Security News

A newer version of a malware loader called Hijack Loader has been observed incorporating an updated set of anti-analysis techniques to fly under the radar. "These enhancements aim to increase the...

Organizations with on-prem installations of Delinea Secret Server are urged to update them immediately, to plug a critical vulnerability that may allow attackers to bypass authentication, gain admin access and extract secrets. Delinea Secret Server is a privileged access management solution "For the modern, hybrid enterprise".

Patch Tuesday Microsoft fixed 149 security flaws in its own products this week, and while Redmond acknowledged one of those vulnerabilities is being actively exploited, we've been told another hole is under attack, too. Trend Micro's Zero Day Initiative says a separate vulnerability, spotted and reported by bug hunter Peter Girrus, was under attack in the wild before Microsoft issued a patch this week.

QNAP warns of vulnerabilities in its NAS software products, including QTS, QuTS hero, QuTScloud, and myQNAPcloud, that could allow attackers to access devices. NAS devices often store large amounts of valuable data for businesses and individuals, including sensitive personal information, intellectual property, and critical business data.

Hackers have started to exploit the critical-severity authentication bypass vulnerability in TeamCity On-Premises, which JetBrains addressed in an update on Monday. LeakIX, a search engine for exposed device misconfigurations and vulnerabilities, told BleepingComputer that a little over 1,700 TeamCity servers have yet to receive the fix.

A critical vulnerability in the TeamCity On-Premises CI/CD solution from JetBrains can let a remote unauthenticated attacker take control of the server with administrative permissions. "Compromising a TeamCity server allows an attacker full control over all TeamCity projects, builds, agents and artifacts, and as such is a suitable vector to position an attacker to perform a supply chain attack" - Rapid7.

When it comes to access security, one recommendation stands out above the rest: multi-factor authentication (MFA). With passwords alone being simple work for hackers, MFA provides an essential...

Ivanti has alerted customers of yet another high-severity security flaw in its Connect Secure, Policy Secure, and ZTA gateway devices that could allow attackers to bypass authentication. The...

Today, Ivanti warned of a new authentication bypass vulnerability impacting Connect Secure, Policy Secure, and ZTA gateways, urging admins to secure their appliances immediately. Shadowserver also monitors Ivanti Connect Secure VPN instances compromised worldwide daily, with almost 250 compromised devices discovered on Wednesday, February 7.

JetBrains has patched a critical authentication bypass vulnerability affecting TeamCity On-Premises continuous integration and deployment servers. CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server.