Security News

Microsoft shares temp fix for broken Windows Server 2022 VMs
2023-11-09 18:07

Microsoft publicly acknowledged a known issue causing Windows Server 2022 virtual machine blue screens and boot failures on VMware ESXi hosts. "Affected VMs will receive an error with a blue screen and Stop code : PNP DETECTED FATAL ERROR," Microsoft said in an update to the Windows release health dashboard.

3,000 Apache ActiveMQ servers vulnerable to RCE attacks exposed online
2023-11-01 18:05

Over three thousand internet-exposed Apache ActiveMQ servers are vulnerable to a recently disclosed critical remote code execution vulnerability. Apache ActiveMQ is a scalable open-source message broker that fosters communication between clients and servers, supporting Java and various cross-language clients and many protocols, including AMQP, MQTT, OpenWire, and STOMP. Thanks to the project's support for a diverse set of secure authentication and authorization mechanisms, it is widely used in enterprise environments where systems communicate without direct connectivity.

Microsoft tests Windows 11 encrypted DNS server auto-discovery
2023-10-25 20:45

Microsoft is testing support for the Discovery of Network-designated Resolvers internet standard, which enables automated client-side discovery of encrypted DNS servers on local area networks. Without DNR support, users must manually enter the info of encrypted DNS servers on their local area network within the network settings.

European govt email servers hacked using Roundcube zero-day
2023-10-25 11:00

Their phishing messages impersonated the Outlook Team and tried to trick potential victims into opening malicious emails, automatically triggering a first-stage payload that exploited the Roundcube email server vulnerability. "The final JavaScript payload [.] is able to list folders and emails in the current Roundcube account, and to exfiltrate email messages to the C&C server."

VMware patches critical vulnerability in vCenter Server (CVE-2023-34048)
2023-10-25 10:40

VMware has fixed a critical out-of-bounds write vulnerability and a moderate-severity information disclosure flaw in vCenter Server, its popular server management software.CVE-2023-34048 allows an attacker with network access to a vulnerable vCenter Server virtual appliance to trigger an out-of-bounds write that can lead to remote code execution.

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability
2023-10-25 10:11

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 (CVSS...

VMware fixes critical code execution flaw in vCenter Server
2023-10-25 09:00

VMware issued security updates to fix a critical vCenter Server vulnerability that can be exploited to gain remote code execution attacks on vulnerable servers. vCenter Server is the central management hub for VMware's vSphere suite, and it helps administrators manage and monitor virtualized infrastructure.

QNAP takes down server behind widespread brute-force attacks
2023-10-23 12:02

QNAP took down a malicious server used in widespread brute-force attacks targeting Internet-exposed NAS devices with weak passwords. The Taiwanese hardware vendor detected the attacks on the evening of October 14 and, with assistance from Digital Ocean, took down the command-and-control server within two days.

Ukrainian activists hack Trigona ransomware gang, wipe servers
2023-10-18 23:17

A group of cyber activists under the Ukrainian Cyber Alliance banner has hacked the servers of the Trigona ransomware gang and wiped them clean after copying all the information available. Ukrainian Cyber Alliance hackers gained access to Trigona ransomware's infrastructure by using a public exploit for CVE-2023-22515, a critical vulnerability in Confluence Data Center and Server that can be leveraged remotely to escalate privileges.

Qubitstrike attacks rootkit Jupyter Linux servers to steal credentials
2023-10-18 10:00

Hackers are scanning for internet-exposed Jupyter Notebooks to breach servers and deploy a cocktail of malware consisting of a Linux rootkit, crypto miners, and password-stealing scripts. In a new campaign called 'Qubitstrike,' the threat actors download malicious payloads to hijack a Linux server for cryptomining and to steal credentials for cloud services, such as AWS and Google Cloud.