IT News
US Cyber Trust Mark Launched
The Cyber Trust Mark label, which will appear on smart products sold in the United States later this year, will help American consumers determine whether the devices they want to buy are safe to install in their homes.
Urgent Windows Upgrade Warning
Cybersecurity firm ESET is urging Windows 10 users to upgrade to Windows 11 or Linux to avoid a "security fiasco" as the 10-year-old operating system nears the end of support in October 2025. "It's five minutes to twelve to avoid a security fiasco for 2025," explains ESET security expert Thorsten Urbanski.
Salt Typhoon Cyberattack Exposed
U.S. Senator Ron Wyden of Oregon announced a new bill to secure the networks of American telecommunications companies breached by Salt Typhoon Chinese state hackers earlier this year.
Powerschool Data Breach Alert
Education software giant PowerSchool has confirmed it suffered a cybersecurity incident that allowed a threat actor to steal the personal information of students and teachers from school districts using its PowerSchool SIS platform.
Packers Cybersecurity Breach
The Green Bay Packers American football team is notifying fans that a threat actor hacked its official online retail store in October and injected a card skimmer script to steal customers' personal and payment information.
US Treasury Cyber Breach Exposed
Chinese state-backed hackers, tracked as Silk Typhoon, have been linked to the U.S. Office of Foreign Assets Control (OFAC) hack in early December.
Massive Healthcare Breaches Prompt Rules Overhaul
The U.S. Department of Health and Human Services (HHS) has proposed updates to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) to secure patients' health data following a surge in massive healthcare data leaks.
Chrome Extensions Phishing Attack
New details have emerged about a phishing campaign targeting Chrome browser extension developers that led to the compromise of at least thirty-five extensions to inject data-stealing code, including those from cybersecurity firm Cyberhaven.
Apple Settles SIRI Privacy Lawsuit
Apple has agreed to pay $95 million to settle a class action lawsuit in the U.S. alleging that its Siri assistant recorded private conversations and shared them with third parties. The proposed lawsuit alleges that the audio data was disclosed without users' consent to a network of third-party marketers and advertisers.
BYTE Federal Data Breach Alert
Byte Federal, a leading Bitcoin ATM operator in the United States, recently experienced a significant data breach. This breach exposed the personal information of 58,000 customers.
Facebook, Instagram Whatsapp hit by massive worldwide outage
Facebook, Instagram, Threads, and WhatsApp suffered a massive worldwide Wednesday afternoon, with services impacted in varying degrees based on user's region.
Krispy Kreme Cyberattack
US doughnut chain Krispy Kreme suffered a cyberattack in November that impacted portions of its business operations, including placing online orders.
Microsoft 365 Service Outage Update
Impact is specific to some users, who are served through the affected infrastructure, attempting to access apps in Microsoft 365 for the web.
Salt Typhoon Cyber Attacks Exposed
Chinese state hackers, known as Salt Typhoon, have breached telecommunications companies in dozens of countries, President Biden's deputy national security adviser Anne Neuberger said today.
Stoli Group Bankruptcy explained
Stoli Group's U.S. companies have filed for bankruptcy following an August ransomware attack and Russian authorities seizing the company's remaining distilleries in the country.
AI Fraud Schemes Exposed
The FBI warns that scammers are increasingly using artificial intelligence to improve the quality and effectiveness of their online fraud schemes, ranging from romance and investment scams to job hiring schemes.
Spotify Exploited for Malware
Spotify playlists and podcasts are being abused to push pirated software, game cheat codes, spam links, and "warez" sites.
Beware Fake AI Generators
Fake AI image and video generators infect Windows and macOS with the Lumma Stealer and AMOS information-stealing malware, used to steal credentials and cryptocurrency wallets from infected devices.
Beware Fake Facebook Bitwarden Ads
ake Bitwarden password manager advertisements on Facebook are pushing a malicious Google Chrome extension that collects and steals sensitive user data from the browser. Bitwarden is a popular password manager app with a "free" tier featuring end-to-end encryption, cross-platform support, MFA integration, and a user-friendly interface.
T Mobile Breach Security Update
T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.
Critical WordPress Security Flaw
A critical authentication bypass vulnerability has been discovered impacting the WordPress plugin 'Really Simple Security' (formerly 'Really Simple SSL'), including both free and Pro versions.
Ford Data Breach Investigation
Ford is investigating allegations that it suffered a data breach after a threat actor claimed to leak 44,000 customer records on a hacking forum. The leak was announced on Sunday by threat actor 'EnergyWeaponUser,' also implicating the hacker 'IntelBroker,' who supposedly took part in the November 2024 breach.
Windows 11 Share Feature in Testing Phase
Windows 11 is making sharing easier than ever. Microsoft is introducing a "Share" button to both the Start menu and taskbar, encouraging more frequent content sharing. The Share button in Windows 11 is a built-in feature designed to streamline sharing.
Halliburton Ransomware Attack
Video created from article written by Bill Toulas featured in BleepingComputer Halliburton, a global energy industry leader, recently reported a $35 million loss due to a ransomware attack in August. This breach forced the company to shut down IT systems and disconnect customers.
AI Tools for Notepad and Paint
AI Tools for Notepad and Paint: Microsoft is testing AI-powered tools for Notepad and Paint on Windows 11. These features are available to Windows 11 Insiders in the Canary and Dev Channels, offering new capabilities to enhance text and image editing experiences. Paint now includes generative fill and erase tools, complementing the Cocreator feature.
Google Cloud MFA Mandate
Google Cloud MFA Mandate: Google has announced that by the end of 2025, multi-factor authentication, or MFA, will be mandatory for all Google Cloud accounts. This move aims to enhance security for businesses and developers. The rollout will occur in three phases to ensure a smooth transition. Google Cloud will provide advance notifications to help enterprises and users plan their MFA deployments effectively.
CUPS Vulnerability Exposed
CUPS Vulnerability Exposed: When you send a document to print, you might not consider the security implications. However, a significant flaw in the Common UNIX Printing System, or CUPS, has been discovered, posing a serious threat. Researchers have identified that this flaw can be exploited by hackers to amplify Distributed Denial of Service, or DDoS, attacks.
Mastering Social Media Insights
More consumers are using social media to voice their opinions on products and services they've tried. That means social media is an invaluable source of consumer data for businesses.
With the right social media monitoring tools, business owners can gain useful insights into their customers and make better connections.
Digital Wallets Convenience Vs Security
Customer convenience is crucial to businesses, especially since this makes or breaks sales. The more options buyers have, especially at checkout, the more likely they are to complete a transaction and return to do further business. That’s why many companies like yours have digital wallets. Still, with the recent rise in stolen credit cards used in digital wallets, many are also rethinking them.
Bypassing Chrome Encryption Tool
A researcher has released a tool to bypass Google's new App-Bound encryption cookie-theft defenses and extract saved credentials from the Chrome web browser.
The tool, named 'Chrome-App-Bound-Encryption-Decryption,' was released by cybersecurity researcher Alexander Hagenah after he noticed that others were already figuring out similar bypasses.
Although the tool achieves what multiple infostealer operations have already added to their malware, its public availability raises the risk for Chrome users who continue to store sensitive data in their browsers.
AI and Human Talent Synergy:
As AI continues to evolve, business owners like you feel they must choose between AI and new talent due to limited funds. Some people think AI takes over the jobs of recruits, making hiring, training, and paying workers unnecessary. Others are wary of the new technology and would prefer a human-centric approach. The reality is that the two can coexist.
AI and Human Talent Synergy:
As AI continues to evolve, business owners like you feel they must choose between AI and new talent due to limited funds. Some people think AI takes over the jobs of recruits, making hiring, training, and paying workers unnecessary. Others are wary of the new technology and would prefer a human-centric approach. The reality is that the two can coexist.
Chinese Hackers Breach Telecom:
The FBI and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) have disclosed that Chinese hackers breached commercial telecommunication service providers in the United States.
The breached entities have been warned, and the agencies are proactively alerting other potential targets of the elevated cyber activity.
Benefits of Cloud Storage:
It’s no secret that managing business data can be tricky. Sure, you can store information on separate hard drives. But is that the best strategy for your business? Let’s take a closer look at how cloud storage can benefit your operations.
Cloud Storage: The Basics
So, what exactly is cloud storage? Basically, it’s a service that allows you to share documents, spreadsheets, photos, and more in storage systems that you and your employees can access anywhere.
Easterseals Cyber Attack:
Easterseals, a historic charitable healthcare organization, recently faced a significant cyber attack. The breach, reported to the Maine Attorney General's office, occurred in April and affected the records of 14,855 individuals. On April 1, 2024, Easterseals experienced a network disruption, forcing the organization to disconnect all access to its network.
Massive Data Breach Exposed:
In September 2024, National Public Data confirmed a massive data breach, compromising personal records of millions. This consumer data broker, known for providing criminal records and background checks, was hacked.
Curated Chrome Extensions Store:
Google has announced it will soon allow organizations to create their own curated "Enterprise Web Store" of company-sanctioned browser extensions for Chrome and ChromeOS, aimed at improving productivity, security, and management for businesses.
The new store, planned to enter preview later this year, aims to provide businesses with a dedicated, curated environment for browser extensions commonly used in their organization
Landmark Admin Data Breach Alert:
Insurance administrative services company Landmark Admin warns that a data breach impacts over 800,000 people from a May cyberattack.
Landmark Admin is a third-party administrator for insurance companies, offering back-office services like new business processing and claims administration for large insurance carriers.
Henry Schein Data Breach Update:
Henry Schein has finally disclosed a data breach following at least two back-to-back cyberattacks in 2023 by the BlackCat Ransomware gang, revealing that over 160,000 people had their personal information stolen.
Henry Schein is a healthcare solutions provider and a Fortune 500 company with operations and affiliates in 32 countries and revenue of over $12 billion in 2022.
Apple Virtual Research Environment:
Apple created a Virtual Research Environment to allow public access to testing the security of its Private Cloud Compute system, and released the source code for some “key components” to help researchers analyze the privacy and safety features on the architecture.
The company also seeks to improve the system's security and has expanded its security bounty program to include rewards of up to $1 million for vulnerabilities that could compromise "the fundamental security and privacy guarantees of PCC.”
Over 6,000 Word Press Sites Hacked:
WordPress sites are being hacked to install malicious plugins that display fake software updates and errors to push information-stealing malware.
Over the past couple of years, information-stealing malware has become a scourge to security defenders worldwide as stolen credentials are used to breach networks and steal data.
Globe Life Data Breach Crisis:
Insurance giant Globe Life says an unknown threat actor attempted to extort money in exchange for not publishing data stolen from the company's systems earlier this year.
Founded in 1900, Globe Life is among the largest providers of life and health insurance plans in the United States, with a market capitalization of $12 billion and a total revenue that exceeds $5.3 billion.
Fidelity Data Breach Exposed:
Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August.
As one of the largest asset managers in the world, with $14.1 trillion in assets under administration and $5.5 trillion under management, Fidelity employs over 75,000 associates across 11 countries in North America, Europe, Asia, and Australia.
Marriott’s 52 M Data Breach Settlement:
Marriott International is a hospitality company that manages and franchises a vast portfolio of hotels and lodging facilities, operating more than 7,000 properties across 130 countries.
Starwood was an American hotel and leisure company until its acquisition by Marriott in 2016, making the latter responsible for data security and related hotel operations.
Data Breach Exposes Medicare and Medicaid Beneficiaries:
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year.
The hackers stole the data after breaching the Wisconsin Physicians Service (WPS) health insurance corporation, which provided Medicare administrative services.
US Broadband Hack Exposed:
Multiple U.S. broadband providers, including Verizon, AT&T, and Lumen Technologies, have been breached by a Chinese hacking group tracked as Salt Typhoon, the Wall Street Journal reports. The purpose of the attack appears to be for intelligence collection as the hackers might have had access to systems used by the U.S. federal government for court-authorized network wiretapping requests.
Comcast and Truist Data Breach:
Comcast Cable Communications and Truist Bank have disclosed they were impacted by a data breach at FBCS, and are now informing their respective customers that their data has been compromised. The case concerns a data breach at Financial Business and Consumer Solutions (FBCS), a debt collection agency in the U.S. that partners with various companies to collect unpaid debts on their behalf.
MoneyGram Cyberattack Explained:
MoneyGram is an American payment and money transfer platform that allows people to send and receive money through an extensive network of 350,000 physical locations in 200 countries or via its mobile app and website. MoneyGram confirmed they had suffered a cyberattack and took systems offline to contain the breach on September 20, three days after customers started reporting experiencing issues.
Google Pay Email Confusion:
Video composed from an article written by Ax Sharma found in Bleeping Computer Users were left alarmed this week on receiving unexpected emails from Google Pay stating that they had successfully "added a new card" to their Google account. The notification left users panicking and voicing their concerns on social media amid concerns they had been victims of a compromise. For many, the payment card being referred to had been issued years ago and presently expired, which added to the confusion. Google Pay 'new card' added emails saw users panicking.
Marriott's 52M Data Breach Settlement:
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. The settlement requires Marriott and Starwood to implement a comprehensive security program and allow their U.S. customers to request personal data deletions.
Fidelity Data Breach:
Video created from article written by Sergiu Gatlan in BleepingComputer Fidelity Investments, a Boston-based multinational financial services company, disclosed that the personal information of over 77,000 customers was exposed after its systems were breached in August. As one of the largest asset managers in the world, with $14.1 trillion in assets under administration and $5.5 trillion under management, Fidelity employs over 75,000 associates across 11 countries in North America, Europe, Asia, and Australia.
Cisco Data Breach Investigation:
Cisco has confirmed to BleepingComputer that it is investigating recent claims that it suffered a breach after a threat actor began selling allegedly stolen data on a hacking forum. "Cisco is aware of reports that an actor is alleging to have gained access to certain Cisco-related files," a Cisco spokesperson told BleepingComputer. "We have launched an investigation to assess this claim, and our investigation is ongoing."
200 Malicious Apps on Google:
According to the report, mobile malware targeted mostly the education sector, where the amount of blocked transactions increased by 136.8%. The services sector recorded a 40.9% increase, and chemicals and mining a 24% increase. All other sectors showed a general decline.
Pokemon Game Freak Cyberattack:
Japanese video game developer Game Freak has confirmed it suffered a cyberattack in August after source code and game designs for unpublished games were leaked online. Game Freak is best known for being the co-owner and the primary developing studio of the Pokémon series video game, which started in 1996 with the Pokémon Red and Blue for Nintendo Game Boy.
News Break: Data Breach Exposes Personal Information of Medicare and Medicaid Beneficiaries
The Centers for Medicare & Medicaid Services (CMS) federal agency announced earlier this month that health and personal information of more than three million health plan beneficiaries was exposed in the MOVEit attacks Cl0p ransomware conducted last year. The hackers stole the data after breaching the Wisconsin Physicians Service (WPS) health insurance corporation, which provided Medicare administrative services.
News Break: MoneyGram Cyberattack Confirmed
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. While many suspected the company was hit by a cyberattack, it wasn't until Monday morning that MoneyGram confirmed that a cybersecurity incident caused the systems outage.
News Break: Temu Denies Data Breach Claims
Responding to BleepingComputer's request for comment, Temu categorically denied the published data is theirs and said it would press charges against those spreading this misinformation. "Temu's security team has conducted a comprehensive investigation into the alleged data breach and can confirm that the claims are categorically false; the data being circulated is not from our systems. Not a single line of data matches our transaction records," Temu told BleepingComputer.
News Break: DICK's Sporting Goods Cyberattack
On August 21, 2024, the Company discovered unauthorized third-party access to its information systems, including portions of its systems containing certain confidential information," the retailer giant said. "Immediately upon detecting the incident, the Company activated its cybersecurity response plan and engaged with its external cybersecurity experts to investigate, isolate, and contain the threat.
IT NEWS: Remote Work Security Risks
Money transfer giant MoneyGram has confirmed it suffered a cyberattack after dealing with system outages and customer complaints about lack of service since Friday. While many suspected the company was hit by a cyberattack, it wasn't until Monday morning that MoneyGram confirmed that a cybersecurity incident caused the systems outage.
News Break: Seattle Airport Cyberattack Disruption
Seattle-Tacoma Airport IT systems down due to a cyberattack Video created from article in Bleeping Computer written by By Bill Toulas The Seattle-Tacoma International Airport has confirmed that a cyberattack is likely behind the ongoing IT systems outage that disrupted reservation check-in systems and delayed flights over the weekend.
IT News: HealthEquity Data Breach Impacts 4.3 Million people
HSA provider HealthEquity has determined that a cybersecurity incident disclosed earlier this month has compromised the information of 4,300,000 people. HealthEquity, one of the largest HSA custodians in the U.S., specializes in providing health savings accounts (HSAs), flexible spending accounts (FSAs), health reimbursement arrangements (HRAs), and 401(k) retirement plans.
News Break: Global Windows Outage Crisis
A faulty component in the latest CrowdStrike Falcon update is crashing Windows systems, impacting various organizations and services across the world, including airports, TV stations, and hospitals. The glitch is affecting Windows workstations and servers, with users reporting massive outages that took offline entire companies and fleets of hundreds of thousands of computers.
News Break: Data Breach Alert Rite Aid Cyberattack
Pharmacy giant Rite Aid confirmed a data breach after suffering a cyberattack in June, which was claimed by the RansomHub ransomware operation. Rite Aid is the third-largest drugstore chain in the United States, employing over 6,000 pharmacists (out of a total workforce of over 45,000) in more than 1,700 retail pharmacy stores across 16 states.
IT NEWS: Hackers Can Steal Face Scans
Biometric authentication factors like facial recognition scans are no longer iron-clad cybersecurity measures. Emerging technology allows hackers to steal face scans and infiltrate a user’s unauthorized accounts. Learn how these social engineering attacks take place and what you can do to protect personal data.
IT NEWS: The Benefits of Customer Testimonials
Take off your business owner hat for a second and think back to when you were on the fence about a company as a customer. How did you approach the uncertainty in your buying journey? If you’re like most customers, you scrolled to scour the review section for a genuine opinion from a person with prior experience.
IT News: The roles of IoT in Enhancing Small Business Operations
Are you looking to streamline your business to reduce expenses and improve sales and revenue? You'll benefit from a greater understanding of the role of IoT in small business operations. When you utilize the Internet of Things, you'll see unprecedented benefits for your small business.
IT News: Understanding How CRM Software Can Improve Businesses
A customer relationship management system primarily helps businesses manage, track, and organize customer relationships. CRM systems feature numerous tools that sales and marketing professionals can use to understand customers better.
IT News: Improving Employee Productivity
If your employees say things like this or seem to struggle to meet their goals or complete daily tasks, your business has a productivity problem. Being productive doesn't mean being busy (you can be busy without completing any meaningful work) but rather refers to the ability to produce high-quality work efficiently.
News Break: United Healthcare Cybersecurity Crisis The 1.6 Billion Wakeup
This incident, which severely impacted the US health care system, a network with a large budget for cybersecurity, underscores an urgent message for all business leaders: a robust cybersecurity system and recovery plan are not optional but a fundamental necessity for every business out there.
IT News: Beware of Remote Desktop Protocol Attacks
In 2023, hackers used remote desktop protocol to orchestrate 9 out of 10 cyberattacks. How does this affect you as a business owner? If your digital infrastructure has any vulnerabilities, it could offer an untapped portal for remote desktop protocol attacks, especially if you have remote-working employees on your team.
