Monday, November 4, 2024

BleepingComputer.com

 "DocuSign's Envelopes API abused to send realistic fake invoices."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 04 November 2024, 2340 UTC.

Content and Source:  https://www.bleepingcomputer.com/

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

LATEST ARTICLES

DocuSign's Envelopes API abused to send realistic fake invoices

  • Threat actors are abusing DocuSign's Envelopes API to create and mass-distribute fake invoices that appear genuine, impersonating well-known brands like Norton and PayPal.

  • Schneider Electric
     
    SECURITY

Schneider Electric confirms dev platform breach after hacker steals data

  • Schneider Electric has confirmed a developer platform was breached after a threat actor claimed to steal 40GB of data from the company's JIRA server.

  • Windows Server
     
    MICROSOFT

Windows Server 2025 released—here are the new features

  • ​Microsoft has announced that Windows Server 2025, the latest version of its server operating system, is generally available starting Friday, November 1st.

  • Pygmy Goat
     
    SECURITY

Custom "Pygmy Goat" malware used in Sophos Firewall hack on govt network

  • UK's National Cyber Security Centre (NCSC) has published an analysis of a Linux malware named "Pigmy Goat" created to backdoor Sophos XG firewall devices as part of recently disclosed attacks by Chinese threat actors.

  • Linux
     
    SECURITY, LINUX

Windows infected with backdoored Linux VMs in new phishing attacks

  • A new phishing campaign dubbed 'CRON#TRAP' infects Windows with a Linux virtual machine that contains a built-in backdoor to give stealthy access to corporate networks.

  • Solving the painful password problem with better policies
     
    SECURITY· SPONSORED CONTENT

Solving the painful password problem with better policies

  • Weak and reused credentials continue to plague users and organizations. Learn from Specops software about why passwords are so easy to hack and how organizations can fortify their security efforts.

  • City of Columbus
     
    SECURITY

City of Columbus: Data of 500,000 stolen in July ransomware attack

  • ​The City of Columbus, Ohio, notified 500,000 individuals that a ransomware gang stole their personal and financial information in a July 2024 cyberattack.

  • CompTIA
     
    DEALS

This $50 bundle helps prepare you for the CompTIA exams on a budget

  • Study for all your CompTIA certifications in one place. Get the Complete 2024 CompTIA Course Super Bundle while it's on sale for $49.97.

    • BLEEPINGCOMPUTER DEALS
      •  
    • NOVEMBER 04, 2024
      •  
    • 07:19 AM
      •  
    • Comment Count 0
  • Windows Server
     
    MICROSOFT

Microsoft confirms Windows Server 2025 blue screen, install issues

  • ​Microsoft has confirmed several bugs causing install and Blue Screen of Death (BSOD) issues impacting Windows Server 2025 systems with more than 256 logical processors.

  • Cisco
     
    SECURITY

Cisco says DevHub site leak won’t enable future breaches

  • ​Cisco says that non-public files recently downloaded by a threat actor from a misconfigured public-facing DevHub portal don't contain information that could be exploited in future breaches of the company's systems.

  • Hacker box
     
    SECURITY

Meet Interlock — The new ransomware targeting FreeBSD servers

  • A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers.

  • Robot Customer Support
     
    SECURITY, ARTIFICIAL INTELLIGENCE

ChatGPT-4o can be used for autonomous voice-based scams

  • Researchers have shown that it's possible to abuse OpenAI's real-time voice API for ChatGPT-4o, an advanced LLM chatbot, to conduct financial scams with low to moderate success rates.

  • Get 2TB lifetime cloud storage with FileJump — secure storage, no fees
     
    DEALS

Get 2TB lifetime cloud storage with FileJump — secure storage, no fees

  • For anyone seeking secure cloud storage, FileJump's lifetime 2TB cloud storage plan is a great deal at a fair price at $89 — skip ahead and check out now.

    • BLEEPINGCOMPUTER DEALS
      •  
    • NOVEMBER 03, 2024
      •  
    • 08:12 AM
      •  
    • Comment Count 0
  • SharePoint
     
    SECURITY

Microsoft SharePoint RCE bug exploited to breach corporate network

  • A recently disclosed Microsoft SharePoint remote code execution (RCE) vulnerability tracked as CVE-2024-38094 is being exploited to gain initial access to corporate networks.

  • Outlook
     
    MICROSOFT

Microsoft Outlook workaround fixes freezes when copying text

  • ​Microsoft is investigating a known issue that affects Microsoft 365 customers and causes classic Outlook to hang or freeze when copying text.

  • Cybersecurity Lock World
     
    DEALS

Prepare for your first cybersecurity job with this $46 course bundle

  • Prepare for your first cybersecurity job. Get the Masters in Cyber Security Certification Bundle while it's on sale for $45.99. 

    • BLEEPINGCOMPUTER DEALS
      •  
    • NOVEMBER 02, 2024
      •  
    • 08:11 AM
      •  
    • Comment Count 0
  • Azure Virtual Desktop
     
    MICROSOFT

Microsoft warns Azure Virtual Desktop users of black screen issues

  • Microsoft warned customers they might experience up to 30 minutes of black screens when logging into Azure Virtual Desktop (AVD) after installing the KB5040525 Windows 10 July 2024 preview update.

  • HACLA Housing Authority of the City of Los Angeles
     
    SECURITY

LA housing authority confirms breach claimed by Cactus ransomware

  • The Housing Authority of the City of Los Angeles (HACLA), one of the largest public housing authorities in the United States, confirmed that a cyberattack hit its IT network after recent breach claims from the Cactus ransomware gang.

  • ChatGPT
     
    SECURITY, ARTIFICIAL INTELLIGENCE

OpenAI's new ChatGPT Search Chrome extension feels like a search hijacker

  • OpenAI's new "ChatGPT search" Chrome extension feels like nothing more than a typical search hijacker, changing Chrome's settings so your address bar searches go through ChatGPT Search instead.

  • LastPass
     
    SECURITY

LastPass warns of fake support centers trying to steal customer data

  • LastPass is warning about an ongoing campaign where scammers are writing reviews for its Chrome extension to promote a fake customer support phone number. However, this phone number is part of a much larger campaign to trick callers into giving scammers remote access to their computers, as discovered by BleepingComputer.

VIEW MORE

at
Labels:

No comments:

Post a Comment

Please leave a comment about our recent post.

Subscribe to: Post Comments (Atom)

ZDNet | Security.

"It's official:  All your Office apps are getting AI and a price increase." Views expressed in this cybersecurity, cyber crime...

  • The Cyberwire Daily Briefing
    "Fortinet confirms breach of customer data." Views expressed in this cybersecurity, cyber crime update are those of the reporters ...
  • Cyber War News Today.
    "International Defence Cooperation:  A key to regional stability." Views expressed in this cybersecurity, cyber espionage, and cyb...
  • SecurityWeek Briefing
    "New RAMBO attack allows air-gapped data theft." Views expressed in this cybersecurity, cyber crime update are those of the report...