Hewlett Packard Enterprise (HPE) is notifying employees whose data was stolen from the company’s Office 365 email environment by Russian state-sponsored hackers in a May 2023 cyberattack. According to filings with Attorney General offices in New Hampshire and Massachusets, HPE started sending the breach notification letters last month to at least 16 people who had their driver’s licenses, […]
Software vendor Trimble is warning that hackers are exploiting a Cityworks deserialization vulnerability to remotely execute commands on IIS servers and deploy Cobalt Strike beacons for initial network access. Trimble Cityworks is a Geographic Information System (GIS)-centric asset management and work order management software designed primarily for local governments, utilities, and public works organizations. The […]
Hospital Sisters Health System notified over 882,000 patients that an August 2023 cyberattack led to a data breach that exposed their personal and health information. Established in 1875, HSHS works with over 2,200 physicians and has around 12,000 employees. It also operates a network of physician practices and 15 local hospitals across Illinois and Wisconsin, […]
An attempt to block a phishing URL in Cloudflare’s R2 object storage platform backfired yesterday, triggering a widespread outage that brought down multiple services for nearly an hour. Cloudflare R2 is an object storage service similar to Amazon S3, designed for scalable, durable, and low-cost data storage. It offers cost-free data retrievals, S3 compatibility, data […]
Microsoft has shared a workaround for users affected by a known issue that blocks Windows security updates from deploying on some Windows 11 24H2 systems. As the company explained when it acknowledged the bug in December, it only occurs when installing Windows 11 from CDs and USB flash drives that also install the October 2024 or […]
Windows 11’s January 28 optional update has fixed a long-standing issue in Windows 11 24H2 that prevents non-admin users from changing their time zone in Date & Time Settings. Windows 11 24H2 has a bug that prevents regular users from accessing the Date & Time page of the Settings. The issue was first confirmed by Microsoft in […]
Microsoft Edge 133 is now rolling out globally, and it ships with several improvements, including a new scareware blocker feature. In addition, Microsoft is updating the backend of the Downloads UI with performance improvements. For those unaware, “scareware scams” are also known as tech support scams and they trick victims with alarming web pages claiming their […]
Microsoft warns that attackers are deploying malware in ViewState code injection attacks using static ASP. NET machine keys found online. As Microsoft Threat Intelligence experts recently discovered, some developers use ASP.NET validationKey and decryptionKey keys (designed to protect ViewState from tampering and information disclosure) found on code documentation and repository platforms in their own software. […]
The North Korean hacking group known as Kimsuky was observed in recent attacks using a custom-built RDP Wrapper and proxy tools to directly access infected machines. This is a sign of shifting tactics for Kimsuky, according to AhnLab SEcurity Intelligence Center (ASEC), who discovered the campaign. ASEC says the North Korean hackers now use a […]
CISA warned U.S. federal agencies on Thursday to secure their systems against ongoing attacks targeting a critical Microsoft Outlook remote code execution (RCE) vulnerability. Discovered by Check Point vulnerability researcher Haifei Li and tracked as CVE-2024-21413, the flaw is caused by improper input validation when opening emails with malicious links using vulnerable Outlook versions. The attackers […]
