Microsoft says hackers used vulnerabilities in Boa web server, discontinued in 2005 but pervasive across IoT devices, to target the Indian power sector (Sergiu Gatlan/BleepingComputer)

Sergiu Gatlan / BleepingComputer:
Microsoft confirms two zero-day vulnerabilities in Exchange Server 2013, 2016, and 2019 are being exploited; one researcher suspects a Chinese threat actor  —  Microsoft has confirmed that two recently reported zero-day vulnerabilities in Microsoft Exchange Server 2013, 2016, and 2019 are being exploited in the wild.

Sergiu Gatlan / BleepingComputer:
Europol says it has arrested Russian national in Canada linked to LockBit ransomware attacks on critical infrastructure organizations and high-profile companies  —  Europol has announced today the arrest of a Russian national linked to LockBit ransomware attacks targeting critical infrastructure organizations …

Sergiu Gatlan / BleepingComputer:
The FBI says the Hive ransomware gang has extorted ~$100M from 1,300+ organizations, including government facilities and public health entities, since June 2021  —  The Federal Bureau of Investigation (FBI) said today that the notorious Hive ransomware gang has successfully extorted roughly $100 million …

Carly Page / TechCrunch:
Cisco Talos: the Lazarus group exploited Log4j to compromise VMware Horizon and target energy providers in the US, Canada, and Japan from February to July 2022  —  Security researchers have linked a new cyber espionage campaign targeting U.S., Canadian and Japanese energy providers …

Sergiu Gatlan / BleepingComputer:
LastPass says attackers accessed customers’ data after breaching its cloud storage using information stolen during a security incident in August 2022  —  LastPass says unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022.

Sergiu Gatlan / BleepingComputer:
Google updates Chrome to address an actively exploited high-severity zero-day vulnerability in Mojo, its sixth patch for zero-day vulnerabilities in 2022  —  Google has released Chrome 105.0.5195.102 for Windows, Mac, and Linux users to address a single high-severity security flaw …