Microsoft fixes Windows CVE-2021-40444 MSHTML zero-day bug

Microsoft today fixed a high severity zero-day vulnerability actively exploited in targeted attacks against Microsoft Office and Office 365 on Windows 10 computers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-cve-2021-40444-mshtml-zero-day-bug/

Microsoft fixes remaining Windows PrintNightmare vulnerabilities

Microsoft has released a security update to fix the last remaining PrintNightmare zero-day vulnerabilities that allowed attackers to gain administrative privileges on Windows devices quickly. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-remaining-windows-printnightmare-vulnerabilities/

Microsoft rolls out passwordless login for all Microsoft accounts

Microsoft is rolling out passwordless login support over the coming weeks, allowing customers to sign in to Microsoft accounts without using a password. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-passwordless-login-for-all-microsoft-accounts/

Kali Linux 2021.3 released with new pentest tools, improvements

​Kali Linux 2021.3 was released yesterday by Offensive Security and includes a new set of tools, improved virtualization support, and a new OpenSSL configuration that increases the attack surface. [...]

https://www.bleepingcomputer.com/news/security/kali-linux-20213-released-with-new-pentest-tools-improvements/

Microsoft shares fix for 'camera upload is paused' Android OneDrive error

Microsoft says a OneDrive issue prevents some Android users from uploading photos and videos from their camera roll to the cloud. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-fix-for-camera-upload-is-paused-android-onedrive-error/

Ransomware gang threatens to wipe decryption key if negotiator hired

The Grief ransomware gang is threatening to delete victim's decryption keys if they hire a negotiation firm, making it impossible to recover encrypted files. [...]

https://www.bleepingcomputer.com/news/security/ransomware-gang-threatens-to-wipe-decryption-key-if-negotiator-hired/

MikroTik shares info on securing routers hit by massive Mēris botnet

Latvian network equipment manufacturer MikroTik has shared details on customers can secure and clean routers enslaved by the massive Mēris DDoS botnet over the summer. [...]

https://www.bleepingcomputer.com/news/security/mikrotik-shares-info-on-securing-routers-hit-by-massive-m-ris-botnet/

Ransomware encrypts South Africa's entire Dept of Justice network

The justice ministry of the South African government is working on restoring its operations after a recent ransomware attack encrypted all its systems, making all electronic services unavailable both internally and to the public. [...]

https://www.bleepingcomputer.com/news/security/ransomware-encrypts-south-africas-entire-dept-of-justice-network/

Microsoft fixes critical bugs in secretly installed Azure Linux app

Microsoft has addressed four critical vulnerabilities collectively known as OMIGOD, found in the Open Management Infrastructure (OMI) software agent silently installed on Azure Linux machines accounting for more than half of Azure instances. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-critical-bugs-in-secretly-installed-azure-linux-app/

Former U.S. intel operatives to pay $1.6M for hacking for foreign govt

The U.S. government has entered a Deferred Prosecution Agreement (DPA) with three former intelligence operatives to resolve criminal charges relating to their offering of hacking services to a foreign government. [...]

https://www.bleepingcomputer.com/news/security/former-us-intel-operatives-to-pay-16m-for-hacking-for-foreign-govt/

Free REvil ransomware master decrypter released for past victims

A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/

Microsoft: Windows MSHTML bug now exploited by ransomware gangs

Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-mshtml-bug-now-exploited-by-ransomware-gangs/

New Windows security updates break network printing

Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates. [...]

https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/

FBI: $113 million lost to online romance scams this year

The FBI warned today that a massive spike of online romance scams this year caused Americans to lose more than $113 million since the start of 2021. [...]

https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/

New malware uses Windows Subsystem for Linux for stealthy attacks

Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines. [...]

https://www.bleepingcomputer.com/news/security/new-malware-uses-windows-subsystem-for-linux-for-stealthy-attacks/

FBI and CISA warn of state hackers exploiting critical Zoho bug

The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. [...]

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-exploiting-critical-zoho-bug/

Microsoft rolls out Office LTSC 2021 for Windows and Mac

Microsoft today started rolling out Office LTSC (Long Term Servicing Channel) for Windows and macOS, the non-subscription Office version for commercial and government customers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-office-ltsc-2021-for-windows-and-mac/

US govt sites showing porn, viagra ads share a common software vendor

Multiple U.S. government sites using .gov and .mil domains have been seen hosting porn and spam content, such as Viagra ads, in the last year. A security researcher noticed all of these sites share a common software vendor, Laserfiche. [...]

https://www.bleepingcomputer.com/news/security/us-govt-sites-showing-porn-viagra-ads-share-a-common-software-vendor/

How to fix printers asking for admins creds after PrintNightmare patch

Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-fix-printers-asking-for-admins-creds-after-printnightmare-patch/

Microsoft asks Azure Linux admins to manually patch OMIGOD bugs

Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-azure-linux-admins-to-manually-patch-omigod-bugs/

OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/omigod-microsoft-azure-vms-exploited-to-drop-mirai-miners/