Security News

Hackers actively exploiting Openfire flaw to encrypt servers
2023-09-26 14:20

Hackers are actively exploiting a high-severity vulnerability in Openfire messaging servers to encrypt servers with ransomware and deploy cryptominers. Although Openfire fixed the issue with versions 4.6.8, 4.7.5, and 4.8.0, released in May 2023, VulnCheck reported that by mid-August 2023, over 3,000 Openfire servers were still running a vulnerable version.

ShadowSyndicate hackers linked to multiple ransomware ops, 85 servers
2023-09-26 09:11

Group-IB analysts attribute with various degrees of confidence ShadowSyndicate's use of the Quantum, Nokoyawa, BlackCat/ALPHV, Clop, Royal, Cactus, and Play ransomware in breaches since July 2022. Based on their findings, researchers believe that the threat actor could be an initial access broker, although evidence suggests that ShadowSyndicate is an affiliate to multiple ransomware operations.

Ukraine accuses Russian spies of hunting for war-crime info on its servers
2023-09-26 08:00

"Their primary objectives were to identify which evidence of Russian war crimes and exercise control over potential ground-deployed spies have our law enforcement teams," states the report [PDF], which was released on Monday. Intruders linked to Russia's Federal Security Service, Main Intelligence Directorate, and Foreign Intelligence Service also sought out material that could be used in criminal proceedings against Russian spies, other specific individuals, institutions, and organizations "Potentially leading to sanctions or other actions," the SSSCIP reports.

High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
2023-09-22 08:00

Atlassian and the Internet Systems Consortium (ISC) have disclosed several security flaws impacting their products that could be exploited to achieve denial-of-service (DoS) and remote code...

China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
2023-09-21 09:39

China's Ministry of State Security (MSS) has accused the U.S. of breaking into Huawei's servers, stealing critical data, and implanting backdoors since 2009, amid mounting geopolitical tensions...

MGM casino's ESXi servers allegedly encrypted in ransomware attack
2023-09-14 22:52

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.

MGM Resorts ESXi servers allegedly encrypted in ransomware attack
2023-09-14 22:52

An affiliate of the BlackCat ransomware group, also known as APLHV, is behind the attack that disrupted MGM Resorts' operations, forcing the company to shut down IT systems. In a statement today, the BlackCat ransomware group claims that they had infiltrated MGM's infrastructure since Friday and encrypted more than 100 ESXi hypervisors after the company took down the internal infrastructure.

Protecting Your Microsoft IIS Servers Against Malware Attacks
2023-09-08 11:27

Recently, a slew of activity by the advanced persistent threat group Lazarus has focused on finding vulnerable Microsoft IIS servers and infecting them with malware or using them to distribute malicious code. This article describes the details of the malware attacks and offers actionable suggestions for protecting Microsoft IIS servers against them.

Alert: Apache SuperSet Vulnerabilities Expose Servers to Remote Code Execution Attacks
2023-09-07 11:02

Patches have been released to address two new security vulnerabilities in Apache SuperSet that could be exploited by an attacker to gain remote code execution on affected systems. Outside of these weaknesses, the latest version of Superset also remediates a separate improper REST API permission issue that allows for low-privilege users to carry out server-side request forgery attacks.

Cybercriminals target MS SQL servers to deliver ransomware
2023-09-06 12:53

A cyberattack campaign is targeting exposed Microsoft SQL databases, aiming to deliver ransomware and Cobalt Strike payloads. The attackers target exposed MS SQL servers by brute-forcing access credentials.