The Week in Ransomware - September 3rd 2021 - Targeting Exchange

Over the past two weeks, it has been busy with ransomware news ranging from a gang shutting down and releasing a master decryption key to threat actors turning to Microsoft Exchange exploits to breach networks. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-3rd-2021-targeting-exchange/

Windows 11 may not get security updates on unsupported devices

Microsoft is turning a blind eye to a loophole that allows you to install Windows 11 on incompatible hardware but warns that your device may no longer receive security updates. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-may-not-get-security-updates-on-unsupported-devices/

US SEC: Watch out for Hurricane Ida-related investment scams

The US Securities and Exchange Commission has warned investors to be "extremely wary" of potential investment scams related to Hurricane Ida's aftermath. [...]

https://www.bleepingcomputer.com/news/security/us-sec-watch-out-for-hurricane-ida-related-investment-scams/

Watch out for new malware campaign”s 'Windows 11 Alpha' attachment

Relying on a simple recipe that has proved successful time and time again, threat actors have deployed a malware campaign recently that used a Windows 11 theme to lure recipients into activating malicious code placed inside Microsoft Word documents. [...]

https://www.bleepingcomputer.com/news/security/watch-out-for-new-malware-campaign-s-windows-11-alpha-attachment/

Google's TensorFlow drops YAML support due to code execution flaw

TensorFlow, a popular Python-based machine learning and artificial intelligence project developed by Google has dropped support for YAML, to patch a critical code execution vulnerability. YAML is a convenient choice among developers looking for a human-readable data serialization language. [...]

https://www.bleepingcomputer.com/news/security/googles-tensorflow-drops-yaml-support-due-to-code-execution-flaw/

Office 365 to let admins block Active Content on Trusted Docs

Microsoft plans to allow Office 365 admins ensure that end-users can't ignore organization-wide policies set up to block active content on Trusted Documents. [...]

https://www.bleepingcomputer.com/news/security/office-365-to-let-admins-block-active-content-on-trusted-docs/

Windows 11 dark mode has quieter, more soothing sounds - Listen now

Windows 11 brings a redesigned user interface and an overhaul to the system sounds, including different sounds for Light Mode and Dark Mode. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-dark-mode-has-quieter-more-soothing-sounds-listen-now/

Ransomware gangs target companies using these criteria

Ransomware gangs increasingly purchase access to a victim's network on dark web marketplaces and from other threat actors. Analyzing their want ads makes it possible to get an inside look at the types of companies ransomware operations are targeting for attacks. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gangs-target-companies-using-these-criteria/

Netgear fixes severe security bugs in over a dozen smart switches

Netgear has released firmware updates for more than a dozen of its smart switches used on corporate networks to address high-severity vulnerabilities. [...]

https://www.bleepingcomputer.com/news/security/netgear-fixes-severe-security-bugs-in-over-a-dozen-smart-switches/

TrickBot gang developer arrested when trying to leave Korea

An alleged Russian developer for the notorious TrickBot malware gang was arrested in South Korea after attempting to leave the country. [...]

https://www.bleepingcomputer.com/news/security/trickbot-gang-developer-arrested-when-trying-to-leave-korea/

New Chainsaw tool helps IR teams analyze Windows event logs

Incident responders and blue teams have a new tool called Chainsaw that speeds up searching through Windows event log records to identify threats. [...]

https://www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/

Ransomware gang threatens to leak data if victim contacts FBI, police

The Ragnar Locker ransomware group is warning that they will leak stolen data from victims that contact law enforcement authorities, like the FBI. Ragnar Locker has previously hit prominent companies with ransomware attacks, demanding millions of dollars in ransom payments. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-leak-data-if-victim-contacts-fbi-police/

McDonald's leaks password for Monopoly VIP database to winners

ug in the McDonald's Monopoly VIP game in the United Kingdom caused the login names and passwords for the game's database to be sent to all winners. [...]

https://www.bleepingcomputer.com/news/security/mcdonalds-leaks-password-for-monopoly-vip-database-to-winners/

Jenkins project's Confluence server hacked to mine Monero

Hackers exploiting the recently disclosed Atlassian Confluence remote code execution vulnerability breached an internal server from the Jenkins project. [...]

https://www.bleepingcomputer.com/news/security/jenkins-projects-confluence-server-hacked-to-mine-monero/

REvil ransomware's servers mysteriously come back online

The dark web servers for the REvil ransomware operation have suddenly turned back on after an almost two-month absence. It is unclear if this marks their ransomware gang's return or the servers being turned on by law enforcement. [...]

https://www.bleepingcomputer.com/news/security/revil-ransomwares-servers-mysteriously-come-back-online/

Microsoft shares temp fix for ongoing Office 365 zero-day attacks

Microsoft today shared mitigation for a remote code execution vulnerability in Windows that is being exploited in targeted attacks against Office 365 and Office 2019 on Windows 10. [...]

https://www.bleepingcomputer.com/news/security/microsoft-shares-temp-fix-for-ongoing-office-365-zero-day-attacks/

Going beyond backup: Acronis True Image is now Acronis Cyber Protect Home Office

After nearly two decades, one of the most recognizable software brands is getting a new name. Acronis True Image, the leading personal cyber protection solution, is changing its name to Acronis Cyber Protect Home Office.  [...]

https://www.bleepingcomputer.com/news/security/going-beyond-backup-acronis-true-image-is-now-acronis-cyber-protect-home-office/

Howard University shuts down network after ransomware attack

The private Howard University in Washington disclosed that it suffered a ransomware attack late last week and is currently working to restore affected systems. [...]

https://www.bleepingcomputer.com/news/security/howard-university-shuts-down-network-after-ransomware-attack/

Hackers leak passwords for 500,000 Fortinet VPN accounts

A threat actor has leaked a list of almost 500,000 Fortinet VPN login names and passwords that were allegedly scraped from exploitable devices last summer. [...]

https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/

Zoho patches actively exploited critical ADSelfService Plus bug

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that hackers are exploiting a critical vulnerability in Zoho's ManageEngine ADSelfService Plus password management solution that allows them to take control of the system. [...]

https://www.bleepingcomputer.com/news/security/zoho-patches-actively-exploited-critical-adselfservice-plus-bug/

Ukrainian extradited for selling 2,000 stolen logins per week

The US Department of Justice has indicted a Ukrainian man for using a malware botnet to brute force computer logon credentials and then selling them on a criminal remote access marketplace. [...]

https://www.bleepingcomputer.com/news/security/ukrainian-extradited-for-selling-2-000-stolen-logins-per-week/