Security News

Lockbit ransomware affiliates are encrypting victims via Microsoft Exchange servers hacked using exploits targeting unpatched vulnerabilities. In at least one such incident from July 2022, the attackers used a previously deployed web shell on a compromised Exchange server to escalate privileges to Active Directory admin, steal roughly 1.3 TB of data, and encrypt network systems.

The official installer for the Comm100 Live Chat application, a widely deployed SaaS that businesses use for customer communication and website visitors, was trojanized as part of a new supply-chain attack. Because the trojanized installer used a valid digital signature, antivirus solutions would not trigger warnings during its launch, allowing for a stealthy supply-chain attack.

Apple News shut down Fast Company's news channel after "An incredibly offensive alert" was sent to subscribers following a hack of the business publication on Tuesday evening. Fast Company's Apple News account was hacked on Tuesday evening.

Cybercriminals wielding the FARGO ransomware are targeting Microsoft SQL servers, AhnLab's ASEC analysis team has warned. They haven't pinpointed how the attackers are getting access to the targeted servers, but noted that typical attacks targeting database servers include brute force and dictionary attacks aimed at ferreting out the passwords of existing, poorly secured accounts.

Vulnerable Microsoft SQL servers are being targeted in a new wave of attacks with FARGO ransomware, security researchers are warning. BleepingComputer has reported similar attacks in February, dropping Cobalt Strike beacons, and in July when threat actors hijacked vulnerable MS-SQL servers to steal bandwidth for proxy services.

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. "The unauthorized access to the cloud tenant enabled the actor to create a malicious OAuth application that added a malicious inbound connector in the email server."

American video game publisher 2K has confirmed that its help desk platform was hacked and used to target customers with fake support tickets pushing malware via embedded links. "Earlier today, we became aware that an unauthorized third party illegally accessed the credentials of one of our vendors to the help desk platform that 2K uses to provide support to our customers," 2K's support account tweeted on Tuesday after BleepingComputer broke the story on the security breach.

Hackers have compromised the support system of American video game publisher 2K and now are sending support tickets to gamers containing the RedLine password-stealing malware. 2K is the publisher behind numerous popular game franchises, including NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization, and Xcom.

Hackers have compromised the support system of American video game publisher 2K and now are sending support tickets to gamers containing the RedLine password-stealing malware. 2K is the publisher behind numerous popular game franchises, including NBA 2K, Borderlands, WWE 2K, PGA Tour 2K, Bioshock, Civilization, and Xcom.

Thousands of QNAP NAS devices hit by DeadBolt ransomwareQNAP Systems has provided more information about the latest DeadBolt ransomware campaign targeting users of its network-attached storage devices and the vulnerability the attackers are exploiting. 5 Kali Linux books you should read this yearKali Linux is a Linux distribution designed for digital forensics, penetration testing, security research, and reverse engineering.