BleepingComputer

2022-05-05 12:38:47 Latest news and stories from BleepingComputer.com
Heroku admits to customer database hack after OAuth token theft

Heroku has now revealed that the stolen GitHub integration OAuth tokens from last month further led to the compromise of an internal customer database. The Salesforce-owned cloud platform acknowledged the same compromised token was used by attackers to exfiltrate customers' hashed and salted passwords from "a database." [...] Open / Comment

2022-05-05 04:41:58 Latest news and stories from BleepingComputer.com
F5 warns of critical BIG-IP RCE bug allowing device takeover

F5 has issued a security advisory warning about a flaw that may allow unauthenticated attackers with network access to execute arbitrary system commands, perform file actions, and disable services on BIG-IP. [...] Open / Comment

2022-05-05 00:42:42 Latest news and stories from BleepingComputer.com
Cisco fixes NFVIS bugs that help gain root and hijack hosts

Cisco has addressed several security flaws found in the Enterprise NFV Infrastructure Software (NFVIS), a solution that helps virtualize network services for easier management of virtual network functions (VNFs). [...] Open / Comment

2022-05-05 00:42:19 Latest news and stories from BleepingComputer.com
Pixiv, DeviantArt artists hit by NFT job offers pushing malware

Users on Pixiv, DeviantArt, and other creator-oriented online platforms report receiving multiple messages from people claiming to be from the "Cyberpunk Ape Executives" NFT project, with the main goal to infect artists' devices with information-stealing malware. [...] Open / Comment

2022-05-05 00:42:01 Latest news and stories from BleepingComputer.com
Attackers hijack UK NHS email accounts to steal Microsoft logins

For about half a year, work email accounts belonging to over 100 employees of the National Health System (NHS) in the U.K. were used in several phishing campaigns, some aiming to steal Microsoft logins. [...] Open / Comment

2022-05-05 00:41:53 Latest news and stories from BleepingComputer.com
Heroku forces user password resets but fails to explain why

Salesforce-owned Heroku is performing a forced password reset on a subset of user accounts in response to last month's security incident while providing no information as to why they are doing so other than vaguely mentioning it is to further secure accounts. [...] Open / Comment

2022-05-04 20:40:59 Latest news and stories from BleepingComputer.com
FBI says business email compromise is a $43 billion scam

The Federal Bureau of Investigation (FBI) said today that the amount of money lost to business email compromise (BEC) scams continues to grow each year, with a 65% increase in the identified global exposed losses between July 2019 and December 2021. [...] Open / Comment

2022-05-04 20:40:32 Latest news and stories from BleepingComputer.com
Hackers stole data undetected from US, European orgs since 2019

Cybersecurity analysts have exposed a lengthy operation attributed to the group of Chinese hackers known as "Winnti" and tracked as APT41, which focused on stealing intellectual property assets like patents, copyrights, trademarks, and other types of valuable data. [...] Open / Comment

2022-05-04 20:40:21 Latest news and stories from BleepingComputer.com
GitHub to require 2FA from active developers by the end of 2023

GitHub announced today that all users who contribute code on its platform (an estimated 83 million developers in total) will be required to enable two-factor authentication (2FA) on their accounts by the end of 2023. [...] Open / Comment

2022-05-04 20:39:51 Latest news and stories from BleepingComputer.com
Microsoft: Windows 11 KB5012643 update will break some apps

Microsoft has warned Windows 11 users that they might experience issues launching and using some .NET Framework 3.5 applications. [...] Open / Comment