TikTok shut down in the U.S. late Saturday night following the Supreme Court's decision to uphold the law that banned the company over national security concerns. [more]
A malicious package named 'pycord-self' on the Python package index (PyPI) targets Discord developers to steal authentication tokens and plant a backdoor for remote control over the system. [more]
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. [more]
Microsoft is warning that the January 2025 Windows 11 and Windows 10 cumulative updates may fail if Citrix Session Recording Agent (SRA) version 2411 is installed on the device. [more]
Cybercriminals are exploiting a trick to turn off Apple iMessage's built-in phishing protection for a text and trick users into re-enabling disabled phishing links. [more]
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka "LDAPNightmare") on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. [more]
Scammers stole $494 million worth of cryptocurrency in wallet drainer attacks last year that targeted more than 300,000 wallet addresses. [more]
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. [more]
Tenable says customers must manually upgrade their software to revive Nessus vulnerability scanner agents taken offline on December 31st due to buggy differential plugin updates. [more]
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven. [more]
At least five Chrome extensions have been compromised in a coordinated attack, enabling a threat actor to steal sensitive user information. [more]
As we step into 2025, NewsTargeted expresses gratitude to its readers and shares hopes for a brighter future. This New Year message reflects on past milestones and looks forward to growth, discovery, and connection in the coming year. [more]
The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk. [more]
A malicious Android spyware application named 'BMI CalculationVsn' was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. [more]
Juniper Networks has warned customers of Mirai malware attacks targeting and infecting Session Smart routers using default credentials. [more]
Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests. [more]
Microsoft is now blocking Windows 11 24H2 upgrades on systems with Auto HDR enabled due to a compatibility issue that causes game freezes. [more]
An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters. [more]
Merry Christmas from all of us here at News Targeted [more]
The Russian hacking group tracked as APT29 (aka "Midnight Blizzard") is using a network of 193 remote desktop protocol proxy servers to perform man-in-the-middle (MiTM) attacks to steal data and credentials and to install malicious payloads. [more]
Malicious Visual Studio Code extensions were discovered on the VSCode marketplace, and they download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks. [more]
Interpol calls on the cybersecurity community, law enforcement, and the media to stop using the term "Pig Butchering" when referring to online relationship and investment scams, as it unnecessarily shames the victims impacted by these fraud campaigns. [more]
CISA has warned U.S. federal agencies to secure their systems against ongoing attacks targeting a high-severity Windows kernel vulnerability. [more]
Citrix Netscaler is the latest target in widespread password spray attacks targeting edge networking devices and cloud platforms this year to breach corporate networks. [more]
Cleo has released security updates for a zero-day flaw in its LexiCom, VLTransfer, and Harmony software, which is currently exploited in data theft attacks. [more]
Anna Jaques Hospital has confirmed on its website that a ransomware attack it suffered almost precisely a year ago, on December 25, 2023, has exposed sensitive health data for over 310,000 patients. [more]
Japan's CERT is warning that hackers are exploiting zero-day vulnerabilities in I-O Data router devices to modify device settings, execute commands, or even turn off the firewall. [more]
​Microsoft has re-released the November 2024 security updates for Exchange Server after pulling them earlier this month due to email delivery issues on servers using custom mail flow rules. [more]
America's cyber defense agency has received evidence of hackers actively exploiting a remote code execution vulnerability in SSL VPN products Array Networks AG and vxAG ArrayOS. [more]
A new malicious campaign is using a legitimate but old and vulnerable Avast Anti-Rootkit driver to evade detection and take control of the target system by disabling security components. [more]
The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has added three new flaws in its Known Exploited Vulnerabilities (KEV) catalog, including a critical OS command injection impacting Progress Kemp LoadMaster. [more]
Fake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. [more]
OpenAI's ChatGPT platform provides a great degree of access to the LLM's sandbox, allowing you to upload programs and files, execute commands, and browse the sandbox's file structure. [more]
Microsoft has pulled the November 2024 Exchange security updates released during this month's Patch Tuesday because of email delivery issues on servers using custom mail flow rules. [more]
Voyager 1 reconnected with Earth using a backup transmitter inactive for over 40 years. [more]
Article updated to add information from CyberPanel developer and with information on free decryptor. [more]
Nothing, the London-based company founded by Carl Pei, has unveiled its latest smartphone: the Nothing Phone (2a) Plus Community Edition. This new release is the outcome of a six-month competition that concluded with four winners and the creation of this new product. [more]
qBittorrent has addressed a remote code execution flaw caused by the failure to validate SSL/TLS certificates in the application's DownloadManager, a component that manages downloads throughout the app. [more]
CyberPanel has announced the urgent need for users to upgrade their software due to ongoing issues that have affected file access for many users. The CyberPanel team is assisting those impacted at no cost, providing solutions such as a decryption script and a manual patch guide for... [more]
The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States. [more]
The North Korean Lazarus hacking group exploited a Google Chrome zero-day tracked as CVE-2024-4947 through a fake decentralized finance (DeFi) game targeting individuals in the cryptocurrency space. [more]
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware. [more]
CISA has added three flaws to its 'Known Exploited Vulnerabilities' (KEV) catalog, among which is a critical hardcoded credentials flaw in SolarWinds Web Help Desk (WHD) that the vendor fixed in late August 2024. [more]
Microsoft is warning enterprise customers that, for almost a month, a bug caused critical logs to be partially lost, putting at risk companies that rely on this data to detect unauthorized activity. [more]
A recently disclosed vulnerability in the Common Unix Printing System (CUPS) open-source printing system can be exploited by threat actors to launch distributed denial-of-service (DDoS) attacks with a 600x amplification factor. [more]
Nuclear waste processing facility Sellafield has been fined £332,500 ($440k) by the Office for Nuclear Regulation (ONR) for failing to adhere to cybersecurity standards and putting sensitive nuclear information at risk over four years, from 2019 to 2023. [more]
HPE Aruba Networking has fixed three critical vulnerabilities in the Command Line Interface (CLI) service of its Aruba Access Points, which could let unauthenticated attackers gain remote code execution on vulnerable devices. [more]
Under certain conditions, attackers can chain a set of vulnerabilities in multiple components of the CUPS open-source printing system to execute arbitrary code remotely on vulnerable machines. [more]
CISA has tagged another critical Ivanti security vulnerability, which can let threat actors create rogue admin users on vulnerable Virtual Traffic Manager (vTM) appliances, as actively exploited in attacks. [more]
A recently fixed "Windows MSHTML spoofing vulnerability" tracked under CVE-2024-43461 is now marked as previously exploited after it was used in attacks by the Void Banshee APT hacking group. [more]
Yet, another critical severity vulnerability has been discovered in LiteSpeed Cache, a caching plugin for speeding up user browsing in over 6 million WordPress sites. [more]
D-Link is warning that four remote code execution (RCE) flaws impacting all hardware and firmware versions of its DIR-846W router will not be fixed as the products are no longer supported. [more]
Hackers have already started to exploit the critical severity vulnerability that affects LiteSpeed Cache, a WordPress plugin used for accelerating response times, a day after technical details become public. [more]
​Today, Ivanti urged customers to patch a critical authentication bypass vulnerability impacting Virtual Traffic Manager (vTM) appliances that can let attackers create rogue administrator accounts. [more]
Earlier this year Reddit announced it was making changes to its API that prohibited any scraping of its data without payment. [more]
Stripe, a technical platform that accounts for a large share of online payments, has activated support for trading digital currency for Europeans with debit and credit cards. [more]
Google's parent company Alphabet is reportedly in talks for an acquisition that, if it goes through, will be the company's biggest purchase ever. The Wall Street Journal, citing unnamed sources, claims that Google is in negotiations to purchase the cybersecurity company Wiz for $23... [more]
Microsoft has recently confirmed the existence of CVE-2024-30078, which is a new Wi-Fi takeover attack that could allow malicious users to inject malware onto a Windows PC or laptop remotely. This vulnerability wasn't originally publicly disclosed and is now patched with an up-to-date... [more]
Playstation had its showcase in May, Xbox early this month. [more]
Researchers found half a dozen vulnerabilities of varying severity impacting Netgear WNR614 N300, a budget-friendly router that proved popular among home users and small businesses. [more]
Late last week, Microsoft announced that after a series of high-profile data breaches that involved its services, it had decided it would now be "making security our top priority at Microsoft, above all else." Today, as part of the annual RSA Conference in San Fransisco, the company... [more]
"Unfollow Everything" is a correct description of the app/script Louis Barclay created for Facebook users. [more]
NSA whistleblower Edward Snowden still lives in Russia. The whistleblower received Russian citizenship in 2022. [more]
Microsoft has introduced its Copilot button on keyboards, now Logitech is following up with a dedicated button on the mouse "Signature AI Edition Mouse" (an M750) which is only sold in the US and the UK - it's not the one that's exciting anyway. [more]
When Microsoft revealed in January that foreign government hackers had once again breached its systems, the news prompted another round of recriminations about the security posture of the world’s largest tech company. [more]
BRASILIA, April 7 (Reuters) - Elon Musk is challenging a decision by a Supreme Court justice in Brazil who ordered his social media platform X, formerly known as Twitter, to block certain accounts, and he called on Sunday for the judge's resignation. [more]
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. [more]
Noone has claimed responsibility yet for the Red Sea subsea cable severances last week. [more]
Apple has told its European customers that new EU competition laws will make iPhones less safe. [more]
Apple is reversing its previous decision to remove web app functionality for EU users starting with iOS 17.4, which launches next week. [more]
Hacker group Lockbit infiltrated giga companies such as Boeing, ICBC, and Taiwan Semiconductor Manufacturing Company. Now it's finally over. [more]
Information is constantly leaking about Nintendo's upcoming console, a majorly upgraded Switch. [more]
Exploit code is now available for a critical authentication bypass vulnerability in Fortra's GoAnywhere MFT (Managed File Transfer) software that allows attackers to create new admin users on unpatched instances via the administration portal. [more]
The long-planned digital storefront will serve as a repository for custom-built GPTs, according to an email from the company sent to some GPT users. [more]
In August we reported that Google risked a fine of NOK 51 billion in connection with Chrome's incognito mode. [more]
Windows Central has had several big scoops this year, including a good deal of information about Windows 12 launching in August. [more]
GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication (2FA) on their accounts. [more]
The EU has formally started its case against Elon Musk's online community X under the Digital Services Act after they first issued a warning in October this year. [more]
A Windows release planned for next year may be the catalyst for a new wave of desktop chips with AI processing capabilities. [more]
Shortly after a leaker revealed to a US senator in Oregon that "democratic authorities associated with the United States" are spying on Apple and Android notifications, Apple has updated its "Legal Process Guideline" document. [more]
The maintainers of the open-source file-sharing software ownCloud have warned of three critical security flaws that could be exploited to disclose sensitive information and modify files. [more]
If anything, dating is now harder to do on Twitter. [more]
The "Federal Trade Commission" has given Apple and the other majors permission to use 6GHz bandwidth for near-field communication. Microsoft, Google, Apple and Meta asked for permission to use the web in this way already in 2019. [more]
Attackers can utilize a bug to execute code on your PC when you open zipped files. [more]
High switching fees, technical restrictions on interoperability, and committed spend discounts offered by cloud providers are outlined as concerns by communications regulator Ofcom. [more]
Although Cloudflare provides resilient DDoS protection, a researcher devised a strategy to bypass the security measures using Cloudflare itself. The process involves exploiting logic flaws in the firewall that allow an adversary to perform DDoS attacks on the target device. [more]
Jamf believes generative AI tools can be a big benefit to tech support and IT admin and the company this week revealed its first work in that direction. [more]
Apple's satellite partner Globalstar has secured an agreement with Elon Musk's company SpaceX. [more]
The problems are not ending for Western Digital's SanDisk brand. [more]
Apple has released iOS 16.6 today for everyone and while the update doesn’t come with new user-facing features, it has over a dozen important security fixes. And notably, two of the fixes are for actively exploited flaws. [more]
Google was hit with a wide-ranging lawsuit on Tuesday alleging the tech giant scraped data from millions of users without their consent and violated copyright laws in order to train and develop its artificial intelligence products. [more]
Twitter announces lawsuit against Threads, the new Twitter competitor baked into the Instagram system. [more]
Thousands of Twitter users across several countries were unable to access the social media site or faced difficulties and delays, Saturday. [more]
Blizzard US Twitter support reveals they are being DDoSed. [more]
A wide range of Asus routers should be security updated as soon as possible. [more]
The Reddit forum for Nintendo piracy and emulation discussions became too much. [more]
Have you noticed the commotion around Reddit? [more]
The security company Eclypsium has revealed that Gigabyte motherboards have a backdoor that few users know about. [more]
Western Digital says it will fix bugs with Sandisk Extreme and Extreme Pro external SSDs. This after four months of problems. [more]
Twitter's lawyers have sent Microsoft CEO Satya Nadella a letter warning against the way the company used the APIs of Elon Musk's new company that just made its first trade. [more]
ChatGPT is again legal in Italy after two changes: an explanation on the website about what personal data is stored and the possibility to disable training of the AI ​​while chatting with it. [more]
"The big improvement everyone with passwords has been waiting for," Now we are not so sure anymore whether it pays to activate cloud storage in "Google Authenticator." [more]
Because Microsoft supposedly feeds its Bing AI (Open AI's GPT technology) with data from Twitter, Elon Musk is now considering suing. [more]
The French consumer electronics company Withings is relevant with a smart scale that does more than just measure kg. [more]
FPS mode for the hugely popular third-person game Fortnite? Yes, it will happen, and perhaps already this week. [more]
The Trusted Platform Module (TPM) 2.0 specification is affected by two buffer overflow vulnerabilities that could allow attackers to access or overwrite sensitive data, such as cryptographic keys. [more]
No satellite functions were launched with the Galaxy S23 as rumored before the launch, but the Galaxy S23 Ultra is a very good mobile. [more]
Do you remember the case from December last year, "Cameras sold in Norway are a security disaster"? [more]
"Server error" allowed Eufy owners to see into each other's homes," [more]
When asked what Elon Musk will do if Apple and Google throw Twitter out of their app stores, the answer is interesting to say the least. [more]
With the iPhone 15 series, Apple will once again go back on a design choice. [more]
You probably remember several of the stories throughout where attempts have been made to make fun of Apple, the iPhone, or other parts of Apple's ecosystem in favor of Android. [more]
It's a good thing that Twitter notifies which device is used to send tweets. [more]
No matter who owns Twitter, there will be big cuts. The Washington Post reports. [more]