Security News

The Main Intelligence Directorate of Ukraine's Ministry of Defense claims that it breached the servers of the Russian Ministry of Defense and stole sensitive documents. Software used by the Russian Ministry of Defense for protecting and encrypting data.

The LockBit ransomware gang is once again conducting attacks, using updated encryptors with ransom notes linking to new servers after last week's law enforcement disruption. Last week, the NCA, FBI, and Europol conducted a coordinated disruption called 'Operation Cronos' against the LockBit ransomware operation.

The LockBit gang is relaunching its ransomware operation on a new infrastructure less than a week after law enforcement hacked their servers, and is threatening to focus more of their attacks on the government sector. On Saturday, LockBit announced it was resuming the ransomware business and released damage control communication saying admitting that "Personal negligence and irresponsibility" led to law enforcement disrupting its activity in Operation Cronos.

Attackers are exploiting a maximum severity authentication bypass vulnerability to breach unpatched ScreenConnect servers and deploy LockBit ransomware payloads on compromised networks. Today, Sophos X-Ops revealed that threat actors have been deploying LockBit ransomware on victims' systems after gaining access using exploits targeting these two ScreenConnect vulnerabilities.

Security researchers discovered a new campaign that targets Redis servers on Linux hosts using a piece of malware called 'Migo' to mine for cryptocurrency. Hackers are always looking for exposed and potentially vulnerable Redis servers to hijack resources, steal data, and other malicious purposes.

A novel malware campaign has been observed targeting Redis servers for initial access with the ultimate goal of mining cryptocurrency on compromised Linux hosts. "This particular campaign involves...

Up to 97,000 Microsoft Exchange servers may be vulnerable to a critical severity privilege escalation flaw tracked as CVE-2024-21410 that hackers are actively exploiting. Currently, 28,500 servers have been identified as being vulnerable.

Microsoft claims to have fixed Windows Metadata connection issues which continue to plague customers, causing problems for users trying to manage their printers and other hardware. When new hardware is added to a Windows computer, the operating system connects to a Microsoft-operated website called the Windows Metadata and Internet Services to download metadata packages associated with the particular hardware.

Microsoft on Wednesday acknowledged that a newly disclosed critical security flaw in Exchange Server has been actively exploited in the wild, a day after it released fixes for the vulnerability as...

A 20-plus-year-old security vulnerability in the design of DNSSEC could allow a single DNS packet to exhaust the processing capacity of any server offering the system for domain-name resolution, effectively disabling the machine. Yes, a single DNS packet can take out a remote DNSSEC server.