Slack is resetting passwords for approximately 0.5% of its users after a bug exposed salted password hashes when users created or revoked a shared invitation link for their workspace Slack announced that it is resetting passwords for about 0.5% of its users after a bug exposed salted password hashes when creating or revoking shared invitation links for wo

A new ransomware family called 'GwisinLocker' targets South Korean healthcare, industrial, and pharmaceutical companies with Windows and Linux encryptors, including support for encrypting VMware ESXi servers and virtual machines.The new malware is the product of a lesser-known threat actor dubbed Gwisin, which means "ghost" in Korean. The actor is of unknown

Microsoft is rolling out a new update to the Microsoft Edge Stable Channel over the coming days to improve the web browser's security defaults when visiting less popular websites.Starting with version 104.0.1293.47, Edge will toggle on the "Basic" level of security when the "Enhance your security on the web" optional browsing mode is enabled in settings.When

A class action lawsuit has been filed against big-three consumer credit bureau Experian over reports that the company did little to prevent identity thieves from hijacking consumer accounts. The legal filing cites liberally from an investigation KrebsOnSecurity published in July, which found that identity thieves were able to assume control over existing Exp

United Kingdom's National Health Service (NHS) 111 emergency services are affected by a significant and ongoing outage triggered by a cyberattack that hit the systems of British managed service provider (MSP) Advanced.Advanced's Adastra client patient management solution, which is used by 85% of NHS 111 services, has been hit by a major outage together with

For the most part, it has been a quiet week on the ransomware front, with a few new reports, product developments, and attacks revealed.Mandiant revealed this week that an Iranian threat actor is behind ransomware attacks on the Albanian government, likely in retaliation for an upcoming Iranian opposition groups’ conference.Microsoft also&nbs

Texas startup Ghost Security has joined the list of early-stage companies in the API and application security space attracting venture capital funding.The Austin-based company emerged from stealth this week with $15 million in investments from 468 Capital, DNX Ventures, and Munich Re Ventures."We believe the explosive growth of microservices and APIs in the

DuckDuckGo announced today that they will now be blocking all third-party Microsoft tracking scripts in their privacy browser after failing to block them in the past.This change comes after the company faced massive blowback in May for not blocking some third-party Microsoft trackers in the DuckDuckGo browser due to a syndicated search content agre

Meta (Facebook) has released its Q2 2022 adversarial threat report, and among the highlights is the discovery of two cyber-espionage clusters connected to hacker groups known as 'Bitter APT' and APT36 (aka 'Transparent Tribe') using new Android malware.These cyberspying operatives use social media platforms like Facebook to collect intelligence (OSINT) or to

Twitter has confirmed a recent data breach was caused by a now-patched zero-day vulnerability used to link email addresses and phone numbers to users' accounts, allowing a threat actor to compile a list of 5.4 million user account profiles.Last month, BleepingComputer spoke to a threat actor who said that they were able to create a list of 5.4 million T

The Cybersecurity and Infrastructure Security Agency (CISA) has added the Zimbra CVE-2022-27824 flaw to its 'Known Exploited Vulnerabilities Catalog,' indicating that it is actively exploited in attacks by hackers.This high-severity vulnerability allows an unauthenticated attacker to steal email account credentials in cleartext form from Zimbra Col

Slack notified roughly 0.5% of its users that it reset their passwords after fixing a bug exposing salted password hashes when creating or revoking shared invitation links for workspaces."When a user performed either of these actions, Slack transmitted a hashed version of their password (not plaintext) to other workspace members," Slack told Bleepi

Security and application delivery solutions provider F5 has released its quarterly security notification for August 2022, which informs customers about 21 vulnerabilities affecting BIG-IP and other products.The company has released separate advisories for a dozen high-severity vulnerabilities, as well as eight medium-severity and one low-severity flaws.The h

The U.S. DHS warns of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. The Department of Homeland Security (DHS) warned of critical security vulnerabilities in Emergency Alert System (EAS) encoder/decoder devices. Threat actors could exploit the flaws to send fake emergency alerts via TV, radio networks, and cable

US Critical Infrastructure Security Agency (CISA) adds a recently disclosed flaw in the Zimbra email suite to its Known Exploited Vulnerabilities Catalog. The Cybersecurity & Infrastructure Security Agency (CISA) has added a recently disclosed flaw in the Zimbra email suite, tracked as CVE-2022-27924, to its Known Exploited Vulnerabilities Catalog.