Security News

A new peer-to-peer botnet named Panchan appeared in the wild around March 2022, targeting Linux servers in the education sector to mine cryptocurrency. At the same time, it has powerful detection avoidance capabilities, such as using memory-mapped miners and dynamically detecting process monitoring to stop the mining module immediately.

Microsoft says that some applications might fail to backup data using Volume Shadow Copy Service after applying the June 2022 Patch Tuesday Windows updates."After you install the June 14, 2022 or a later Windows update, operations related to shadow copies on an Application Server running VSS aware Server Applications that store data on remote SMB 3.0 or later file shares may fail for SMB shares hosted on a File Server," Microsoft explains.

Two of the more prolific cybercriminal groups, which in the past have deployed such high-profile ransomware families as Conti, Ryuk, REvil and Hive, have started adopting the BlackCat ransomware-as-as-service offering. The use of the modern Rust programming language to stabilize and port the code, the variable nature of RaaS, and growing adoption by affiliate groups all increase the chances that organizations will run into BlackCat - and have difficulty detecting it - according to researchers with the Microsoft 365 Defender Threat Intelligence Team.

Microsoft says BlackCat ransomware affiliates are now attacking Microsoft Exchange servers using exploits targeting unpatched vulnerabilities. Two weeks after the initial compromise using an unpatched Exchange server as an entry vector, the threat actor deployed BlackCat ransomware payloads across the network via PsExec.

Ransomware gangs are now targeting a recently patched and actively exploited remote code execution vulnerability affecting Atlassian Confluence Server and Data Center instances for initial access to corporate networks. Ransomware starts circling unpatched Confluence servers.

Intel has released a reference design for a plug-in security card aimed at delivering improved network and security processing without requiring the additional rackspace a discrete appliance would need. The NetSec Accelerator Reference Design [PDF] is effectively a fully functional x86 compute node delivered as a PCIe card that can be fitted into an existing server.

Black Basta is the latest ransomware gang to add support for encrypting VMware ESXi virtual machines running on enterprise Linux servers. In a new report, Uptycs Threat Research analysts revealed that they spotted new Black Basta ransomware binaries specifically targeting VMWare ESXi servers.

Hackers reportedly stole over $257,000 in Ethereum and thirty-two NFTs after the Yuga Lab's Bored Ape Yacht Club and Otherside Metaverse Discord servers were compromised to post a phishing scam. Earlier this morning, the Discord account for a Yuga Labs community manager was allegedly hacked to post a phishing scam on the company's Discord servers.

There's no alert about the bug visible on the company's main web page, which features the company's best-known tools JIRA and Trello, but you'll find Confluence Security Advisory 2022-06-02 on the Confluence sub-site. Webshells are a nasty way of opening up a backdoor into a network using an attack that sometimes requires attackers to do little more than write one tiny file into part of a web server where content is stored.

Virtual Private Network provider ExpressVPN on Thursday announced that it's removing Indian-based VPN servers in response to a new cybersecurity directive issued by the Indian Computer Emergency Response Team. "Rest assured, our users will still be able to connect to VPN servers that will give them Indian IP addresses and allow them to access the internet as if they were located in India," the company said.