Security News > 2024 > March
Hackers have started to exploit the critical-severity authentication bypass vulnerability in TeamCity On-Premises, which JetBrains addressed in an update on Monday. LeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.
Hackers have started to exploit the critical-severity authentication bypass vulnerability in TeamCity On-Premises, which JetBrains addressed in an update on Monday. LeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.
Hackers are conducting widescale attacks on WordPress sites to inject scripts that force visitors' browsers to bruteforce passwords for other sites. They then hack X accounts, create YouTube videos, or take out Google and X advertisements to promote the sites and steal visitor's cryptocurrency.
"Cybercriminals continue to adjust their tactics, and the FBI has observed emerging ransomware trends, such as the deployment of multiple ransomware variants against the same victim and the use of data-destruction tactics to increase pressure on victims to negotiate," according to the IC3 report. Crooks had no qualms about infecting critical infrastructure organizations with ransomware.
A gang of hackers specialized in business email compromise attacks and tracked as TA4903 has been impersonating various U.S. government entities to lure targets into opening malicious files carrying links to fake bidding processes. According to Proofpoint, whose analysts have been tracking the campaign, the threat actors impersonate the U.S. Department of Transportation, the U.S. Department of Agriculture, and the U.S. Small Business Administration.
Duvel Moortgat Brewery was hit by a ransomware attack late last night, bringing to a halt the beer production in the company's bottling facilities. Earlier today, a spokersperson for the company told local media that their automated threat detection systems flagged the ransomware attack.
The Financial Transactions and Reports Analysis Centre of Canada has announced that a "Cyber incident" forced it to take its corporate systems offline as a precaution. FINTRAC is a government agency in Canada that operates as the country's financial intelligence unit.
Apple's latest security patches address four vulnerabilities affecting iOS and iPadOS, including two zero-days that intel suggests attackers have already exploited. Affecting RTKit, Apple's real-time operating system that runs on various devices like AirPods, Apple Watch, and more, its description closely mirrors that of CVE-2024-23225.
Threat actors are targeting misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services as part of an emerging malware campaign designed to...
We know what went on at security awareness training vendor KnowBe4's seventh annual KB4-CON user conference in Florida. In this feature, written by Drew Robb for TechRepublic Premium, you can get to know about KnowBe4's ambitions to weave AI into its product portfolio, and how AI, voice cloning and ChatGPT have changed the way nefarious individuals hack.