Security News

Were] two zero-days that [could] be chained together, with the first bug used remotely to open enough of a hole to trigger the second bug, which potentially allows remote code execution on the Exchange server itself. It does mean that an automated Python script can't just scan the whole internet and potentially exploit every Exchange server in the world in a matter of minutes or hours, as we saw happen with ProxyLogon and ProxyShell in 2021.

Microsoft is rolling out fixes for problems with the Kerberos network authentication protocol on Windows Server after it was broken by November Patch Tuesday updates. As we reported last week, updates released November 8 or later that were installed on Windows Server with the Domain Controller duties of managing network and identity security requests disrupted Kerberos authentication capabilities, ranging from failures in domain user sign-ins and Group Managed Service Accounts authentication to remote desktop connections not connecting.

Atlassian has released updates to address critical-severity updates in its centralized identity management platform, Crowd Server and Data Center, and in Bitbucket Server and Data Center, the company's solution for Git repository management. Rated critical, the issue in Crowd Server and Data Center is tracked as CVE-2022-43782 and is a misconfiguration that allows an attacker to bypass password checks when authenticating as the Crowd app and to call privileged API endpoints.

The Mirai-based botnet 'RapperBot' has re-emerged via a new campaign that infects IoT devices for DDoS attacks against game servers. The malware was discovered by Fortinet researchers last August when it used SSH brute-forcing to spread on Linux servers.

Cybersecurity researchers have unearthed new samples of malware called RapperBot that are being used to build a botnet capable of launching Distributed Denial of Service attacks against game servers. "In fact, it turns out that this campaign is less like RapperBot than an older campaign that appeared in February and then mysteriously disappeared in the middle of April," Fortinet FortiGuard Labs researchers Joie Salvio and Roy Tay said in a Tuesday report.

Multiple high-severity flaws have been uncovered in the open source OpenLiteSpeed Web Server as well as its enterprise variant that could be weaponized to achieve remote code execution. "By chaining and exploiting the vulnerabilities, adversaries could compromise the web server and gain fully privileged remote code execution," Palo Alto Networks Unit 42 said in a Thursday report.

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw.

ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.

ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions. Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.