Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Ubuntu User Namespace Bypass Exploits Discovered

2025-03-29
Critical Ubuntu User Namespace Bypass Exploits Discovered

Qualys researchers have uncovered three critical security bypasses in Ubuntu 23.10 and 24.04's unprivileged user namespace restrictions. These bypasses, leveraging the aa-exec tool, busybox shell, and LD_PRELOAD technique, allow local attackers to create user namespaces with full administrative privileges, potentially exploiting kernel vulnerabilities. Canonical acknowledges these as limitations of their AppArmor defense, not vulnerabilities, and recommends administrative hardening steps such as enabling kernel.apparmor_restrict_unprivileged_unconfined=1 to mitigate the risks.

Read more
(www.bleepingcomputer.com)
Development

Microsoft's New Office Startup Booster: Faster Loading, But With a Catch

2025-03-27
Microsoft's New Office Startup Booster: Faster Loading, But With a Catch

Microsoft is rolling out a new Windows scheduled task called 'Startup Boost' in May to speed up Office app loading. This background task preloads performance enhancements but only runs on systems with 8GB RAM and 5GB free disk space, disabling automatically in Energy Saver mode. Users can disable it in Office settings, but the Office installer re-enables it with each update. While designed to improve launch times, its automatic re-enablement might annoy some users.

Read more
(www.bleepingcomputer.com)
Development Windows Scheduled Task

Oracle Cloud Breach: 6 Million User Data Allegedly Compromised

2025-03-26
Oracle Cloud Breach: 6 Million User Data Allegedly Compromised

Cybersecurity firm BleepingComputer reports a hacker claiming to have breached Oracle Cloud servers, stealing authentication data for 6 million users. Oracle denies a breach, but BleepingComputer has confirmed the validity of data samples from multiple affected companies. The hacker released databases, LDAP data, and over 140,000 allegedly compromised domains. Investigations suggest exploitation of a vulnerability (CVE-2021-35587) in Oracle Fusion Middleware 11g. Despite Oracle's denial, evidence points to a significant security lapse, raising concerns about Oracle Cloud security.

Read more
(www.bleepingcomputer.com)
Tech Cybersecurity Vulnerability

Urgent: Update Your Firefox Browser Before March 14th!

2025-03-13
Urgent: Update Your Firefox Browser Before March 14th!

Mozilla is urging Firefox users to update their browsers to version 128 or later (or ESR 115.13 or later) before March 14th, 2025, to avoid significant security risks. A critical root certificate is expiring, rendering add-ons unusable and potentially exposing users to malicious add-ons, fraudulent websites, and compromised password alerts. Failure to update could lead to severe performance issues and security vulnerabilities. The update affects Windows, Android, Linux, and macOS users, but not iOS. While older versions might still function, Mozilla strongly advises updating for optimal security and performance.

Read more
(www.bleepingcomputer.com)
Tech

Windows Update Bricking USB Printers: Random Text Mayhem

2025-03-13
Windows Update Bricking USB Printers: Random Text Mayhem

Microsoft has acknowledged that recent Windows updates (KB5050092 and later, released since January 29th, 2025) are causing some dual-mode USB printers (supporting both USB Print and IPP over USB) to print random gibberish. This includes network commands and unusual characters. Windows 10 22H2 and Windows 11 22H2/23H2 are affected; Windows 11 24H2 is not. Microsoft has fixed this via Known Issue Rollback (KIR), and the fix will also automatically roll out in a future update. For enterprise environments, IT admins need to install and configure specific group policies to resolve the issue on affected devices.

Read more
(www.bleepingcomputer.com)
Hardware Windows Update USB Printer

Massive ESP32 Chip Flaw: Undocumented Backdoor Found in Over 1 Billion Devices

2025-03-08
Massive ESP32 Chip Flaw: Undocumented Backdoor Found in Over 1 Billion Devices

Researchers have uncovered a critical vulnerability in the widely used ESP32 microchip, affecting over a billion devices. 29 undocumented commands act as a backdoor, enabling attackers to spoof trusted devices, access data without authorization, pivot to other network devices, and establish persistent access. This vulnerability poses significant risks to IoT security, particularly when combined with existing root access or malicious firmware. The discovery, made by Tarlogic Security using a newly developed cross-platform Bluetooth driver, highlights the importance of comprehensive security testing in widely deployed hardware. Espressif, the manufacturer, has yet to publicly comment.

Read more
(www.bleepingcomputer.com)
Tech Backdoor Vulnerability

Urgent: CISA Warns of Actively Exploited Cisco and Windows Vulnerabilities

2025-03-04
Urgent: CISA Warns of Actively Exploited Cisco and Windows Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive warning federal agencies about actively exploited vulnerabilities in Cisco and Windows systems. CVE-2023-20118 affects Cisco RV series VPN routers, allowing remote code execution. CVE-2018-8639, a Windows elevation of privilege flaw, also enables arbitrary code execution. CISA added these to its Known Exploited Vulnerabilities catalog, mandating remediation by March 23rd for federal agencies. This highlights the critical need for prompt patching to mitigate sophisticated cyberattacks.

Read more
(www.bleepingcomputer.com)
Tech system security

Australia Bans Kaspersky Lab Products Over Security Concerns

2025-02-27
Australia Bans Kaspersky Lab Products Over Security Concerns

The Australian government has banned all Kaspersky Lab products and web services from its systems, citing unacceptable security risks related to foreign interference, espionage, and sabotage. Kaspersky denies these allegations, claiming the ban lacks specific evidence and is politically motivated. This follows similar bans in the US, Germany, and Canada, reflecting a broader trend of Western nations restricting Kaspersky's access to government systems.

Read more
(www.bleepingcomputer.com)
Tech Kaspersky

WinRAR 7.10 Released: Dark Mode and Enhanced Privacy

2025-02-21
WinRAR 7.10 Released: Dark Mode and Enhanced Privacy

WinRAR 7.10 has been released, boasting numerous improvements including larger memory pages for performance boosts, a much-requested dark mode, and a redesigned settings interface. A standout feature is its enhanced privacy controls. Users can now fine-tune how information from the Mark-of-the-Web (MoTW) is propagated, with a default setting that only retains the security zone value, stripping potentially revealing URLs and IP addresses from extracted files. While this might impact digital forensics, it's a welcome addition for privacy-conscious users.

Read more
(www.bleepingcomputer.com)
Hardware

Brave Browser's New Custom Scriptlets: Take Control of Your Browsing Experience

2025-02-11
Brave Browser's New Custom Scriptlets: Take Control of Your Browsing Experience

Brave Browser version 1.75 introduces 'custom scriptlets' for desktop users, allowing advanced users to inject their own JavaScript into websites for deep customization. Similar to Tampermonkey and Greasemonkey, this feature enables users to create scripts modifying website functionality. Initially developed for debugging Brave's ad blocker, its value led to its release. Custom scriptlets enhance privacy, security, and usability by blocking trackers, customizing appearance, and improving accessibility. However, caution is advised as untrusted scripts pose risks. The feature is located in `brave://settings/shields/filters` and requires enabling 'Developer mode'.

Read more
(www.bleepingcomputer.com)
Development Brave Browser Custom Scriptlets

Apple Patches Zero-Day Vulnerability Used in Sophisticated Attacks

2025-02-10
Apple Patches Zero-Day Vulnerability Used in Sophisticated Attacks

Apple has released emergency security updates to address a zero-day vulnerability (CVE-2025-24200) exploited in targeted, sophisticated attacks. The vulnerability could bypass USB Restricted Mode on locked devices, potentially allowing data extraction. This mode was designed to prevent forensic software from accessing data on locked iOS devices. Apple urges users to update immediately to mitigate potential ongoing attacks. This incident highlights the importance of regular software updates and mobile device security.

Read more
(www.bleepingcomputer.com)
Tech Apple security update zero-day vulnerability iOS security

Massive Healthcare Data Breach at Medusind Impacts 360,000+

2025-02-02
Massive Healthcare Data Breach at Medusind Impacts 360,000+

Medusind, a healthcare billing provider, disclosed a data breach affecting over 360,000 individuals. The December 2023 breach exposed sensitive information including health insurance details, payment information, medical records, government IDs, and personal data. Medusind is offering two years of free identity monitoring services to affected individuals and urging them to monitor their accounts for suspicious activity. This incident follows proposed HIPAA updates by HHS aimed at bolstering healthcare cybersecurity in response to a recent surge in major data breaches.

Read more
(www.bleepingcomputer.com)
Tech

Critical Apple CPU Side-Channel Flaws Steal Browser Data

2025-01-28
Critical Apple CPU Side-Channel Flaws Steal Browser Data

Researchers have uncovered new side-channel vulnerabilities, FLOP and SLAP, in Apple's M-series and A-series processors. These flaws allow remote attackers to steal sensitive data from web browsers via malicious websites, bypassing browser sandboxing. The vulnerabilities stem from faulty speculative execution, exploiting the CPU's mispredictions to leak information like emails, location history, and more. Apple is aware and plans to address the issue, but patches aren't yet available. Disabling JavaScript is a temporary mitigation, but impacts website functionality.

Read more
(www.bleepingcomputer.com)
Tech Apple CPU Side-channel attack Security vulnerability

Pwn2Own Automotive 2025: Hackers Awarded $886,250 for 49 Zero-Days

2025-01-27
Pwn2Own Automotive 2025: Hackers Awarded $886,250 for 49 Zero-Days

The Pwn2Own Automotive 2025 hacking contest concluded with security researchers earning a total of $886,250 for discovering 49 zero-day vulnerabilities. Targets included EV chargers, car operating systems (Android Automotive OS, Automotive Grade Linux, BlackBerry QNX), and in-vehicle infotainment systems. Summoning Team's Sina Kheirkhah took home the top prize, earning $222,250 and 30.5 Master of Pwn points. The event highlighted significant security flaws in automotive software, emphasizing the ongoing need for improved security in the industry.

Read more
(www.bleepingcomputer.com)
Tech zero-day vulnerabilities

Hacker Infects 18,000 'Script Kiddies' with Fake Malware Builder

2025-01-25
Hacker Infects 18,000 'Script Kiddies' with Fake Malware Builder

A threat actor targeted low-skilled hackers, known as "script kiddies," with a fake malware builder that secretly installed a backdoor to steal data and take over computers. Security researchers at CloudSEK report that the malware infected 18,459 devices globally, mostly in Russia, the US, India, Ukraine, and Turkey. The malware, a trojanized XWorm RAT builder, was distributed through various channels including GitHub, file hosting sites, Telegram, YouTube, and websites. While many infections were cleaned via a kill switch, some remain compromised. The malware stole data like Discord tokens, system information, and location data, and allowed remote control of infected machines.

Read more
(www.bleepingcomputer.com)
Tech

North Korean Hackers Extort US Companies After Stealing Source Code

2025-01-24
North Korean Hackers Extort US Companies After Stealing Source Code

The FBI issued a warning about North Korean hackers posing as IT workers to infiltrate US companies, steal source code, and extort ransoms. These hackers use various methods, including AI face-swapping technology, to conceal their identities. After gaining access, they copy code to personal accounts and threaten to leak information for ransom. The FBI advises companies to strengthen hiring processes, limit permissions, and monitor network traffic to prevent such attacks. A joint statement from the US, South Korea, and Japan revealed that North Korean state-sponsored hacking groups stole over $659 million in cryptocurrency in 2024.

Read more
(www.bleepingcomputer.com)
Tech North Korean Hackers

Pwn2Own Automotive 2025: 16 Zero-Days Exploited on Day One

2025-01-23
Pwn2Own Automotive 2025: 16 Zero-Days Exploited on Day One

On the first day of Pwn2Own Automotive 2025, security researchers successfully exploited 16 unique zero-day vulnerabilities, earning a total of $382,750 in prize money. Fuzzware.io took the lead, hacking Autel MaxiCharger and Phoenix Contact CHARX SEC-3150 EV chargers. The competition highlighted critical vulnerabilities in EV chargers, in-vehicle infotainment systems, and car operating systems, underscoring the importance of cybersecurity in the automotive industry.

Read more
(www.bleepingcomputer.com)
Tech zero-day automotive security

US Sanctions Chinese Hacker and Firm Behind Treasury and Telecom Hacks

2025-01-17
US Sanctions Chinese Hacker and Firm Behind Treasury and Telecom Hacks

The US Treasury Department sanctioned Yin Kecheng, a Shanghai-based hacker, and Sichuan Juxinhe Network Technology Co., Ltd. for their roles in the recent breach of the Treasury Department and attacks on US telecommunication companies. Yin Kecheng, linked to China's Ministry of State Security (MSS), was involved in the Treasury Department breach, exploiting a zero-day vulnerability. Sichuan Juxinhe is associated with the Salt Typhoon hacking group, responsible for spying on high-profile targets through compromised telecom providers. The sanctions freeze their US assets and prohibit transactions with US entities. This action underscores the US commitment to combating Chinese cyber espionage.

Read more
(www.bleepingcomputer.com)
Tech sanctions hacking Sanctions Chinese Hackers

Pastor Indicted for $5.9M Crypto Scam He Claimed Came From a Dream

2025-01-16
Pastor Indicted for $5.9M Crypto Scam He Claimed Came From a Dream

A pastor from a Pasco, Washington church has been indicted on 26 counts of fraud for allegedly running a cryptocurrency scam that defrauded investors of at least $5.9 million between 2021 and 2023. Francier Obando Pinillo, 51, reportedly used his position to lure investors into 'Solano Fi,' a fraudulent cryptocurrency venture he claimed came to him in a dream, promising guaranteed returns. He utilized Facebook and a Telegram group to expand his reach, attracting over 1,500 victims. The indictment alleges Pinillo misappropriated funds, displaying fake balances on a web app and employing tactics like extortion to keep the scheme going. He now faces up to 20 years in prison.

Read more
(www.bleepingcomputer.com)
Misc cryptocurrency fraud financial fraud

Over 3.1 Million Fake GitHub Stars Used to Promote Malware

2024-12-31
Over 3.1 Million Fake GitHub Stars Used to Promote Malware

A recent study revealed over 3.1 million fake "stars" on GitHub, used to artificially inflate the popularity of scam and malware repositories. Researchers used a tool called StarScout to analyze massive datasets, identifying 278,000 accounts responsible for these fake stars across 15,835 repositories. This deceptive practice, particularly rampant in 2024, allows malicious projects to appear legitimate and reach unsuspecting users. While GitHub has removed many of the implicated accounts and repositories, the problem persists. Users are urged to carefully evaluate project quality and exercise caution when downloading software from GitHub.

Read more
(www.bleepingcomputer.com)
Development Fake Stars

New 'OtterCookie' Malware Targets Developers in Fake Job Offers

2024-12-29
New 'OtterCookie' Malware Targets Developers in Fake Job Offers

Cybersecurity firms have uncovered a new malware, OtterCookie, used in the 'Contagious Interview' campaign by North Korean threat actors. This campaign lures software developers with fake job offers containing malware, including OtterCookie and previously seen malware like BeaverTail. OtterCookie is delivered through Node.js projects or npm packages, establishing communication with a command and control server via Socket.IO. It steals sensitive data, such as cryptocurrency wallet keys, documents, and images, and performs reconnaissance on the infected system. Experts warn developers to carefully vet job offers and avoid running untrusted code.

Read more
(www.bleepingcomputer.com)
Tech Malware