Security Archives

Microsoft, Security

Microsoft January 2025 Patch Tuesday fixes 8 zero-days, 159 flaws

Posted on January 14, 2025 by Onsite Computing, Inc.

Today is Microsoft’s January 2025 Patch Tuesday, which includes security updates for 159 flaws, including eight zero-day vulnerabilities, with three actively exploited in attacks. […] Go to Source Author: Lawrence Abrams

Continue reading →

Google, Security

Google OAuth flaw lets attackers gain access to abandoned accounts

Posted on January 14, 2025 by Onsite Computing, Inc.

A weakness in Google’s OAuth “Sign in with Google” feature could enable attackers that register domains of defunct startups to access sensitive data of former employee accounts linked to various software-as-a-service (SaaS) platforms. […] Go to Source Author: Bill Toulas

Continue reading →

Security

FBI wipes Chinese PlugX malware from over 4,000 US computers

Posted on January 14, 2025 by Onsite Computing, Inc.

The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. […] Go to Source Author: Sergiu Gatlan

Continue reading →

Security

Hackers use FastHTTP in new high-speed Microsoft 365 password attacks

Posted on January 14, 2025 by Onsite Computing, Inc.

Threat actors are utilizing the FastHTTP Go library to launch high-speed brute-force password attacks targeting Microsoft 365 accounts globally. […] Go to Source Author: Bill Toulas

Continue reading →

Security

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

Posted on January 14, 2025 by Onsite Computing, Inc.

Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. […] Go to Source Author: Sergiu Gatlan

Continue reading →

Healthcare, Security

OneBlood confirms personal data stolen in July ransomware attack

Posted on January 13, 2025 by Onsite Computing, Inc.

Blood-donation not-for-profit OneBlood confirms that donors’ personal information was stolen in a ransomware attack last summer. […] Go to Source Author: Bill Toulas

Continue reading →

Security

CISA orders agencies to patch BeyondTrust bug exploited in attacks

Posted on January 13, 2025 by Onsite Computing, Inc.

CISA tagged a vulnerability in BeyondTrust’s Privileged Remote Access (PRA) and Remote Support (RS) as actively exploited in attacks, ordering agencies to secure their systems within three weeks. […] Go to Source Author: Sergiu Gatlan

Continue reading →

Gaming, Security

Stolen Path of Exile 2 admin account used to hack player accounts

Posted on January 13, 2025 by Onsite Computing, Inc.

Path of Exile 2 developers confirmed that a hacked admin account allowed a threat actor to change the password and access at least 66 accounts, finally explaining how PoE 2 accounts have been breached since November. […] Go to Source Author: Bill Toulas

Continue reading →

Apple, Microsoft, Security

Microsoft: macOS bug lets hackers install malicious kernel drivers

Posted on January 13, 2025 by Onsite Computing, Inc.

Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. […] Go to Source Author: Sergiu Gatlan

Continue reading →

Cloud, Security

Hackers exploit critical Aviatrix Controller RCE flaw in attacks

Posted on January 13, 2025 by Onsite Computing, Inc.

Threat actors are exploiting a critical remote command execution vulnerability, tracked as CVE-2024-50603, in Aviatrix Controller instances to install backdoors and crypto miners. […] Go to Source Author: Bill Toulas

Continue reading →