Security News

Microsoft pushes emergency fix for Windows Server 2019 update errors
2024-05-24 00:32

Microsoft has released an emergency out-of-band update for Windows Server 2019 that fixes a bug causing 0x800f0982 errors when attempting to install the May 2024 Patch Tuesday security updates. "Yep, 6 Windows Server 2019 by different Costumers. All the same issue: error 0x800f0982," reported a Windows admin on Reddit.

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
2024-05-23 10:13

A critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub. There is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack only if they use SAML single sign-on authentication AND have the encrypted assertions feature enabled.

MS Exchange Server Flaws Exploited to Deploy Keylogger in Targeted Attacks
2024-05-22 07:41

An unknown threat actor is exploiting known security flaws in Microsoft Exchange Server to deploy a keylogger malware in attacks targeting entities in Africa and the Middle East. Russian...

GitHub Enterprise Server patches 10-outta-10 critical hole
2024-05-22 07:31

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Authelia: Open-source authentication and authorization server
2024-05-22 04:30

Authelia is an open-source authentication and authorization server that offers 2FA and SSO for applications through a web portal. Authelia connects directly to the reverse proxy but never to the application backends.

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
2024-05-21 16:16

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked...

GitHub warns of SAML auth bypass flaw in Enterprise Server
2024-05-21 15:01

GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single...

Microsoft: Windows Server 2019 updates fail with 0x800f0982 errors
2024-05-16 14:25

Microsoft has acknowledged a new known issue causing this month's KB5037765 security update for Windows Server 2019 to fail to install with 0x800f0982 errors. This confirmation comes after many Windows admins reported seeing install failures when trying to deploy cumulative updates released during the May 2024 Patch Tuesday on Windows Server 2019 systems.

Ebury botnet compromises 400,000+ Linux servers
2024-05-16 04:30

In many cases, Ebury operators could gain full access to large servers of ISPs and well-known hosting providers. "We have documented cases where the infrastructure of hosting providers was compromised by Ebury. In these cases, we have seen Ebury being deployed on servers rented out by those providers, with no warning to the lessees. This resulted in cases where the Ebury actors were able to compromise thousands of servers at once," says Marc-Etienne M. Léveillé, the ESET researcher who investigated Ebury for more than a decade.

Ebury Botnet Malware Compromises 400,000 Linux Servers Over Past 14 Years
2024-05-15 10:56

A malware botnet called Ebury is estimated to have compromised 400,000 Linux servers since 2009, out of which more than 100,000 were still compromised as of late 2023. The findings come from...