Security News

8220 Gang Exploits Oracle WebLogic Server Flaws for Cryptocurrency Mining
2024-06-28 11:59

Security researchers have shed more light on the cryptocurrency mining operation conducted by the 8220 Gang by exploiting known security flaws in the Oracle WebLogic Server. "The threat actor...

P2PInfect botnet targets REdis servers with new ransomware module
2024-06-25 10:00

P2PInfect, originally a dormant peer-to-peer malware botnet with unclear motives, has finally come alive to deploy a ransomware module and a cryptominer in attacks on Redis servers. P2PInfect was first documented in July 2023 by Unit 42 researchers, targeting Redis servers using known vulnerabilities.

Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server
2024-06-24 20:34

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Meta, Microsoft SQL Server make strange bedfellows on a couch of cyber-pain
2024-06-24 08:30

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Week in review: CDK Global cyberattack, critical vCenter Server RCE fixed
2024-06-23 08:00

The rise of SaaS security teamsIn this Help Net Security interview, Hillary Baron, Senior Technical Director for Research at CSA, highlights that the recent surge in organizations establishing dedicated SaaS security teams is driven by significant data breaches involving widely used platforms. Enhancing security through collaboration with the open-source communityIn this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution
2024-06-19 07:36

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible...

Critical RCE flaws in vCenter Server fixed (CVE-2024-37079, CVE-2024-37080)
2024-06-18 09:03

VMware by Broadcom has fixed two critical vulnerabilities affecting VMware vCenter Server and products that contain it: vSphere and Cloud Foundation."A malicious actor with network access to vCenter Server may trigger these vulnerabilities by sending a specially crafted network packet potentially leading to remote code execution," the company said, but noted that they are currently not aware of them being exploited "In the wild".

VMware Issues Patches for Cloud Foundation, vCenter Server, and vSphere ESXi
2024-06-18 08:24

VMware has released updates to address critical flaws impacting Cloud Foundation, vCenter Server, and vSphere ESXi that could be exploited to achieve privilege escalation and remote code...

Former IT employee gets 2.5 years for wiping 180 virtual servers
2024-06-14 15:51

A former quality assurance employee of National Computer Systems was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. Nagaraju Kandula, 39, pleaded guilty to deleting the virtual servers in an attempt to sabotage the firm's systems out of spite for getting fired from NCS, causing damages estimated to $678,0000.

Former IT staff gets 2.5 years for wiping 180 virtual servers
2024-06-14 15:51

A former quality assurance employee of National Computer Systems was sentenced to two years and eight months in prison for reportedly deleting 180 virtual servers after being fired. Nagaraju Kandula, 39, pleaded guilty to deleting the virtual servers in an attempt to sabotage the firm's systems out of spite for getting fired from NCS, causing damages estimated to $678,0000.