Bleeping Computer

Bluetooth BrakTooth bugs could affect billions of devices

Vulnerabilities collectively referred to as BrakTooth are affecting Bluetooth stacks implemented on system-on-a-chip (SoC) circuits from over a dozen vendors. The set of issues impact a wide variety of devices, from consumer electronics to industrial equipment. The associated risk ranges from denial-of-service, deadlock condition of …

Bluetooth BrakTooth bugs could affect billions of devices Read More »

Translated Conti ransomware playbook gives insight into attacks

Almost a month after a disgruntled Conti affiliate leaked the gang’s attack playbook, security researchers shared a translated variant that clarifies any misinterpretation caused by automated translation. Apart from providing information about the gang’s attack methods and the thoroughness of the instructions, which allow for less-skilled actors …

Translated Conti ransomware playbook gives insight into attacks Read More »

Atlassian Confluence flaw actively exploited to install cryptominers

Hackers are actively scanning for and exploiting a recently disclosed Atlassian Confluence remote code execution vulnerability to install cryptominers after a PoC exploit was publicly released. Atlassian Confluence is a very popular web-based corporate team workspace that allows employees to collaborate on projects. On August …

Atlassian Confluence flaw actively exploited to install cryptominers Read More »

WhatsApp to appeal $266 million fine for violating EU privacy laws

Ireland’s Data Privacy Commissioner (DPC) has hit Facebook-owned messaging platform WhatsApp with a €225 million ($266 million) administrative fine for violating the EU’s GDPR privacy regulation after failing to inform users and non-users on what it does with their data. EU data regulators can impose …

WhatsApp to appeal $266 million fine for violating EU privacy laws Read More »

T-Mobile CEO: Hacker brute-forced his way through our network

Today, T-Mobile’s CEO Mike Sievert said that the hacker behind the carrier’s latest massive data breach brute forced his way through T-Mobile’s network after gaining access to testing environments. The attacker could not exfiltrate customer financial information, credit card information, debit or other payment information during the incident. …

T-Mobile CEO: Hacker brute-forced his way through our network Read More »

Synology: Multiple products impacted by OpenSSL RCE vulnerability

Taiwan-based NAS maker Synology has revealed that recently disclosed remote code execution (RCE) and denial-of-service (DoS) OpenSSL vulnerabilities impact some of its products. “Multiple vulnerabilities allow remote attackers to conduct denial-of-service attack or execute arbitrary code via a susceptible version of Synology DiskStation Manager (DSM), …

Synology: Multiple products impacted by OpenSSL RCE vulnerability Read More »

New zero-click iPhone exploit used to deploy NSO spyware

Digital threat researchers at Citizen Lab have uncovered a new zero-click iMessage exploit used to deploy NSO Group’s Pegasus spyware on devices belonging to Bahraini activists. In total, nine Bahraini activists (including members of the Bahrain Center for Human Rights, Waad, Al Wefaq) had their iPhones hacked in a campaign …

New zero-click iPhone exploit used to deploy NSO spyware Read More »

FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020

The Federal Bureau of Investigation (FBI) has shared info about a threat actor known as OnePercent Group that has been actively targeting US organizations in ransomware attacks since at least November 2020. The US federal law enforcement agency shared indicators of compromise, tactics, techniques, and procedures …

FBI: OnePercent Group Ransomware targeted US orgs since Nov 2020 Read More »

Phishing campaign uses UPS.com XSS vuln to distribute malware

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious ‘Invoice’ Word documents. The phishing scam was first discovered by security research Daniel Gallagher and pretended to be an email from UPS stating that a package had an “exception” and needs …

Phishing campaign uses UPS.com XSS vuln to distribute malware Read More »

Scroll to Top