Security News

The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.

As many as 85 command-and-control servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit, which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications.

Microsoft warns that a newly acknowledged issue can lead to data loss when resetting virtual disks using the Server Manager management console. [...]

Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations. In a recent advisory, the Cybersecurity and Infrastructure Security Agency, FBI, and Department of Health and Human Services said the group has attacked multiple entities since at least June, deploying ransomware to encrypt data on servers used for a range of services, including electronic health records, diagnostic, imaging, and intranet services.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life, with VMware no longer providing software and security updates unless companies purchase an extended support contract. As of October 15, 2022, VMware ESXi 6.5 and VMware ESXi 6.7 reached end-of-life and will only receive technical support but no security updates, putting the software at risk of vulnerabilities.

Almost 900 servers have been hacked using a critical Zimbra Collaboration Suite vulnerability, which at the time was a zero-day without a patch for nearly 1.5 months. The vulnerability tracked as CVE-2022-41352 is a remote code execution flaw that allows attackers to send an email with a malicious archive attachment that plants a web shell in the ZCS server while, at the same time, bypassing antivirus checks.

Web infrastructure and security company Cloudflare disclosed this week that it halted a 2.5 Tbps distributed denial-of-service attack launched by a Mirai botnet. Characterizing it as a "Multi-vector attack consisting of UDP and TCP floods," researcher Omer Yoachimik said the DDoS attack targeted the Minecraft server Wynncraft in Q3 2022.

Wynncraft, one of the largest Minecraft servers, was recently hit by a 2.5 Tbps distributed denial-of-service attack. It was a multi-vector attack that lasted for about two minutes and consisted of UDP and TCP floods packets attempting to overwhelm the server and keep out hundreds of thousands of players, DDoS mitigation company Cloudflare says.

Microsoft's Patch Tuesday update for the month of October has addressed a total of 85 security vulnerabilities, including fixes for an actively exploited zero-day flaw in the wild. Of the 85 bugs,...