Free REvil ransomware master decrypter released for past victims

A free master decryptor for the REvil ransomware operation has been released, allowing all victims encrypted before the gang disappeared to recover their files for free. [...]

https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/

Microsoft: Windows MSHTML bug now exploited by ransomware gangs

Microsoft says multiple threat actors, including ransomware affiliates, are targeting the recently patched Windows MSHTML remote code execution security flaw. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-mshtml-bug-now-exploited-by-ransomware-gangs/

New Windows security updates break network printing

Windows administrators report wide-scale network printing problems after installing this week's September 2021 Patch Tuesday security updates. [...]

https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/

FBI: $113 million lost to online romance scams this year

The FBI warned today that a massive spike of online romance scams this year caused Americans to lose more than $113 million since the start of 2021. [...]

https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/

New malware uses Windows Subsystem for Linux for stealthy attacks

Security researchers have discovered malicious Linux binaries created for the Windows Subsystem for Linux (WSL), indicating that hackers are trying out new methods to compromise Windows machines. [...]

https://www.bleepingcomputer.com/news/security/new-malware-uses-windows-subsystem-for-linux-for-stealthy-attacks/

FBI and CISA warn of state hackers exploiting critical Zoho bug

The FBI, CISA, and the Coast Guard Cyber Command (CGCYBER) today warned that state-backed advanced persistent threat (APT) groups are likely among those exploiting a critical flaw in a Zoho single sign-on and password management solution since early August 2021. [...]

https://www.bleepingcomputer.com/news/security/fbi-and-cisa-warn-of-state-hackers-exploiting-critical-zoho-bug/

Microsoft rolls out Office LTSC 2021 for Windows and Mac

Microsoft today started rolling out Office LTSC (Long Term Servicing Channel) for Windows and macOS, the non-subscription Office version for commercial and government customers. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-rolls-out-office-ltsc-2021-for-windows-and-mac/

US govt sites showing porn, viagra ads share a common software vendor

Multiple U.S. government sites using .gov and .mil domains have been seen hosting porn and spam content, such as Viagra ads, in the last year. A security researcher noticed all of these sites share a common software vendor, Laserfiche. [...]

https://www.bleepingcomputer.com/news/security/us-govt-sites-showing-porn-viagra-ads-share-a-common-software-vendor/

How to fix printers asking for admins creds after PrintNightmare patch

Some printers will request administrator credentials every time users try to print in Windows Point and Print environments due to a known issue caused by KB5005033 or later security updates addressing the PrintNightmare vulnerability. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-fix-printers-asking-for-admins-creds-after-printnightmare-patch/

Microsoft asks Azure Linux admins to manually patch OMIGOD bugs

Microsoft has issued additional guidance on securing Azure Linux machines impacted by recently addressed critical OMIGOD vulnerabilities. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-azure-linux-admins-to-manually-patch-omigod-bugs/

OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/omigod-microsoft-azure-vms-exploited-to-drop-mirai-miners/

Billions more Android devices will reset risky app permissions

Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. [...]

https://www.bleepingcomputer.com/news/security/billions-more-android-devices-will-reset-risky-app-permissions/

Mozilla tests Microsoft Bing as the default Firefox search engine

Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. [...]

https://www.bleepingcomputer.com/news/software/mozilla-tests-microsoft-bing-as-the-default-firefox-search-engine/

Admin of DDoS service behind 200,000 attacks faces 35yrs in prison

At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations. [...]

https://www.bleepingcomputer.com/news/security/admin-of-ddos-service-behind-200-000-attacks-faces-35yrs-in-prison/

U.S. to sanction crypto exchanges, wallets used by ransomware

The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money. [...]

https://www.bleepingcomputer.com/news/security/us-to-sanction-crypto-exchanges-wallets-used-by-ransomware/

The Week in Ransomware - September 17th 2021 - REvil decrypted

It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-17th-2021-revil-decrypted/

Researchers compile list of vulnerabilities abused by ransomware gangs

Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks. [...]

https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/

Windows 11 is no longer compatible with Oracle VirtualBox VMs

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-is-no-longer-compatible-with-oracle-virtualbox-vms/

AT&T lost $200M in seven years to illegal phone unlocking scheme

A Pakistani fraudster was sentenced earlier this week to 12 years in prison after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven year scheme that led to the fraudulent unlocking of almost 2 million phones. [...]

https://www.bleepingcomputer.com/news/security/atandt-lost-200m-in-seven-years-to-illegal-phone-unlocking-scheme/

New "Elon Musk Club" crypto giveaway scam promoted via email

A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks. [...]

https://www.bleepingcomputer.com/news/security/new-elon-musk-club-crypto-giveaway-scam-promoted-via-email/

Europol links Italian Mafia to million-dollar phishing scheme

In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) last year alone. [...]

https://www.bleepingcomputer.com/news/security/europol-links-italian-mafia-to-million-dollar-phishing-scheme/