Security News

ReversingLabs wrote about Havoc earlier this month in connection with a malicious npm package called Aabquerys, noting that it was created by a malware developer called C5pider. Now researchers with Zscaler's ThreatLabz threat intelligence unit say Havoc is being used in a campaign targeting a government organization.

Microsoft is sorting through two issues with Windows Server 2022 that affect VMware virtual machines and updates not getting passed on to Windows 11 devices. Both problems are related to the KB5022842 security update to Windows Server 2022 rolled out February 14 and will spread their share of headaches to users.

Hackers are deploying a new malware named 'Frebniss' on Microsoft's Internet Information Services that stealthily executes commands sent via web requests. Microsoft IIS is a web server software that acts as a web server and a web app hosting platform for services like Outlook on the Web for Microsoft Exchange.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Microsoft says that some WSUS servers upgraded to Windows Server 2022 might fail to push Windows 11, version 22H2 updates released during this month's Patch Tuesday to endpoints across enterprise environments. This known issue only affects WSUS servers upgraded from Windows Server 2016 or Windows Server 2019.

Microsoft has reminded admins that Exchange Server 2013 is reaching its extended end-of-support date in 60 days, on April 11, 2023. The first version of Exchange Server 2013 was released in January 2013, and it reached its mainstream end date four years ago, in April 2018.

Thousands of unpatched VMware ESXi servers hit by ransomware via old bugLate last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Reddit breached: Internal docs, dashboards, systems accessedPopular social news website and forum Reddit has been breached and the attacker "Gained access to some internal docs, code, as well as some internal dashboards and business systems," but apparently not to primary production systems and user data.

We and our store and/or access information on a device, such as cookies and process personal data, such as unique identifiers and standard information sent by a device for personalised ads and content, ad and content measurement, and audience insights, as well as to develop and improve products. With your permission we and our partners may use precise geolocation data and identification through device scanning.

Late last week, unknown attackers launched a widespread ransomware attack hitting VMware ESXi hypervisors via CVE-2021-21974, an easily exploitable vulnerability that allows them to run exploit code remotely, without prior authentication. Patches for CVE-2021-21974, a vulnerability in ESXi's OpenSLP service, have been provided by VMware two years ago, and this attack has revealed just how many servers are out there are still unpatched, with the SLP service still running and the OpenSLP port still exposed.

Royal Ransomware is the latest ransomware operation to add support for encrypting Linux devices to its most recent malware variants, specifically targeting VMware ESXi virtual machines. The new Linux Royal Ransomware variant was discovered by Will Thomas of the Equinix Threat Analysis Center, and is executed using the command line.