Security News

Hackers stayed hidden for nine months on a server holding customer information for a Queensland water supplier, illustrating the need of better cyberdefenses for critical infrastructure. SunWater is Australian government-owned water supplier responsible for operating 19 major dams, 80 pumping stations, and 1,600 miles long pipelines.

Microsoft says users might experience authentication issues on Domain Controllers running Windows Server. These authentication issues impact systems running Windows Server 2019 and lower versions with certain Kerberos delegation scenarios.

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. The most critical of the flaws are CVE-2021-42321 and CVE-2021-42292, each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively.

Microsoft has released security updates as part of its monthly Patch Tuesday release cycle to address 55 vulnerabilities across Windows, Azure, Visual Studio, Windows Hyper-V, and Office, including fixes for two actively exploited zero-day flaws in Excel and Exchange Server that could be abused to take control of an affected system. The most critical of the flaws are CVE-2021-42321 and CVE-2021-42292, each concerning a post-authentication remote code execution flaw in Microsoft Exchange Server and a security bypass vulnerability impacting Microsoft Excel versions 2013-2021 respectively.

Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month. As illustrated in an attack workflow, the attack starts with creating a container on the vulnerable host using an exposed Docker REST API. TeamTNT then uses compromised, or actor-controlled Docker Hub accounts to host malicious images and deploy them on a targeted host.

Attackers are actively exploiting an "Old" vulnerability to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue.

A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S. Cisco Talos has a warning out for U.S. companies about a new variant of the Babuk ransomware. Security researchers Chetan Raghuprasad, Vanja Svajcer and Caitlin Huey describe the new threat in a Talos Intelligence blog post.

A new-ish threat actor sometimes known as "Tortilla" is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. ProxyShell is a name given to an attack that chains a trio of vulnerabilities together, to enable unauthenticated attackers to perform remote code execution and to snag plaintext passwords.

A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched. Hackers first started exploiting internet-facing GitLab servers in June 2021 to create new users and give them admin rights.

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East....