Security News

Two security vulnerabilities that impact the Control Web Panel software can be chained by unauthenticated attackers to gain remote code execution as root on vulnerable Linux servers. CWP, previously known as CentOS Web Panel, is a free Linux control panel for managing dedicated web hosting servers and virtual private servers.

A group of hackers claim they breached and encrypted servers belonging to the Belarusian Railway, Belarus's national state-owned railway company. "At the command of the terrorist Lukashenka, Belarusian Railway allows the occupying troops to enter our land," the group said today on Twitter.

Bandai Namco has deactivated the online PvP mode for the Dark Souls role-playing game, taking its servers offline to investigate reports about a severe security issue that may pose a risk to players. Bandai Namco allegedly ignored the report but given the severity of the flaw, the reporter decided to demonstrate it on popular streamers to raise awareness and show how critical it is.

Bandai Namco has deactivated the online PvP mode for the Dark Souls role-playing game, taking its servers offline to investigate reports about a severe security issue that may pose a risk to players. The issue became widely known on Saturday in a post on Discord clarifying that the game developer received details about the RCE vulnerability in a responsible disclosure report straight from the person who discovered it.

Researchers have disclosed details of two critical security vulnerabilities in Control Web Panel that could be abused as part of an exploit chain to achieve pre-authenticated remote code execution on affected servers. Tracked as CVE-2021-45467, the issue concerns a case of a file inclusion vulnerability, which occurs when a web application is tricked into exposing or running arbitrary files on the web server.

An exploration of zero-click attack surface for the popular video conferencing solution Zoom has yielded two previously undisclosed security vulnerabilities that could be exploited to crash the service, execute malicious code, and even leak arbitrary areas of its memory. Natalie Silvanovich of Google Project Zero, who discovered and reported the two flaws last year, said the issues impact both Zoom clients and Multimedia Router servers, which transmit audio and video content between clients in on-premise deployments.

Microsoft has released an emergency out-of-band update for Windows Server 2019 that fixes numerous critical bugs introduced during the January 2022 Patch Tuesday. Soon after Windows Server admins installed the January 2022 updates, they began reporting severe issues, including domain controllers entering into boot loops, Hyper-V no longer starting, L2TP VPN connections failing, and ReFS volumes becoming inaccessible.

Crypto.com, a Singapore-based cryptocurrency exchange, has denied reports that the firm lost nearly $15m in Ethereum in a possible network intrusion over the weekend. According to blockchain biz PeckShield, Crypto.com lost about $14.3m or 4,600 ETH, based on its analysis of public blockchain addresses.

Some 15 server infrastructures used by crims to prepare ransomware attacks were seized by cops yesterday as part of an international sting to take down VPNLab.net. The VPN provider's service gave users "Shielded communications and internet access" that was used in "Support of serious criminals acts such as ransomware deployment and other cybercrime activities," Europol said today.

A critical security vulnerability in the Zoho ManageEngine Desktop Central and Desktop Central MSP platforms could allow authentication bypass, the company has warned. Zoho's ManageEngine Desktop Central is a unified endpoint management solution that lets IT admins manage servers, laptops, desktops, smartphones and tablets from a central location.