CEO tried funding his startup by asking insiders to deploy ransomware

Likely inspired by the LockBit ransomware gang, a Nigerian threat actor tried their luck with a $1 million payment lure to recruit an insider to detonate a ransomware payload on the company servers. [...]

https://www.bleepingcomputer.com/news/security/ceo-tried-funding-his-startup-by-asking-insiders-to-deploy-ransomware/

Social account thief goes to prison for stealing, trading nude photos

A New York man received a three year sentence in federal prison for hacking social media accounts of dozens of female college students and stealing nude photos and videos of them. [...]

https://www.bleepingcomputer.com/news/security/social-account-thief-goes-to-prison-for-stealing-trading-nude-photos/

AT&T denies data breach after hacker auctions 70 million user database

AT&T says that they did not suffer a data breach after a well-known threat actor claimed to be selling a database containing the personal information of 70 million customers.  [...]

https://www.bleepingcomputer.com/news/security/atandt-denies-data-breach-after-hacker-auctions-70-million-user-database/

Pegasus iPhone hacks used as lure in extortion scheme

A new extortion scam is underway that attempts to capitalize on the recent Pegasus iOS spyware attacks to scare people into paying a blackmail demand. [...]

https://www.bleepingcomputer.com/news/security/pegasus-iphone-hacks-used-as-lure-in-extortion-scheme/

T-Mobile data breach just got worse — now at 54 million customers

The T-Mobile data breach keeps getting worse as an update to their investigation now reveals that cyberattack exposed over 54 million individuals' data. [...]

https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-just-got-worse-now-at-54-million-customers/

HTTP DDoS attacks reach unprecedented 17 million requests per second

A distributed denial-of-service (DDoS) attack earlier this year takes the top spot for the largest such incident, peaking at 17.2 million requests per second (rps). [...]

https://www.bleepingcomputer.com/news/security/http-ddos-attacks-reach-unprecedented-17-million-requests-per-second/

SynAck ransomware decryptor lets victims recover files for free

Emsisoft has released a decryptor for the SynAck Ransomware, allowing victims to decrypt their encrypted files for free. [...]

https://www.bleepingcomputer.com/news/security/synack-ransomware-decryptor-lets-victims-recover-files-for-free/

LockFile ransomware uses PetitPotam attack to hijack Windows domains

At least one ransomware threat actor has started to leverage the recently discovered PetitPotam NTLM relay attack method to take over the Windows domain on various networks worldwide. [...]

https://www.bleepingcomputer.com/news/security/lockfile-ransomware-uses-petitpotam-attack-to-hijack-windows-domains/

Hands on with the new Windows 11 Focus Sessions feature

As people continue to work remotely, staying focused on the task at hand can be challenging, especially when working at home. This article goes hands-on with a new Windows 11 feature called 'Focus Sessions' that aims to keep people focused while performing a particular task. [...]

https://www.bleepingcomputer.com/news/microsoft/hands-on-with-the-new-windows-11-focus-sessions-feature/

The Week in Ransomware - August 20th 2021 - Exploiting Windows

Ransomware gangs continue to attack schools, companies, and even hospitals worldwide with little sign of letting up. Below we have tracked some of the ransomware stories that we are following this week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-august-20th-2021-exploiting-windows/

How to download the Windows 11 ISO from Microsoft

Microsoft has released Windows 11 ISO images this week, and as it's always smart to have a copy of the operating system media to resolve critical problems, we will explain how you can download the Windows 11 ISO directly from Microsoft. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-download-the-windows-11-iso-from-microsoft/

LockFile ransomware attacks Microsoft Exchange with ProxyShell exploits

A new ransomware gang known as LockFile encrypts Windows domains after hacking into Microsoft Exchange servers using the recently disclosed ProxyShell vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/lockfile-ransomware-attacks-microsoft-exchange-with-proxyshell-exploits/

Microsoft now offers Windows 11 preview on Azure Virtual Desktop

Starting this week, Microsoft customers can use the Azure Virtual Desktop (formerly Windows Virtual Desktop) to virtualize a Windows 11 preview desktop on Azure virtual machines. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-now-offers-windows-11-preview-on-azure-virtual-desktop/

Microsoft shares guidance on securing Windows 365 Cloud PCs

Microsoft has shared guidance on securing Windows 365 Cloud PCs and more info on their built-in security capabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-securing-windows-365-cloud-pcs/

Razer bug lets you become a Windows 10 admin by plugging in a mouse

A Razer Synapse zero-day vulnerability has been disclosed on Twitter, allowing you to gain Windows admin privileges simply by plugging in a Razer mouse or keyboard. [...]

https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/

How to customize Windows 11 appearance with these tools

Windows 11 is arriving later this year and it's currently available to testers in the Windows Insider program. If you've already installed the new operating system and you want to get the most out of Windows 11, you can try the third-party programs highlighted in this article. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-customize-windows-11-appearance-with-these-tools/

CISA warns admins to urgently patch Exchange ProxyShell bugs

The US Cybersecurity and Infrastructure Security Agency (CISA) issued its first alert tagged as "urgent," warning admins to patch on-premises Microsoft Exchange servers against actively exploited ProxyShell vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/cisa-warns-admins-to-urgently-patch-exchange-proxyshell-bugs/

Nokia subsidiary discloses data breach after Conti ransomware attack

SAC Wireless, a US-based and independently-operating Nokia company subsidiary, has disclosed a data breach following a ransomware attack where Conti operators were able to successfully breach its network, steal data, and encrypt systems. [...]

https://www.bleepingcomputer.com/news/security/nokia-subsidiary-discloses-data-breach-after-conti-ransomware-attack/

Hacker gets 500K reward for returning stolen cryptocurrency

The saga of what has been dubbed the biggest hack in the world of decentralized finance appears to be over as Poly Network recovered more than $610 million in cryptocurrency assets it lost two weeks ago and the hacker received a $500,000 bounty for returning the money. [...]

https://www.bleepingcomputer.com/news/security/hacker-gets-500k-reward-for-returning-stolen-cryptocurrency/

Botnet targets hundreds of thousands of devices using Realtek SDK

A Mirai-based botnet now targets a critical vulnerability in the software SDK used by hundreds of thousands of Realtek-based devices, encompassing 200 models from at least 65 vendors, including Asus, Belkin, D-Link, Netgear, Tenda, ZTE, and Zyxel. [...]

https://www.bleepingcomputer.com/news/security/botnet-targets-hundreds-of-thousands-of-devices-using-realtek-sdk/

Phishing campaign uses UPS.com XSS vuln to distribute malware

A clever UPS phishing campaign utilized an XSS vulnerability in UPS.com to push fake and malicious 'Invoice' Word documents. [...]

https://www.bleepingcomputer.com/news/security/phishing-campaign-uses-upscom-xss-vuln-to-distribute-malware/