bleepingcomputer.com
bleepingcomputer.com
CRITIC
img-contested
N/A
0 reviews
PUBLIC
img-contested
N/A
1 reviews
RECENT ARTICLES
NO RATING
New Windows 10 update leaks info on upcoming 21H1 feature update

New Windows 10 update leaks info on upcoming 21H1 feature update

ByA Windows 10 20H2 cumulative update released to Insiders on the 'Release' channel leaked that the next feature updated will be 21H1.When Microsoft releases new feature updates, it typically alternates between releasing them as a full-featured update or a small enablement package, which simply turns on dormant features already built into Windows 10.As the and was distributed as an enablement package, the thought was the Windows 10 21H1 would be released as a full feature update.Unfortunately, Microsoft has been very quiet about its upcoming servicing plans for Windows 10, including the...

bleepingcomputer.com
Lawrence Abrams
4d ago
Worthy
Share
Save
Give Tip
Review
NO RATING
Intel: Hackers stole unpublished earnings info from corporate site

Intel: Hackers stole unpublished earnings info from corporate site

ByIntel disclosed on Thursday that unknown threat actors stole an infographic containing info on the company's fourth-quarter and full-year 2020 financial results.The data was part of Intel's yet unpublished quarterly earnings the company was planning to publish and file with the U.S. Securities and Exchange Commission after the stock market closed on Thursday.However, after discovering the incident and finding that the stolen info was being shared outside the company, Intel published the quarterly earnings report minutes before the market's closure."We are investigating reports that...

bleepingcomputer.com
Sergiu Gatlan
4d ago
Worthy
Share
Save
Give Tip
Review
NO RATING
Bonobos clothing store confirms breach after hacker leaks 70GB database

Bonobos clothing store confirms breach after hacker leaks 70GB database

ByBonobos men's clothing store has suffered a massive data breach exposing millions of customers' personal information.Bonobos started as an online men's clothing store but later expanded to sixty locations to try on clothes before purchasing them. Walmart bought Bonobos in 2017 for $300 million to sells its clothing on their Jet.com site.Last weekend, a threat actor known as ShinyHunters, who is notorious for hacking online services and selling stolen databases, posted the full Bonobos database to a free hacker forum.This leaked database is a monstrous 70 GB SQL file containing various...

bleepingcomputer.com
Lawrence Abrams
4d ago
Worthy
Share
Save
Give Tip
Review
NO RATING
Hacker leaks full database of 77 million Nitro PDF user records

Hacker leaks full database of 77 million Nitro PDF user records

☰×ByA stolen database containing the email addresses, names, and passwords of more than 77 million records of Nitro PDF service users was leaked today for free.The 14GB leaked database contains 77,159,696 records with users' email addresses, full names, bcrypt hashed passwords, titles, company names, IP addresses, and other system-related information.The database has also been which allows users to check if their info has also been compromised in this data breach and leaked on the Internet.Nitro is an application that helps create, edit, and sign PDFs and digital documents, an app that...

bleepingcomputer.com
Sergiu Gatlan
6d ago
Worthy
Share
Save
Give Tip
Review
NO RATING
SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader

SolarWinds hackers used 7-Zip code to hide Raindrop Cobalt Strike loader

ByThe ongoing analysis of the SolarWinds supply-chain attack uncovered a fourth malicious tool that researchers call Raindrop and was used for distribution across computers on the victim network.The hackers used Raindrop to deliver a Cobalt Strike beacon to select victims that were of interest and which had already been compromised through the trojanized SolarWinds Orion update.There are currently four pieces of malware identified in the SolarWinds cyberattack, believed to be the work of a :Symantec researchers found the new Raindrop malware on machines compromised through the SolarWinds...

bleepingcomputer.com
Ionut Ilascu
7d ago
Worthy
Share
Save
Give Tip
Review
NO RATING
Bugs in Signal, Facebook, Google chat apps let attackers spy on users

Bugs in Signal, Facebook, Google chat apps let attackers spy on users

ByVulnerabilities found in multiple video conferencing mobile applications allowed attackers to listen to users' surroundings without permission before the person on the other end picked up the calls.The bugs were found in the Signal, Google Duo, Facebook Messenger, JioChat, and Mocha messaging apps and are now all fixed.However, before being patched, they made it possible to force targeted devices to transmit audio to the attackers' devices without the need of gaining code execution."I investigated the signalling state machines of seven video conferencing applications and found five...

bleepingcomputer.com
Sergiu Gatlan
7d ago
Worthy
Share
Save
Give Tip
Review
NO RATING
OpenWRT Forum user data stolen in weekend data breach

OpenWRT Forum user data stolen in weekend data breach

ByThe OpenWRT forum, a large community of enthusiasts of alternative, open-source operating systems for routers, announced a data breach.Forum administrators posted the announcement in a high-visibility area, explaining what happened and the risks to users stemming from exposing their data.The attack occurred on Saturday, around 04:00 (GMT), when an unauthorized third party gained admin access to and copied a list with details about forum users and related statistical information.The intruder used the account of an OpenWRT administrator. The intruder used the account of an OpenWRT...

bleepingcomputer.com
Ionut Ilascu
Jan 18
Worthy
Share
Save
Give Tip
Review
NO RATING
Windows Finger command abused by phishing to download malware

Windows Finger command abused by phishing to download malware

ByAttackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.The 'Finger' command is a utility that originated in Linux/Unix operating systems that allows a local user to retrieve a list of users on a remote machine or information about a particular remote user. In addition to Linux, Windows includes a finger.exe command that performs the same functionality.To execute the Finger command, a user would enter finger [user]@[remote_host]. For example, finger bleeping@www.bleepingcomputer.com.In September, we reported that...

bleepingcomputer.com
Lawrence Abrams
Jan 15
Worthy
Share
Save
Give Tip
Review
NO RATING
Privacy-focused search engine DuckDuckGo grew by 62% in 2020

Privacy-focused search engine DuckDuckGo grew by 62% in 2020

ByThe privacy-focused search engine DuckDuckGo continues to grow rapidly as the company reached 102M daily search queries for the first time in January. is a search engine that builds its search index using its DuckDuckBot crawler, indexing WikiPedia, and through partners like Bing. The search engine does not use any data from Google.What makes DuckDuckGo stand out is that they do not track your searches to build a user profile or share any personal or identifying data with third-party companies, including ad networks."Each time you search on DuckDuckGo, you have a blank search history, as...

bleepingcomputer.com
Mayank Parmar
Jan 17
Worthy
Share
Save
Give Tip
Review
NO RATING
Signal down after getting flooded with new users

Signal down after getting flooded with new users

BySignal users are currently experiencing issues around the world, with users unable to send and receive messages. When attempting to send messages via Signal, users are seeing loading screen and error message "502".According to and user reports, Signal is currently experiencing an outage in the U.S, Europe, and other parts of the world. The problem was first reported at 10:09 AM EST.For now, Signal users will have to wait until the company has resolved the issue.Update 2: Signal is now back online.Update 1: On the , Signal has acknowledged the reports and they're trying to restore service...

bleepingcomputer.com
Mayank Parmar
Jan 15
Worthy
Share
Save
Give Tip
Review
NO RATING
Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

Verified Twitter accounts hacked in $580k ‘Elon Musk’ crypto scam

ByThreat actors are hacking verified Twitter accounts in an Elon Musk cryptocurrency giveaway scam that has recently become widely active.There is nothing new about cryptocurrency scams on Twitter, especially ones pretending to be giveaways from Elon Musk. In 2018, scammers raked in $180,000 using a  promoted on Twitter.Over the past week, security researcher MalwareHunterTeam has seen an uptick in verified Twitter accounts hacked in a scam promoting another fake Elon Musk cryptocurrency giveaway.These accounts will reply to tweets, like Elon Musk's below, and promote a scam where Musk is...

bleepingcomputer.com
Lawrence Abrams
Jan 14
Worthy
Share
Save
Give Tip
Review
NO RATING
Windows 10 bug corrupts your hard drive on seeing this file's icon

Windows 10 bug corrupts your hard drive on seeing this file's icon

ByAn unpatched zero-day in Microsoft Windows 10 allows attackers to corrupt an NTFS-formatted hard drive with a one-line command.In multiple tests by BleepingComputer, this one-liner can be delivered hidden inside a Windows shortcut file, a ZIP archive, batch files, or various other vectors to trigger hard drive errors that corrupt the filesystem index instantly.In August 2020, October 2020, and finally this week, infosec researcher  drew attention to an NTFS vulnerability impacting Windows 10 that has not been fixed.When exploited, this vulnerability can be triggered by a single-line...

bleepingcomputer.com
Ax Sharma
Jan 14
Worthy
Share
Save
Give Tip
Review
NO RATING
SolarLeaks site claims to sell data stolen in SolarWinds attacks

SolarLeaks site claims to sell data stolen in SolarWinds attacks

ByA website named 'SolarLeaks' is selling data they claim was stolen from companies confirmed to have been breached in the SolarWinds attack.Last month, it was disclosed that network management company that led to a supply chain attack affecting 18,000 customers.According to a , this attack was "likely" conducted by a Russian state-sponsored hacking group who wanted to  from its victims.Today, a solarleaks[.]net website was launched that claims to be selling the stolen data from Microsoft, Cisco, FireEye, and SolarWinds. All of these companies are known to have been breached during the...

bleepingcomputer.com
Lawrence Abrams
Jan 12
Worthy
Share
Save
Give Tip
Review
NO RATING
Hackers leak stolen Pfizer COVID-19 vaccine data online

Hackers leak stolen Pfizer COVID-19 vaccine data online

ByThe European Medicines Agency (EMA) today revealed that some of the Pfizer/BioNTech COVID-19 vaccine data stolen from its servers in December was leaked online.EMA is a decentralized agency responsible for reviewing and approving COVID-19 vaccines, as well as for evaluating, monitoring, and supervising any new medicines introduced to the EU."The ongoing investigation of the cyberattack on EMA revealed that some of the unlawfully accessed documents related to COVID-19 medicines and vaccines belonging to third parties have been leaked on the internet," EMA said today. "Necessary action is...

bleepingcomputer.com
Sergiu Gatlan
Jan 12
Worthy
Share
Save
Give Tip
Review
NO RATING
Hacker used ransomware to lock victims in their IoT chastity belt

Hacker used ransomware to lock victims in their IoT chastity belt

ByThe source code for the ChastityLock ransomware that targeted male users of a specific adult toy is now publicly available for research purposes.Users of the Bluetooth-controlled  chastity device were targets of an attack with this malware last year after security researchers found a vulnerability in the toy that allowed locking it remotely.Qiui Cellmante is a connected sex toy with a companion app to control its locking/unlocking via Bluetooth that is typically managed by someone else than the person wearing the device.In October 2020, researchers at  about a serious vulnerability that...

bleepingcomputer.com
Ionut Ilascu
Jan 9
Worthy
Share
Save
Give Tip
Review
NO RATING
Networking giant Ubiquiti alerts customers of potential data breach

Networking giant Ubiquiti alerts customers of potential data breach

ByNetworking device maker Ubiquiti has announced a security incident that may have exposed its customers' data.Ubiquiti is a very popular networking device manufacturer best known for its UniFi line of wired and wireless network products and a cloud management platform.Today, Ubiquiti began emailing customers to change their passwords and enable 2FA after an attacker hacked their systems hosted at a third-party cloud provider."We recently became aware of unauthorized access to certain of our information technology systems hosted by a third party cloud provider. We have no indication that...

bleepingcomputer.com
Lawrence Abrams
Jan 11
Worthy
Share
Save
Give Tip
Review
NO RATING
New worm turns Windows, Linux servers into Monero miners

New worm turns Windows, Linux servers into Monero miners

ByA newly discovered and self-spreading Golang-based malware has been actively dropping XMRig cryptocurrency miners on Windows and Linux servers since early December.This multi-platform malware also has worm capabilities that allow it to spread to other systems by brute-forcing public-facing services (i.e., MySQL, Tomcat, Jenkins and WebLogic) with weak passwords  security researcher Avigayil Mechtinger.The attackers behind this campaign have been actively updating the worm's capabilities through its command-and-control (C2) server since it was first spotted which hints at an actively...

bleepingcomputer.com
Sergiu Gatlan
Dec 30
Worthy
Share
Save
Give Tip
Review
NO RATING
Data breach broker selling user records stolen from 26 companies

Data breach broker selling user records stolen from 26 companies

ByA data breach broker is selling the allegedly stolen user records for twenty-six companies on a hacker forum, BleepingComputer has learned.When threat actors and hacking groups breach a company and steal their user databases, they commonly work with data breach brokers who market and sell the data for them. Brokers will then create posts on hacker forums and dark web marketplaces to market the stolen data.Last Friday, a data broker began selling the combined total of 368.8 million stolen user records for twenty-six companies on a hacker forum.Of these twenty-six companies, only eight are...

bleepingcomputer.com
Lawrence Abrams
Dec 31
Worthy
Share
Save
Give Tip
Review
NO RATING
T-Mobile data breach exposed phone numbers, call records

T-Mobile data breach exposed phone numbers, call records

ByT-Mobile has announced a data breach exposing customers' proprietary network information (CPNI), including phone numbers and call records.Starting yesterday, T-Mobile began texting customers that a "security incident" exposed their account's information.According to T-Mobile, its security team recently discovered "malicious, unauthorized access" to their systems. After bringing in a cybersecurity firm to perform an investigation, T-Mobile found that threat actors gained access to the telecommunications information generated by customers, known as CPNI.The information exposed in this...

bleepingcomputer.com
Lawrence Abrams
Dec 30
Worthy
Share
Save
Give Tip
Review
NO RATING
Swatters hijack smart home devices to watch emergency responders

Swatters hijack smart home devices to watch emergency responders

ByWeak credentials and login protections come with the risk of swatting for owners of connected devices with video and voice capabilities, warns the U.S. Federal Bureau of Investigation (FBI).In a recent spate of swatting attacks, perpetrators have hijacked smart gadgets to watch or live stream the bad joke unfolding and engage the responding officers.Swatting originates from prank calls to emergency services. It aims to generate a response from law enforcement and the S.W.A.T. (special weapons and tactics) team against a target.In many cases, swatting is driven by revenge, especially among...

bleepingcomputer.com
Ionut Ilascu
Dec 29
Worthy
Share
Save
Give Tip
Review
NO RATING
NetGalley discloses data breach after website was hacked

NetGalley discloses data breach after website was hacked

ByThe NetGalley book promotion site has suffered a data breach that allowed threat actors to access a database with members' personal information.NetGalley is a website that allows authors and publishers to promote digital review copies of their books (galleys) to book advocates, influential readers, and industry professionals in the hopes that they will recommend the books to their audience.On Monday, December 21st, NetGalley's website was hacked and defaced. After further investigations, it was determined that the threat actors also accessed a backup for the site's database containing...

bleepingcomputer.com
Lawrence Abrams
Dec 24
Worthy
Share
Save
Give Tip
Review
NO RATING
Physical addresses of 270K Ledger owners leaked on hacker forum

Physical addresses of 270K Ledger owners leaked on hacker forum

ByA threat actor has leaked the stolen email and mailing addresses for Ledger cryptocurrency wallet users on a hacker forum for free.Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows.In June 2020,  after a website vulnerability allowed threat actors to access customers' contact details.Today, a threat actor has shared an archive containing two files named 'All Emails (Subscription).txt' and 'Ledger Orders...

bleepingcomputer.com
Lawrence Abrams
Dec 21
Worthy
Share
Save
Give Tip
Review
NO RATING
The SolarWinds cyberattack: The hack, the victims, and what we know

The SolarWinds cyberattack: The hack, the victims, and what we know

BySince the SolarWinds supply chain attack was disclosed last Sunday, there has been a whirlwind of news, technical details, and analysis released about the hack.Because the amount of information that was released in such a short time is definitely overwhelming, we have published this as a roundup of this week's SolarWinds news.The information is distilled into a format that will hopefully explain the attack, who its victims are, and what we know to this point.While we learned of SolarWind's attack on December 13th, the first disclosure of its consequence was made on December 8th when...

bleepingcomputer.com
Lawrence Abrams
Dec 19
Worthy
Share
Save
Give Tip
Review
NO RATING
Google outage caused by critical system running out of storage

Google outage caused by critical system running out of storage

ByThe global Google services outage yesterday was caused by the company's Identity Management System failing after a bug restricted its storage space.This from accessing Gmail, YouTube, Google Drive, Google Maps, Google Calendar, and other Google services.During the outage, users could not send emails via Gmail mobile apps or receive email via POP3 for desktop clients. Also, YouTube visitors were seeing an error message stating, "There was a problem with the server (503) - Tap to retry."According to a tweet and a Google status report, the outage was caused by the company's automated...

bleepingcomputer.com
Lawrence Abrams
Dec 15
Worthy
Share
Save
Give Tip
Review
NO RATING
Ransomware attack causing billing delays for Missouri city

Ransomware attack causing billing delays for Missouri city

ByThe City of Independence, Missouri, suffered a ransomware attack last week that continues to disrupt the city's services.At the beginning of the month, Independence suffered a ransomware attack that forced them to shut down their IT system as they recovered from the attack."The City of Independence recently experienced an event that resulted in technical difficulties and disruption to multiple services. It appears that these disruptions are the result of a ransomware event that was discovered and stopped before it could infect the full City network,"  City of Independence City Manager...

bleepingcomputer.com
Lawrence Abrams
Dec 15
Worthy
Share
Save
Give Tip
Review
AUTHORS
Sergiu Gatlan

Sergiu Gatlan

CRITIC
img-contested
N/A
PUBLIC
img-contested
N/A
Ax Sharma

Ax Sharma

CRITIC
img-contested
N/A
PUBLIC
img-contested
N/A
Ionut Ilascu

Ionut Ilascu

CRITIC
img-contested
N/A
PUBLIC
img-contested
N/A
Lawrence Abrams

Lawrence Abrams

CRITIC
img-contested
N/A
PUBLIC
img-contested
N/A
Mayank Parmar

Mayank Parmar

CRITIC
img-contested
N/A
PUBLIC
img-contested
N/A