Security News

Microsoft has confirmed and fixed a known issue causing performance issues, boot problems, and freezes on Windows Server 2019 systems after installing the August 2024 security updates. [...]

A critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unrestricted access to the instance’s contents....

GitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be abused to gain site administrator privileges....

Unless you're cool with an unauthorized criminal enjoying admin privileges to comb through your code A critical bug in GitHub Enterprise Server could allow an attacker to gain unauthorized access...

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...]

The August 2024 Windows Server updates fix a known issue that breaks multiple Microsoft 365 Defender features after installing last month's security updates. [...]

The U.S. Federal Bureau of Investigation on Monday announced the disruption of online infrastructure associated with a nascent ransomware group called Dispossessor. "Since its inception in August 2023, Radar/Dispossessor has quickly developed into an internationally impactful ransomware group, targeting and attacking small-to-mid-sized businesses and organizations from the production, development, education, healthcare, financial services, and transportation sectors," the FBI said in a statement.

The FBI announced on Monday that it seized the servers and websites of the Radar/Dispossessor ransomware operation following a joint international investigation. [...]

The SANS Internet Storm Center published a report showing how the open-source ERP framework OFBiz is currently the target of new varieties of the Mirai botnet. The update fixed a directory traversal vulnerability that could lead to remote command execution.

The United Kingdom's Information Commissioner's Office revealed today that the Electoral Commission was breached in August 2021 because it failed to patch its on-premise Microsoft Exchange Server against ProxyShell vulnerabilities. Tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207, these security flaws were chained to hack into the commission's Exchange Server 2016 and deploy web shells, which allowed the attackers to gain persistence after installing web shells and backdoors.