Pwn2Own: Printer plays AC/DC, Samsung Galaxy S21 hacked twice

Trend Micro's ZDI has awarded $1,081,250 for 61 zero-days exploited at Pwn2Own Austin 2021, with competitors successfully pwning the Samsung Galaxy S21 again and hacking an HP LaserJet printer to play AC/DC's Thunderstruck on the contest's third day. [...]

https://www.bleepingcomputer.com/news/security/pwn2own-printer-plays-ac-dc-samsung-galaxy-s21-hacked-twice/

Windows 11 KB5008295 OOB update fixes certificate issue breaking apps

Microsoft has released the KB5008295 out-of-band update to address Windows 11 issues while opening or using some built-in apps and features due to an expired Microsoft digital certificate. [...]

https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5008295-oob-update-fixes-certificate-issue-breaking-apps/

The Week in Ransomware - November 5th 2021 - Placing bounties

Law enforcement continues to keep up the pressure on ransomware operations with infrastructure hacks and million-dollar rewards, leading to the shut down of criminal operations. [...]

https://www.bleepingcomputer.com/news/security/the-week-in-ransomware-november-5th-2021-placing-bounties/

OneDrive reaches end of support on Windows 7, 8 in January

Microsoft has announced that the OneDrive desktop application will reach the end of support on legacy Windows 7, 8, and 8.1 starting with January 1, 2022. [...]

https://www.bleepingcomputer.com/news/microsoft/onedrive-reaches-end-of-support-on-windows-7-8-in-january/

Samsung sued for flawed Chromebook hinges cracking displays

Samsung is being sued for selling the Samsung Chromebook Plus 2-in-1 even though they allegedly knew for years of a defect that caused displays to break. [...]

https://www.bleepingcomputer.com/news/legal/samsung-sued-for-flawed-chromebook-hinges-cracking-displays/

Microsoft: New Windows driver deployment service coming soon

Microsoft said that the new Windows Update for Business deployment service for drivers and firmware will be available in Microsoft Endpoint Manager and in Microsoft Graph as a public preview starting with the first half of 2022. [...]

https://www.bleepingcomputer.com/news/microsoft/microsoft-new-windows-driver-deployment-service-coming-soon/

Operation Cyclone deals blow to Clop ransomware operation

A thirty-month international law enforcement operation codenamed 'Operation Cyclone' targeted the Clop ransomware gang, leading to the previously reported arrests of six members in Ukraine. [...]

https://www.bleepingcomputer.com/news/security/operation-cyclone-deals-blow-to-clop-ransomware-operation/

State hackers breach defense, energy, healthcare orgs worldwide

Cybersecurity firm Palo Alto Networks warned over the weekend of an ongoing hacking campaign that has already resulted in the compromise of at least nine organizations worldwide from critical sectors, including defense, healthcare, energy, technology, and education. [...]

https://www.bleepingcomputer.com/news/security/state-hackers-breach-defense-energy-healthcare-orgs-worldwide/

Google will kill Chrome sync support on Chrome 48 and earlier

Google will end support for the Chrome sync feature for all users still running Google Chrome 48 and earlier after Chrome 96 reaches the stable channel. [...]

https://www.bleepingcomputer.com/news/google/google-will-kill-chrome-sync-support-on-chrome-48-and-earlier/

Electronics retail giant MediaMarkt hit by ransomware attack

Electronics retail giant MediaMarkt has suffered a ransomware attack causing IT systems to shut down and store operations to be disrupted in Netherlands and Germany. [...]

https://www.bleepingcomputer.com/news/security/electronics-retail-giant-mediamarkt-hit-by-ransomware-attack/

REvil ransomware affiliates arrested in Romania and Kuwait

Romanian law enforcement authorities have arrested two suspects believed to be Sodinokibi/REvil ransomware affiliates, allegedly responsible for infecting thousands of victims. [...]

https://www.bleepingcomputer.com/news/security/revil-ransomware-affiliates-arrested-in-romania-and-kuwait/

Criminal group dismantled after forcing victims to be money mules

The Spanish police have arrested 45 people who are believed to be members of an online fraud group that operated twenty websites to defraud at least 200 people of 1,500,000 Euros ($1.73 million). [...]

https://www.bleepingcomputer.com/news/security/criminal-group-dismantled-after-forcing-victims-to-be-money-mules/

Sitecore XP RCE flaw patched last month now actively exploited

The Australian Cyber Security Center (ACSC) is alerting web admins of the active exploitation of CVE-2021-42237, a remote code execution flaw in the Sitecore Experience Platform (Sitecore XP). [...]

https://www.bleepingcomputer.com/news/security/sitecore-xp-rce-flaw-patched-last-month-now-actively-exploited/

US seizes $6 million from REvil ransomware, arrest Kaseya hacker

The United States Department of Justice today has announced charges against a REvil ransomware affiliate responsible for the attack against the Kaseya MSP platform on July 2nd and seizing more than $6 million from another REvil partner. [...]

https://www.bleepingcomputer.com/news/security/us-seizes-6-million-from-revil-ransomware-arrest-kaseya-hacker/

US sanctions Chatex cryptoexchange used by ransomware gangs

The US Treasury Department announced today sanctions against the Chatex cryptocurrency exchange for helping ransomware gangs evade sanctions and facilitating ransom transactions. [...]

https://www.bleepingcomputer.com/news/security/us-sanctions-chatex-cryptoexchange-used-by-ransomware-gangs/

Softbank plans to charge electronic gadgets using 5G antennas

Japanese tech giant SoftBank is planning to trial wireless charging of smartwatches and earbuds using power transmitted through 5G antennas. [...]

https://www.bleepingcomputer.com/news/technology/softbank-plans-to-charge-electronic-gadgets-using-5g-antennas/

Robinhood discloses data breach impacting 5 million customers

Stock trading app RobinHood has disclosed a data breach after their systems were hacked and unauthorized user gained access to the personal information of approximately 5 million customers. [...]

https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-5-million-customers/

U.S. offers $10 million reward for leaders of REvil ransomware

The U.S. is offering up to $10 million for identifying or locating leaders in the REvil (Sodinokibi) ransomware operation, including $5 million leading to the arrest of affiliates. [...]

https://www.bleepingcomputer.com/news/security/us-offers-10-million-reward-for-leaders-of-revil-ransomware/

Medical software firm urges password resets after ransomware attack

Medatixx, a German medical software vendor whose products are used in over 21,000 health institutions, urges customers to change their application passwords following a ransomware attack that has severely impaired its entire operations. [...]

https://www.bleepingcomputer.com/news/security/medical-software-firm-urges-password-resets-after-ransomware-attack/

Clop gang exploiting SolarWinds Serv-U flaw in ransomware attacks

The Clop ransomware gang, also tracked as TA505 and FIN11, is exploiting a SolarWinds Serv-U vulnerability to breach corporate networks and ultimately encrypt its devices. [...]

https://www.bleepingcomputer.com/news/security/clop-gang-exploiting-solarwinds-serv-u-flaw-in-ransomware-attacks/

New PowerShell version comes with Microsoft Update support

Microsoft has released PowerShell 7.2 with automatic updates through the Microsoft Update service on Windows 10 and Windows Server devices. [...]

https://www.bleepingcomputer.com/news/microsoft/new-powershell-version-comes-with-microsoft-update-support/