Security News

CISA: Roundcube email server bug now exploited in attacks
2024-02-12 19:03

CISA warns that a Roundcube email server vulnerability patched in September is now actively exploited in cross-site scripting attacks. The security flaw is a persistent cross-site scripting bug that lets attackers access restricted information via plain/text messages maliciously crafted links in low-complexity attacks requiring user interaction.

February 2024 Patch Tuesday forecast: Zero days are back and a new server too
2024-02-09 06:24

Microsoft introduced the update process called 'flighting' for these preview builds, allowing automatic or manual in-place updates approximately every two weeks without needing a new install every time. Google released the Stable Channel updates 120.0.6099.234 for Mac, 120.0.6099.224 for Linux, and 120.0.6099.224/225 to Windows back on January 16.

On-premises JetBrains TeamCity servers vulnerable to auth bypass (CVE-2024-23917)
2024-02-07 10:29

JetBrains has patched a critical authentication bypass vulnerability affecting TeamCity On-Premises continuous integration and deployment servers. CVE-2024-23917 could allow an unauthenticated threat actor with HTTP(S) access to a TeamCity server to bypass authentication controls and gain administrative privileges on the server.

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now
2024-02-07 05:05

JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors...

Microsoft is bringing the Linux sudo command to Windows Server
2024-02-04 17:26

Microsoft is bringing the Linux 'sudo' feature to Windows Server 2025, offering a new way for admins to elevate privileges for console applications.Microsoft released the first Windows Server 2025 Insider preview build last week.

AnyDesk says hackers breached its production servers, reset passwords
2024-02-02 22:16

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. In a statement shared with BleepingComputer late Friday afternoon, AnyDesk says they first learned of the attack after detecting indications of an incident on their product servers.

AnyDesk says hackers breached its production servers, resets passwords
2024-02-02 22:16

AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. In a statement shared with BleepingComputer, AnyDesk says they first learned of the attack after detecting indications of an incident on their product servers.

BTC-e server admin indicted for laundering ransom payments, stolen crypto
2024-02-02 15:33

Aliaksandr Klimenka, a Belarusian and Cypriot national, has been indicted in the U.S. for his involvement in an international cybercrime money laundering operation. The U.S. DoJ alleged back then that the platform was used to launder funds stolen during the hack of Japanese crypto exchange platform Mt. Gox, as well as ransom payments for the Locky, Cerber, NotPetya, WannaCry, and Spora ransomware operations.

Interpol's latest cybercrime intervention dismantles ransomware, banking malware servers
2024-02-02 13:01

Interpol has arrested 31 people following a three-month operation to stamp out various types of cybercrime.Spanning 55 countries, from Albania to Australia, Operation Synergia identified more than 1,300 malicious servers, dismantling more than 70 percent of those used as part of command and control infrastructure that supported phishing, banking malware, and ransomware.

Interpol operation Synergia takes down 1,300 servers used for cybercrime
2024-02-02 12:56

An international law enforcement operation code-named 'Synergia' has taken down over 1,300 command and control servers used in ransomware, phishing, and malware campaigns. The Synergia operation identified and took down command and control servers between September and November 2023, with 60 law enforcement agencies from 55 countries participating in the operation.