Security News

A phishing-as-a-service platform known as Robin Banks has relocated its attack infrastructure to DDoS-Guard, a Russian provider of bulletproof hosting services. The switch comes after "Cloudflare disassociated Robin Banks phishing infrastructure from its services, causing a multi-day disruption to operations," according to a report from cybersecurity company IronNet.

IT service management software platform ConnectWise has released Software patches for a critical security vulnerability in Recover and R1Soft Server Backup Manager. ConnectWise's advisory notes that the flaw affects Recover v2.9.7 and earlier, as well as R1Soft SBM v6.16.3 and earlier, are impacted by the critical flaw.

ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions.Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.

ConnectWise has released security updates to address a critical vulnerability in the ConnectWise Recover and R1Soft Server Backup Manager secure backup solutions. Affected software versions include ConnectWise Recover or earlier and R1Soft SBM v6.16.3 or earlier.

The Cranefly hacking group, aka UNC3524, uses a previously unseen technique of controlling malware on infected devices via Microsoft Internet Information Services web server logs. Like any web server, when a remote user accesses a webpage, IIS will log the request to log files that contain the timestamp, source IP addresses, the requested URL, HTTP status codes, and more.

As many as 85 command-and-control servers have been discovered supported by the ShadowPad malware since September 2021, with infrastructure detected as recently as October 16, 2022. That's according to VMware's Threat Analysis Unit, which studied three ShadowPad variants using TCP, UDP, and HTTP(S) protocols for C2 communications.

Microsoft warns that a newly acknowledged issue can lead to data loss when resetting virtual disks using the Server Manager management console. [...]

Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations. In a recent advisory, the Cybersecurity and Infrastructure Security Agency, FBI, and Department of Health and Human Services said the group has attacked multiple entities since at least June, deploying ransomware to encrypt data on servers used for a range of services, including electronic health records, diagnostic, imaging, and intranet services.

"This misconfiguration resulted in the potential for unauthenticated access to some business transaction data corresponding to interactions between Microsoft and prospective customers, such as the planning or potential implementation and provisioning of Microsoft services," Microsoft said in an alert.The exposure amounts to 2.4 terabytes of data that consists of invoices, product orders, signed customer documents, partner ecosystem details, among others.

Over 45,000 VMware ESXi servers inventoried by Lansweeper just reached end-of-life, with VMware no longer providing software and security updates unless companies purchase an extended support contract. As of October 15, 2022, VMware ESXi 6.5 and VMware ESXi 6.7 reached end-of-life and will only receive technical support but no security updates, putting the software at risk of vulnerabilities.