
Critical Windows LDAP flaw could lead to crashed servers, RCE attacks

Jan 4, 2025 5:17 AM

Tags: access, attack, computer, cve, defense, dns, exploit, flaw, infosec, Internet, malicious, microsoft, mitigation, network, rce, remote-code-execution, risk, update, vulnerability, windows

Researchers have published a proof-of-concept exploit for a pair of Windows Lightweight Directory Access Protocol (LDAP) flaws that could lead to server crashes or remote code execution (RCE) on Windows servers.”Active Directory Domain Controllers (DCs) are considered to be one of the crown jewels in organizational computer networks,” noted researchers at security firm SafeBreach, who…
US government sanctions Chinese cybersecurity company linked to APT group

Jan 3, 2025 11:17 PM

Tags: access, advisory, apt, attack, botnet, cctv, china, computer, control, cyberespionage, cybersecurity, ddos, exploit, finance, firewall, government, group, hacker, infrastructure, intelligence, iot, linux, malicious, malware, network, office, router, service, technology, threat, usa

The US Department of Treasury’s Office of Foreign Assets Control (OFAC) has issued sanctions against a Beijing cybersecurity company for its role in attacks attributed to a Chinese cyberespionage group known as Flax Typhoon.The company, called Integrity Technology Group (Integrity Tech), is accused of providing the computer infrastructure that Flax Typhoon used in its operations…