OMIGOD: Microsoft Azure VMs exploited to drop Mirai, miners

Threat actors started actively exploiting the critical Azure OMIGOD vulnerabilities two days after Microsoft disclosed them during this month's Patch Tuesday. [...]

https://www.bleepingcomputer.com/news/security/omigod-microsoft-azure-vms-exploited-to-drop-mirai-miners/

Billions more Android devices will reset risky app permissions

Google announced today that support for a recently released Android privacy protection feature would be backported to billions of devices running older Android versions later this year. [...]

https://www.bleepingcomputer.com/news/security/billions-more-android-devices-will-reset-risky-app-permissions/

Mozilla tests Microsoft Bing as the default Firefox search engine

Mozilla is running a study to test users' responses to changing the default Firefox search engine to Microsoft Bing. [...]

https://www.bleepingcomputer.com/news/software/mozilla-tests-microsoft-bing-as-the-default-firefox-search-engine/

Admin of DDoS service behind 200,000 attacks faces 35yrs in prison

At the end of a nine-day trial, a jury in California this week found guilty the administrator of two distributed denial-of-service (DDoS) operations. [...]

https://www.bleepingcomputer.com/news/security/admin-of-ddos-service-behind-200-000-attacks-faces-35yrs-in-prison/

U.S. to sanction crypto exchanges, wallets used by ransomware

The Biden administration is expected to issue sanctions against crypto exchanges, wallets, and traders used by ransomware gangs to convert ransom payments into fiat money. [...]

https://www.bleepingcomputer.com/news/security/us-to-sanction-crypto-exchanges-wallets-used-by-ransomware/

The Week in Ransomware - September 17th 2021 - REvil decrypted

It has been an interesting week with decryptors released, ransomware gangs continuing to rail against negotiators, and the US government expected to sanction crypto exchanges next week. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-september-17th-2021-revil-decrypted/

Researchers compile list of vulnerabilities abused by ransomware gangs

Security researchers are working on compiling an easy to follow list of initial access attack vectors ransomware gangs and their affiliates are using to breach victims' networks. [...]

https://www.bleepingcomputer.com/news/security/researchers-compile-list-of-vulnerabilities-abused-by-ransomware-gangs/

Windows 11 is no longer compatible with Oracle VirtualBox VMs

Windows 11 is no longer compatible with the immensely popular Oracle VirtualBox virtualization platform after Microsoft changed its hardware requirement policies for virtual machines. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-is-no-longer-compatible-with-oracle-virtualbox-vms/

AT&T lost $200M in seven years to illegal phone unlocking scheme

A Pakistani fraudster was sentenced earlier this week to 12 years in prison after AT&T, the world's largest telecommunications company, lost over $200 million after he and his co-conspirators coordinated a seven year scheme that led to the fraudulent unlocking of almost 2 million phones. [...]

https://www.bleepingcomputer.com/news/security/atandt-lost-200m-in-seven-years-to-illegal-phone-unlocking-scheme/

New "Elon Musk Club" crypto giveaway scam promoted via email

A new Elon Musk-themed cryptocurrency giveaway scam called the "Elon Musk Mutual Aid Fund" or "Elon Musk Club" is being promoted through spam email campaigns that started over the past few weeks. [...]

https://www.bleepingcomputer.com/news/security/new-elon-musk-club-crypto-giveaway-scam-promoted-via-email/

Europol links Italian Mafia to million-dollar phishing scheme

In collaboration with Europol and Eurojust, European law enforcement dismantled an extensive network of cybercriminals linked to the Italian Mafia that was able to defraud their victims of roughly €10 million ($11.7 million) last year alone. [...]

https://www.bleepingcomputer.com/news/security/europol-links-italian-mafia-to-million-dollar-phishing-scheme/

EventBuilder misconfiguration exposes Microsoft event registrant data

Personal details of registrants to virtual events available through the EventBuilder platform have stayed accessible over the public internet, open to indexing by various engines. [...]

https://www.bleepingcomputer.com/news/security/eventbuilder-misconfiguration-exposes-microsoft-event-registrant-data/

Republican Governors Association email server breached by state hackers

The Republican Governors Association (RGA) revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. [...]

https://www.bleepingcomputer.com/news/security/republican-governors-association-email-server-breached-by-state-hackers/

VoIP.ms phone services disrupted by DDoS extortion attack

Threat actors are targeting voice-over-Internet provider VoIP.ms with a DDoS attack and extorting the company to stop the assault that's severely disrupting the company's operation. [...]

https://www.bleepingcomputer.com/news/security/voipms-phone-services-disrupted-by-ddos-extortion-attack/

Microsoft investigates Outlook issues with security keys, search

Microsoft is investigating several issues impacting Outlook customers and leading to problems related to security keys, search results, and more. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-investigates-outlook-issues-with-security-keys-search/

US farmer cooperative hit by $5.9M BlackMatter ransomware attack

U.S. farmers cooperative NEW Cooperative has suffered a BlackMatter ransomware attack demanding $5.9 million not to leak stolen data and provide a decryptor. [...]

https://www.bleepingcomputer.com/news/security/us-farmer-cooperative-hit-by-59m-blackmatter-ransomware-attack/

Hacked sites push TeamViewer using fake expired certificate alert

Threat actors are compromising Windows IIS servers to add expired certificate notification pages that prompt visitors to download a malicious fake installer. [...]

https://www.bleepingcomputer.com/news/security/hacked-sites-push-teamviewer-using-fake-expired-certificate-alert/

How to fix the Windows 0x0000011b network printing error

A Windows security update released in January and now fully enforced this month is causing Windows users to experience 0x0000011b errors when printing to network printers. [...]

https://www.bleepingcomputer.com/news/microsoft/how-to-fix-the-windows-0x0000011b-network-printing-error/

Marketron marketing services hit by Blackmatter ransomware

BlackMatter ransomware gang over the weekend hit Marketron, a business software solutions provider that serves more than 6,000 customers in the media industry. [...]

https://www.bleepingcomputer.com/news/security/marketron-marketing-services-hit-by-blackmatter-ransomware/

Netgear fixes dangerous code execution bug in multiple routers

Netgear has fixed a high severity remote code execution (RCE) vulnerability found in the Circle parental control service, which runs with root permissions on almost a dozen modern Small Offices/Home Offices (SOHO) Netgear routers. [...]

https://www.bleepingcomputer.com/news/security/netgear-fixes-dangerous-code-execution-bug-in-multiple-routers/

Atlassian Trello is down — second outage this week

Trello is down for many users around the world, second time this week. Trello is a web-based TODO list-style platform owned by Atlassian, makers of Jira and Confluence. [...]

https://www.bleepingcomputer.com/news/technology/atlassian-trello-is-down-second-outage-this-week/