Security News

Atlassian Confluence Server RCE attacks underway from 600+ IPs
2024-01-22 23:37

More than 600 IP addresses are launching thousands of exploit attempts against CVE-2023-22527 - a critical bug in out-of-date versions of Atlassian Confluence Data Center and Server - according to non-profit security org Shadowserver. The CVE scored a CVSS rating of 10 out of 10, and it affects Confluence Data Center and Server 8 versions released before December 5, 2023 and versions up to 8.4.5.

Russians invade Microsoft exec mail while China jabs at VMware vCenter Server
2024-01-20 00:08

A VMware security vulnerability has been exploited by Chinese cyberspies since late 2021, according to Mandiant, in what has been a busy week for nation-state espionage news. On Friday VMware confirmed CVE-2023-34048, a critical out-of-bounds write flaw in vCenter Server, was under active exploitation.

Preventing Data Loss: Backup and Recovery Strategies for Exchange Server Administrators
2024-01-19 11:24

In the current digital landscape, data has emerged as a crucial asset for organizations, akin to currency. It’s the lifeblood of any organization in today's interconnected and digital world. Thus,...

Poorly secured PostgreSQL, MySQL servers targeted by ransomware bot
2024-01-18 14:54

Users exposing poorly secured PostgreSQL and MySQL servers online are in danger of getting their databases wiped by a ransomware bot, Border0 researchers are warning. Spurred by a recent tweet in which the poster shared that their accidentally exposted PostgreSQL server was "Immediately" compromised and wiped, Border0 researchers wanted to see whether and how quickly a simple PostgreSQL server - accessible from anywhere on the Internet by using the postgres username and the password password - would be targeted by the same bot once they exposed it online.

Windows Server 2022 patch is breaking apps for some users
2024-01-17 11:45

The latest Windows Server 2022 patch has broken the Chrome browser, and short of uninstalling the update, a registry hack is the only way to restore service for affected users. KB5034129 is a security update for Windows Server 2022 and was released on January 9, 2024.

Hacker spins up 1 million virtual servers to illegally mine crypto
2024-01-13 15:09

A 29-year-old man in Ukraine was arrested this week for using hacked accounts to create 1 million virtual servers used to mine $2 million in cryptocurrency. By using the computing resources of others' servers to mine cryptocurrency, the cybercriminals can profit at the expense of the compromised organizations, whose CPU and GPU performance is degraded by the mining.

NoaBot: Latest Mirai-Based Botnet Targeting SSH Servers for Crypto Mining
2024-01-10 15:15

A new Mirai-based botnet called NoaBot is being used by threat actors as part of a crypto mining campaign since the beginning of 2023. “The capabilities of the new botnet, NoaBot, include a...

Hackers are targeting exposed MS SQL servers with Mimic ransomware
2024-01-10 14:59

Hackers are brute-forcing exposed MS SQL database servers to deliver Mimic ransomware, Securonix researchers are warning. Mimic ransomware was first spotted in the wild in June 2022 and analyzed by Trend Micro researchers in January 2023.

Hackers target Microsoft SQL servers in Mimic ransomware attacks
2024-01-09 18:50

A group of financially motivated Turkish hackers targets Microsoft SQL servers worldwide to encrypt the victims' files with Mimic ransomware. "The timeline for the events was about one month from initial access to the deployment of MIMIC ransomware on the victim domain."

Turkish Hackers Exploiting Poorly Secured MS SQL Servers Across the Globe
2024-01-09 13:45

Poorly secured Microsoft SQL (MS SQL) servers are being targeted in the U.S., European Union, and Latin American (LATAM) regions as part of an ongoing financially motivated campaign to gain...