BleepingComputer.com.

"Windows BitLocker bug triggers warnings on devices with TPMs.

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 15 January 2025, 1555 UTC. 

Content and Source:  https://www.bleepingcomputer.com/

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Latest Articles

• 
   
  Microsoft

Windows BitLocker bug triggers warnings on devices with TPMs

• ​Microsoft is investigating a bug triggering security alerts on systems with a Trusted Platform Module (TPM) processor after enabling BitLocker.

  • Sergiu Gatlan
   
  • January 15, 2025
   
  • 10:46 AM
   
  •  0
• 
   
  Deals

Stay on top of the latest career skills with lifetime access to InfoSec4TC

• The InfoSec4TC Platinum Membership is a great deal. For $69.99 (regularly $280), you'll get lifetime access to over 90 cybersecurity courses, including training for GSEC, CISSP, ethical hacking, and a ton of other in-demand IT certifications.

  • BleepingComputer Deals
   
  • January 15, 2025
   
  • 07:09 AM
   
  •  0
• 
   
  Microsoft

January Windows updates may fail if Citrix SRA is installed

• Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device.

  • Lawrence Abrams
   
  • January 14, 2025
   
  • 05:04 PM
   
  •  0
• 
   
  Legal, Mobile

Allstate car insurer sued for tracking drivers without permission

• Texas Attorney General Ken Paxton has filed a lawsuit against Allstate and its data subsidiary Arity for unlawfully collecting, using, and selling driving data from over 45 million Americans.

  • Bill Toulas
   
  • January 14, 2025
   
  • 04:29 PM
   
  •  7
• 
   
  Security

WP3.XYZ malware attacks add rogue admins to 5,000+ WordPress sites

• A new malware campaign has compromised more than 5,000 WordPress sites to create admin accounts, install a malicious plugin, and steal data.

  • Bill Toulas
   
  • January 14, 2025
   
  • 03:54 PM
   
  •  2
• 
   
  Security, CryptoCurrency

US govt says North Korea stole over $659 million in crypto last year

• ​North Korean state-backed hacking groups have stolen over $659 million worth of cryptocurrency in multiple crypto-heists, according to a joint statement issued by the United States, South Korea, and Japan on Tuesday.

  • Sergiu Gatlan
   
  • January 14, 2025
   
  • 03:01 PM
   
  •  0
• 
   
  Microsoft

Windows 10 KB5049981 update released with new BYOVD blocklist

• Microsoft has released the KB5049981 cumulative update for Windows 10 22H2 and Windows 10 21H2, which contains an updated Kernel driver blocklist to prevent Bring Your Own Vulnerable Driver (BYOVD) attacks.

  • Lawrence Abrams
   
  • January 14, 2025
   
  • 02:28 PM
   
  •  0
• 
   
  Deals

Get a standalone license to Microsoft Office 2024 without a subscription

• Now, you can get Microsoft Office Home for Mac or PC as a standalone license. Instead of paying monthly, you can pay $119.97 (reg. $149) once with no recurring costs.

  • BleepingComputer Deals
   
  • January 14, 2025
   
  • 02:06 PM
   
  •  0
• 
   
  Microsoft, Security

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

• Today is Microsoft's January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks.

  • Lawrence Abrams
   
  • January 14, 2025
   
  • 02:01 PM
   
  •  0
• 
   
  Microsoft, Software

Windows 11 KB5050009 & KB5050021 cumulative updates released

• Microsoft has released the Windows 11 KB5050009 and KB5050021 cumulative updates for versions 24H2 and 23H2 to fix security vulnerabilities and issues.

  • Mayank Parmar
   
  • January 14, 2025
   
  • 01:48 PM
   
  •  0
• 
   
  Security, Google

Google OAuth flaw lets attackers gain access to abandoned accounts

• A weakness in Google's OAuth "Sign in with Google" feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms.

  • Bill Toulas
   
  • January 14, 2025
   
  • 12:28 PM
   
  •  1
• 
   
  Security

FBI deletes Chinese PlugX malware from thousands of US computers

• ​The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States.

  • Sergiu Gatlan
   
  • January 14, 2025
   
  • 11:26 AM
   
  •  1
• 
   
  Security

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

• Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally.

  • Bill Toulas
   
  • January 14, 2025
   
  • 10:57 AM
   
  •  4
• 
   
  Security

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

• ​Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

  • Sergiu Gatlan
   
  • January 14, 2025
   
  • 10:24 AM
   
  •  1
• 
   
  Microsoft

Microsoft 365 apps crash on Windows Server after Office update

• ​Microsoft says a known issue is causing Classic Outlook and Microsoft 365 applications to crash on Windows Server 2016 or Windows Server 2019 systems.

  • Sergiu Gatlan
   
  • January 14, 2025
   
  • 09:18 AM
   
  •  0
• 
   
  Deals

Pay once and never again for this FileJump 2TB cloud storage

• FileJump gives you 2TB of cloud storage, but you only have to pay for it once, and it's even on sale. Instead of paying $467 for your 2TB lifetime subscription, now it's only $69.97.

  • BleepingComputer Deals
   
  • January 14, 2025
   
  • 07:11 AM
   
  •  0
• 
   
  Security, Healthcare

OneBlood confirms personal data stolen in July ransomware attack

• Blood-donation not-for-profit OneBlood confirms that donors' personal information was stolen in a ransomware attack last summer.

  • Bill Toulas
   
  • January 13, 2025
   
  • 05:36 PM
   
  •  1
• 
   
  Security

CISA orders agencies to patch BeyondTrust bug exploited in attacks

• ​CISA tagged a vulnerability in BeyondTrust's Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks.

  • Sergiu Gatlan
   
  • January 13, 2025
   
  • 03:58 PM
   
  •  0
• 
   
  Security, Gaming

Stolen Path of Exile 2 admin account used to hack player accounts

• Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November.

  • Bill Toulas
   
  • January 13, 2025
   
  • 03:33 PM
   
  •  0
• 
   
  Security, Apple, Microsoft

Microsoft: macOS bug lets hackers install malicious kernel drivers

• Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions.

  • Sergiu Gatlan
   
  • January 13, 2025
   
  • 01:24 PM
   
  •  0

• 1
 
• 2
 
• 3
 
• 4
 
• 5