Bitcoin mixer owner pleads guilty to laundering over $300 million

Larry Dean Harmon, the owner of a dark web cryptocurrency laundering service known as Helix, pleaded guilty today of laundering over $300 million worth of bitcoins between 2014 and 2017. [...]

https://www.bleepingcomputer.com/news/security/bitcoin-mixer-owner-pleads-guilty-to-laundering-over-300-million/

US Census Bureau hacked in January 2020 using Citrix exploit

US Census Bureau servers were breached on January 11, 2020, by hackers after exploiting an unpatched Citrix ADC zero-day vulnerability as the US Office of Inspector General (OIG) disclosed in a recent report. [...]

https://www.bleepingcomputer.com/news/security/us-census-bureau-hacked-in-january-2020-using-citrix-exploit/

Cisco won’t fix zero-day RCE vulnerability in end-of-life VPN routers

In a security advisory published on Wednesday, Cisco said that a critical vulnerability in Universal Plug-and-Play (UPnP) service of multiple small business VPN routers will not be patched because the devices have reached end-of-life. [...]

https://www.bleepingcomputer.com/news/security/cisco-won-t-fix-zero-day-rce-vulnerability-in-end-of-life-vpn-routers/

Liquid cryptocurrency exchange loses $94 million following hack

Japan-based cryptocurrency exchange Liquid has suspended deposits and withdrawals after attackers have compromised its warm wallets. [...]

https://www.bleepingcomputer.com/news/security/liquid-cryptocurrency-exchange-loses-94-million-following-hack/

CISA shares guidance on how to prevent ransomware data breaches

The US Cybersecurity and Infrastructure Security Agency (CISA) has released guidance to help government and private sector organizations prevent data breaches resulting from ransomware double extortion schemes. [...]

https://www.bleepingcomputer.com/news/security/cisa-shares-guidance-on-how-to-prevent-ransomware-data-breaches/

You can post LinkedIn jobs as ANY employer — so can attackers

Anyone can create a job listing on the leading recruitment platform LinkedIn on behalf of any employer—no verification needed. And worse, the employer cannot easily take these down. [...]

https://www.bleepingcomputer.com/news/security/you-can-post-linkedin-jobs-as-any-employer-so-can-attackers/

Hackers can bypass Cisco security products in data theft attacks

Cisco said that unauthenticated attackers could bypass TLS inspection filtering tech in multiple products to exfiltrate data from previously compromised servers inside customers' networks. [...]

https://www.bleepingcomputer.com/news/security/hackers-can-bypass-cisco-security-products-in-data-theft-attacks/

Microsoft releases the first official Windows 11 ISOs

Microsoft has finally released the first official ISOs for Windows 11, allowing users to perform clean installs of the new operating system. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-the-first-official-windows-11-isos/

New unofficial Windows patch fixes more PetitPotam attack vectors

A second unofficial patch for the Windows PetitPotam NTLM relay attack has been released to fix further issues not addressed by Microsoft's official security update. [...]

https://www.bleepingcomputer.com/news/security/new-unofficial-windows-patch-fixes-more-petitpotam-attack-vectors/

CEO tried funding his startup by asking insiders to deploy ransomware

Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [...]

https://www.bleepingcomputer.com/news/security/ceo-tried-funding-his-startup-by-asking-insiders-to-deploy-ransomware/

Social account thief goes to prison for stealing, trading nude photos

A New York man received a three year sentence in federal prison for hacking social media accounts of dozens of female college students and stealing nude photos and videos of them. [...]

https://www.bleepingcomputer.com/news/security/social-account-thief-goes-to-prison-for-stealing-trading-nude-photos/

AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.  [...]

https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/

Pegasus iPhone hacks used as lure in extortion scheme

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. [...]

https://www.bleepingcomputer.com/news/security/pegasus-iphone-hacks-used-as-lure-in-extortion-scheme/

T-Mobile data breach just got worse — now at 54 million customers

The T-Mobile data breach keeps getting worse as an update to their investigation now reveals that cyberattack exposed over 54 million individuals' data. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-just-got-worse-now-at-54-million-customers/

HTTP DDoS attacks reach unprecedented 17 million requests per second

A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps). [...]

https://www.bleepingcomputer.com/news/security/http-ddos-attacks-reach-unprecedented-17-million-requests-per-second/

SynAck ransomware decryptor lets victims recover files for free

Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [...]

https://www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/

LockFile ransomware uses PetitPotam attack to hijack Windows domains

At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. [...]

https://www.bleepingcomputer.com/news/security/lockfile-ransomware-uses-petitpotam-attack-to-hijack-windows-domains/

Hands on with the new Windows 11 Focus Sessions feature

As people continue to work remotely, staying focused on the task at hand can be challenging, especially when working at home. This article goes hands-on with a new Windows 11 feature called 'Focus Sessions' that aims to keep people focused while performing a particular task. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-the-new-windows-11-focus-sessions-feature/

The Week in Ransomware - August 20th 2021 - Exploiting Windows

Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-20th-2021-exploiting-windows/

How to download the Windows 11 ISO from Microsoft

Microsoft has released Windows 11 ISO images this week, and as it's always smart to have a copy of the operating system media to resolve critical problems, we will explain how you can download the Windows 11 ISO directly from Microsoft. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-the-windows-11-iso-from-microsoft/

LockFile ransomware attacks Microsoft Exchange with ProxyShell exploits

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/lockfile-ransomware-attacks-microsoft-exchange-with-proxyshell-exploits/