Security News > 2024 > February

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Hackers are always looking for exposed and potentially vulnerable Redis servers to hijack resources, steal data, and other malicious purposes.

End-to-end encrypted messaging app Signal finally allows users to pick custom usernames to connect with others while protecting their phone number privacy. "Our goal is to listen to your feedback, make adjustments, and ensure phone number privacy on Signal is easy and useful for everyone."

ConnectWise warned customers to patch their ScreenConnect servers immediately against a maximum severity flaw that can be used in remote code execution attacks. ConnectWise has yet to assign CVE IDs to the two security flaws that impact all servers running ScreenConnect 23.9.7 and prior.

The alleged source code for the third iteration of the Knight ransomware is being offered for sale to a single buyer on a hacker forum by a representative of the operation. Knight ransomware launched at the end of July 2023 as a re-brand of the Cyclops operation, targeting Windows, macOS, and Linux/ESXi systems.

After the infosec world was invigorated by the announcement of LockBit's site being seized yesterday, the authorities involved in the takedown operation - dubbed "Operation Cronos" - have now completely taken over the group's leak site and turned it into an exposé hub. In typical LockBit style, its countdown timers have been hijacked to reveal the times at which various pieces of information will be revealed, including what appears to be the identity of LockBit's leader.

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves...

Smart home security camera slinger Wyze is telling customers that a cybersecurity "Incident" allowed thousands of users to see other people's camera feeds. Thanks to a helpful Reg reader who sent a customer email over to us, we know that around 13,000 Wyze users had the opportunity to view events captured by other users' cameras.

Ransomware attackers are opportunistic criminals that exploit easily accessible targets, often leveraging initial access points provided by other cybercriminals, rather than creating these access points themselves. While we suspect many ransomware groups and affiliates directly leverage access gained through infostealers, many others choose the "White glove" service that initial access brokers offer.

Ivanti Secure VPN is a popular remote access VPN solution used by businesses, organizations and governments worldwide. French cyberdefense search engine ONYPHE has said that 29,664 Ivanti Secure VPN appliances are connected to the internet.

PSI Software SE, a German software developer for complex production and logistics processes, has confirmed that the cyber incident it disclosed last week is a ransomware attack that impacted its internal infrastructure. The company operates at a global level with a staff of more than 2,000 and specializes in software solutions for major energy suppliers.