Security News

About Bruce Schneier I am a public-interest technologist, working at the intersection of security, technology, and people. I've been writing about security issues on my blog since 2004, and in my monthly newsletter since 1998.

Cryptocurrency exchange Gemini is warning it suffered a data breach incident caused by a cyberattack at its Automated Clearing House service provider, whose name was not disclosed. According to the notification, Gemini suffered a third-party data breach when an unauthorized actor breached its vendor's systems between June 3 and June 7, 2024.

Google has fixed a bug in Chrome's Password Manager that caused user credentials to disappear temporarily for more than 18 hours. In a Google Workspace incident report, the company says the issue affected approximately 2% of all Windows users who had already upgraded to Chrome 127, the browser's latest version.

Debt collection agency Financial Business and Consumer Solutions has again increased the number of people impacted by a February data breach, now saying it affects 4.2 million people in the US. FBCS is a US debt collection agency that collects unpaid debts from consumer credit, healthcare, commercial, auto loans and leases, student loans, and utilities. In late April, the firm reported that roughly 1.9 million people in the U.S. had sensitive personal information compromised in a data breach on February 14, 2024.

Opinion CrowdStrike's recent Windows debacle will surely earn a prominent place in the annals of epic tech failures. In the beginning, Microsoft enabled CrowdStrike's Falcon security software to run at the zero level of the Windows kernel.

Microsoft has confirmed that July's security updates break remote desktop connections in organizations where Windows servers are configured to use the legacy RPC over HTTP protocol in the Remote Desktop Gateway. "Windows Servers might affect Remote Desktop Connectivity across an organization if legacy protocol is used in Remote Desktop Gateway. Resulting from this, remote desktop connections might be interrupted," Microsoft explained.

Acronis warned customers to patch a critical Cyber Infrastructure security flaw that lets attackers bypass authentication on vulnerable servers using default credentials. Acronis Cyber Protect is a unified multi-tenant platform that combines remote endpoint management, backup, and virtualization capabilities and helps run disaster recovery workloads and store enterprise backup data securely.

On Thursday, researchers from security firm Binarly revealed that Secure Boot is completely compromised on more than 200 device models sold by Acer, Dell, Gigabyte, Intel, and Supermicro. The cause: a cryptographic key underpinning Secure Boot on those models that was compromised in 2022.

Russian-speaking threat actors accounted for at least 69% of all crypto proceeds linked to ransomware throughout the previous year, exceeding $500,000,000. "Russian-speaking threat actors from across the former Soviet Union consistently drive most types of crypto-enabled cybercrime, from ransomware to illicit crypto exchanges and darknet markets," explains TRM. Ransomware is a form of cybercrime in which attackers steal and encrypt data on compromised systems and then demand a ransom payment in exchange for a decryption key and a promise to delete the stolen files.

Progress Software's latest security advisory warns customers about the second critical vulnerability targeting its Telerik Report Server in as many months. Some of you may remember CVE-2019-18935, another deserialization of untrusted data vulnerability affecting Telerik UI for ASP.NET AJAX. It was used by multiple attackers including an unspecified Advanced Persistent Threat group to successfully target US federal agencies in 2023, despite being added to CISA's Known Exploited Vulnerability catalog in 2021.