"Microsoft fixes power pages zero-day bug exploitd in attacks."
Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents. Accessed on 20 February 2025, 1455 UTC.
Content and Source: https://www.bleepingcomputer.com/
Please check link or scroll down to read your selections. Thanks for joining us today.
Russ Roberts (https://www.hawaiicybersecurityjournal.net).
Microsoft fixes Power Pages zero-day bug exploited in attacks
Microsoft has issued a security bulletin for a high-severity elevation of privilege vulnerability in Power Pages, which hackers exploited as a zero-day in attacks.
- February 20, 2025
- 09:34 AM
0
Microsoft testing fix for Windows 11 bug breaking SSH connections
Microsoft is not testing a fix for a longstanding known issue that is breaking SSH connections on some Windows 11 22H2 and 23H2 systems.
- February 20, 2025
- 08:19 AM
- 0
Sponsored Content
5 ways new AI agents can automate identity attacks | Register nowStruggling to filter AI hype from genuine threat? Check out the latest webinar from Push Security to learn how new AI Computer-Using Agents (no, not DeepSeek) can be used to automate identity attacks.
Get Microsoft Office 2024 for your PC or Mac with this deal
Whether you choose the Windows version or you're a Mac user, this deal for the Office 2024 package includes Word, Excel, PowerPoint, Outlook, and OneNote. Update your main computer with Microsoft Office 2024 Home & Business for Windows or Mac for $139.97, 6% off the $149 MSRP.
- February 20, 2025
- 07:09 AM
- 0
Darcula PhaaS can now auto-generate phishing kits for any brand
The Darcula phishing-as-a-service (PhaaS) platform is preparing to release its third major version, with one of the highlighted features, the ability to create do-it-yourself phishing kits to target any brand.
- February 20, 2025
- 06:00 AM
- 0
New NailaoLocker ransomware used against EU healthcare orgs
A previously undocumented ransomware payload named NailaoLocker has been spotted in attacks targeting European healthcare organizations between June and October 2024.
- February 20, 2025
- 03:00 AM
- 0
CISA and FBI: Ghost ransomware breached orgs in 70 countries
CISA and the FBI said attackers deploying Ghost ransomware have breached victims from multiple industry sectors across over 70 countries, including critical infrastructure organizations.
- February 19, 2025
- 03:55 PM
- 0
Phishing attack hides JavaScript using invisible Unicode trick
A new JavaScript obfuscation method utilizing invisible Unicode characters to represent binary values is being actively abused in phishing attacks targeting affiliates of an American political action committee (PAC).
- February 19, 2025
- 03:14 PM
- 0
Desktop access is possible anywhere with this AnyViewer deal, now $60
Instead of stressing about a work file you can't access from your personal laptop at home, have constant, simple desktop access with AnyViewer. It's not just any remote desktop access tool, either—this one eliminates lag, offers high quality resolution, and even comes with multi-device support for only $59.99 (reg. $214) for 10 devic
- February 19, 2025
- 02:11 PM
- 0
New FrigidStealer infostealer infects Macs via fake browser updates
The FakeUpdate malware campaigns are increasingly becoming muddled, with two additional cybercrime groups tracked as TA2726 and TA2727, running campaigns that push a new macOS infostealer malware called FrigidStealer.
- February 19, 2025
- 12:42 PM
- 0
Australian fertility services giant Genea hit by security breach
Genea, one of Australia's largest fertility services providers, disclosed that unknown attackers breached its network and accessed data stored on compromised systems.
- February 19, 2025
- 12:40 PM
- 0
Palo Alto Networks tags new firewall bug as exploited in attacks
Palo Alto Networks warns that hackers are actively exploiting a critical authentication bypass flaw (CVE-2025-0108) in PAN-OS firewalls, chaining it with two other vulnerabilities to breach devices in active attacks.
- February 19, 2025
- 10:38 AM
- 0
Security· Sponsored ContentThe Browser Blind Spot: Why Your Browser is the Next Cybersecurity Battleground
For years, defensive security strategies have focused on three core areas: network, endpoint, and email. Meanwhile, the browser, sits across all of them. This article examines three key areas where attackers focus their efforts and how browser-based attacks are evolving.
- February 19, 2025
- 10:02 AM
- 0
Make your web browsing sessions productive and learn with StackSkills
You might not think twice about browsing through TikTok or Instagram every day, but what if you could put your twitchy thumbs to greater use? You could use your phone addiction to add practical, impressive skills to your resume to land your dream IT or cybersecurity job this year, and all you need is StackSkills Unlimited.
- February 19, 2025
- 07:17 AM
- 0
Russian phishing campaigns exploit Signal's device-linking feature
Russian threat actors have been launching phishing campaigns that exploit the legitimate "Linked Devices" feature in the Signal messaging app to gain unauthorized access to accounts of interest.
- February 19, 2025
- 06:59 AM
- 0
New WinRAR version strips Windows metadata to increase privacy
WinRAR 7.10 was released yesterday with numerous features, such as larger memory pages, a dark mode, and the ability to fine-tune how Windows Mark-of-the-Web flags are propagated when extracting files.
- February 18, 2025
- 05:57 PM
- 0
Cracked Garry’s Mod, BeamNG.drive games infect gamers with miners
A large-scale malware campaign dubbed "StaryDobry" has been targeting gamers worldwide with trojanized versions of cracked games such as Garry's Mod, BeamNG.drive, and Dyson Sphere Program.
- February 18, 2025
- 04:25 PM
- 2
Venture capital giant Insight Partners hit by cyberattack
New York-based venture capital and private equity firm Insight Partners has disclosed that its systems were breached in January following a social engineering attack.
- February 18, 2025
- 03:33 PM
- 0
Microsoft reminds admins to prepare for WSUS driver sync deprecation
Microsoft once again reminded IT administrators that driver synchronization in Windows Server Update Services (WSUS) will be deprecated on April 18, just 60 days from now.
- February 18, 2025
- 02:20 PM
- 0
Add a unique language to your toolkit—learn American Sign Language
Learn ASL this year by grabbing the All-in-One American Sign Language Bundle, now on sale for just $14.97. Supplies are limited, so act while you can.
- February 18, 2025
- 02:02 PM
- 0
Chinese hackers abuse Microsoft APP-v tool to evade antivirus
The Chinese APT hacking group "Mustang Panda" has been spotted abusing the Microsoft Application Virtualization Injector utility as a LOLBIN to inject malicious payloads into legitimate processes to evade detection by antivirus software.
- February 18, 2025
- 01:00 PM
- 0
Comments
Post a Comment
Please leave a comment about our recent post.