Notices by BleepingComputer (bleepingcomputer@infosec.exchange)

GitHub has a problem with inauthentic "stars" used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users.

https://www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings/

An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police.

This is not the same service as the legitimate "Matrix" encrypted messaging platform.
https://www.bleepingcomputer.com/news/security/police-seize-matrix-encrypted-chat-service-after-spying-on-criminals/

According to customer reports, this month's Patch Tuesday updates are breaking virtual machines on Hyper-V hosts, causing them to no longer boot and display "failed to start" errors.

https://www.bleepingcomputer.com/news/microsoft/october-windows-server-updates-cause-hyper-v-vm-boot-issues/

A severe privacy flaw named 'acropalypse' has also been found to affect the Windows Snipping Tool, allowing people to partially recover content that was edited out of an image.

https://www.bleepingcomputer.com/news/microsoft/windows-11-snipping-tool-privacy-bug-exposes-cropped-image-content/

Scammers are now exploiting the ongoing humanitarian crisis in Turkey and Syria: this time stealing donations by abusing legitimate platforms like PayPal and Twitter.

https://www.bleepingcomputer.com/news/security/paypal-and-twitter-abused-in-turkey-relief-donation-scams/

Microsoft is investigating and working on addressing an ongoing outage affecting the company's Outlook webmail service.

https://www.bleepingcomputer.com/news/microsoft/microsoft-outlook-outage-prevents-users-from-sending-receiving-emails/

A U.S. No Fly list with over 1.5 million records of banned flyers and upwards of 250,000 'selectees' has been shared publicly on a hacking forum. BleepingComputer has confirmed, the list is the same TSA No Fly list that was discovered recently on an unsecured CommuteAir server.

https://www.bleepingcomputer.com/news/security/us-no-fly-list-shared-on-a-hacking-forum-government-investigating/

Two vulnerabilities in the Galaxy App Store, Samsung's official repository for its devices, could enable attackers to install any app in the Galaxy Store without the user's knowledge or to direct victims to a malicious web location.

https://www.bleepingcomputer.com/news/security/exploits-released-for-two-samsung-galaxy-app-store-vulnerabilities/

Over 290 MSI motherboards are reportedly affected by an insecure default UEFI Secure Boot setting settings that allows any operating system image to run regardless of whether it has a wrong or missing signature.

https://www.bleepingcomputer.com/news/security/msi-accidentally-breaks-secure-boot-for-hundreds-of-motherboards/

Today is Microsoft's January 2023 Patch Tuesday, and with it comes fixes for an actively exploited zero-day vulnerability and a total of 98 flaws.

https://www.bleepingcomputer.com/news/microsoft/microsoft-january-2023-patch-tuesday-fixes-98-flaws-1-zero-day/

Six malicious packages on PyPI, the Python Package Index, were found installing information-stealing and RAT (remote access trojan) malware while using Cloudflare Tunnel to bypass firewall restrictions for remote access.

https://www.bleepingcomputer.com/news/security/malicious-pypi-packages-create-cloudflare-tunnels-to-bypass-firewalls/

Starting today, WhatsApp now allows users to connect via proxy servers due to Internet shutdowns or if their governments block the service in their country.

https://www.bleepingcomputer.com/news/security/whatsapp-adds-proxy-support-to-help-bypass-internet-blocks/

Ransomware attacks in 2022 impacted more than 200 hundred larger organizations in the U.S. public sector in the government, educational, and healthcare verticals.

https://www.bleepingcomputer.com/news/security/ransomware-impacts-over-200-govt-edu-healthcare-orgs-in-2022/