Found 53 bookmarks
Newest
Ingram Micro outage caused by SafePay ransomware attack
Ingram Micro outage caused by SafePay ransomware attack
An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Update 7/6/25: Added Ingram Micro's confirmation it suffered a ransomware attack below. Also updated ransom note with clearer version. An ongoing outage at IT giant Ingram Micro is caused by a SafePay ransomware attack that led to the shutdown of internal systems, BleepingComputer has learned. Ingram Micro is one of the world's largest business-to-business technology distributors and service providers, offering a range of solutions including hardware, software, cloud services, logistics, and training to resellers and managed service providers worldwide. Since Thursday, Ingram Micro's website and online ordering systems have been down, with the company not disclosing the cause of the issues. BleepingComputer has now learned that the outages are caused by a cyberattack that occurred early Thursday morning, with employees suddenly finding ransom notes created on their devices. The ransom note, seen by BleepingComputer, is associated with the SafePay ransomware operation, which has become one of the more active operations in 2025. It is unclear if devices were actually encrypted in the attack. It should be noted that while the ransom note claims to have stolen a wide variety of information, this is generic language used in all SafePay ransom notes and may not be true for the Ingram Micro attack.
#bleepingcomputer#EN#2025#Cyberattack#Note#Computer#Security#Ransom#MicroIngram#Ransomware#VPN#SafePay
·bleepingcomputer.com·
Ingram Micro outage caused by SafePay ransomware attack
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco warns that Unified CM has hardcoded root SSH credentials
Cisco has removed a backdoor account from its Unified Communications Manager (Unified CM), which would have allowed remote attackers to log in to unpatched devices with root privileges. Cisco Unified Communications Manager (CUCM), formerly known as Cisco CallManager, serves as the central control system for Cisco's IP telephony systems, handling call routing, device management, and telephony features. The vulnerability (tracked as CVE-2025-20309) was rated as maximum severity, and it is caused by static user credentials for the root account, which were intended for use during development and testing.
#bleepingcomputer#EN#CVE-2025-20309#2025#CUCM#CallManager#Unified#Security#Password#Root#Hardcoded#Communications#Cisco
·bleepingcomputer.com·
Cisco warns that Unified CM has hardcoded root SSH credentials
Arla Foods confirms cyberattack disrupts production, causes delays
Arla Foods confirms cyberattack disrupts production, causes delays
Arla Foods has confirmed to BleepingComputer that it was targeted by a cyberattack that has disrupted its production operations. The Danish food giant clarified that the attack only affected its production unit in Upahl, Germany, though it expects this will result in product delivery delays or even cancellations. "We can confirm that we have identified suspicious activity at our dairy site in Upahl that impacted the local IT network," stated an Arla spokesperson. "Due to the safety measures initiated as a result of the incident, production was temporarily affected." Arla Foods is an international dairy producer and a farmer-owned cooperative with 7,600 members. It employs 23,000 people in 39 countries. The firm has an annual revenue of €13.8 billion ($15.5 billion), and its products, including the brands Arla, Lurpak, Puck, Castello, and Starbucks, are sold in 140 countries worldwide. The company told BleepingComputer that it is currently working to resume operations at the impacted facility, which should bring results before the end of the week. "Since then, we've been working diligently to restore full operations. We expect to return to normal operations at the site in the next few days. Production at other Arla sites is not affected." Considering that the first reports about a disruption at Arla's production operations surfaced on Friday, it is bound to cause shortages in some cases. "We have informed our affected customers about possible delivery delays and cancellations," explained Arla's spokesperson. BleepingComputer has asked the firm if the attack involved data theft or encryption, both staples of a ransomware attack, but Arla declined to share any additional information at this time. Meanwhile, there have been no announcements about Arla on ransomware extortion portals, so the type of attack and the perpetrators remain unknown.
#bleepingcomputer#EN#2025#Arla#Business-Disruption#Cyberattack#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
Arla Foods confirms cyberattack disrupts production, causes delays
Microsoft: macOS bug lets hackers install malicious kernel drivers
Microsoft: macOS bug lets hackers install malicious kernel drivers
Apple recently addressed a macOS vulnerability that allows attackers to bypass System Integrity Protection (SIP) and install malicious kernel drivers by loading third-party kernel extensions. #Apple #Computer #InfoSec #Integrity #Microsoft #Protection #SIP #Security #System #Vulnerability #macOS
#bleepingcomputer#EN#2024#CVE-2024-44243#System#macOS#Apple#Security#Integrity#SIP
·bleepingcomputer.com·
Microsoft: macOS bug lets hackers install malicious kernel drivers
Ascension: Health data of 5.6 million stolen in ransomware attack
Ascension: Health data of 5.6 million stolen in ransomware attack
​Ascension, one of the largest private U.S. healthcare systems, is notifying over 5.6 million patients and employees that their personal and health data was stolen in a May cyberattack linked to the Black Basta ransomware operation.
#bleepingcomputer#EN#2024#Ascension#Data-Breach#Healthcare#Ransomware#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
Ascension: Health data of 5.6 million stolen in ransomware attack
T-Mobile confirms it was hacked in recent wave of telecom breaches
T-Mobile confirms it was hacked in recent wave of telecom breaches
T-Mobile confirms it was hacked in the wave of recently reported telecom breaches conducted by Chinese threat actors to gain access to private communications, call records, and law enforcement information requests.
#bleepingcomputer#EN#2024#China#Cyber-espionage#Cyberattack#Salt-Typhoon#T-Mobile#Telecommunications#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
T-Mobile confirms it was hacked in recent wave of telecom breaches
Ivanti warns of three more CSA zero-days exploited in attacks
Ivanti warns of three more CSA zero-days exploited in attacks
American IT software company Ivanti has released security updates to fix three new Cloud Services Appliance (CSA) zero-days tagged as actively exploited in attacks.
#bleepingcomputer#EN#2024#Bypass#Ivanti#Code#Command#Actively#Remote#Services#Exploited#Injection#Execution#Security#Zero-Day#CSA#Cloud#Appliance#CVE-2024-9379#CVE-2024-9380#CVE-2024-9381
·bleepingcomputer.com·
Ivanti warns of three more CSA zero-days exploited in attacks
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
A critical vulnerability in the LiteSpeed Cache WordPress plugin can let attackers take over millions of websites after creating rogue admin accounts. #Admin #Cache #Computer #InfoSec #LiteSpeed #Plugin #Security #Takeover #Website #WordPress
#bleepingcomputer#EN#2024#Plugin#Computer#LiteSpeed#InfoSec#Takeover#WordPress#Cache#Security#Website#Admin
·bleepingcomputer.com·
Litespeed Cache bug exposes millions of WordPress sites to takeover attacks
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
The D-Link EXO AX4800 (DIR-X4860) router is vulnerable to remote unauthenticated command execution that could lead to complete device takeovers by attackers with access to the HNAP port.
#bleepingcomputer#EN#2024#Authentication-Bypass#D-Link#Exploit#Proof-of-Concept#Remote-Command-Execution#Router#Vulnerability#Zero-Day#Security#InfoSec#Computer-Security
·bleepingcomputer.com·
PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers
Europol confirms web portal breach, says no operational data stolen
Europol confirms web portal breach, says no operational data stolen
Europol, the European Union's law enforcement agency, confirmed that its Europol Platform for Experts (EPE) portal was breached and is now investigating the incident after a threat actor claimed they stole For Official Use Only (FOUO) documents containing classified data. #Breach #Computer #Data #EPE #Europol #InfoSec #Leak #Security #Theft
#bleepingcomputer#EN#2024#Europol#Security#EPE#Theft#Leak#InfoSec#Data#Breach#Computer
·bleepingcomputer.com·
Europol confirms web portal breach, says no operational data stolen