Security News

Poorly configured Docker servers and being actively targeted by the TeamTNT hacking group in an ongoing campaign started last month. As illustrated in an attack workflow, the attack starts with creating a container on the vulnerable host using an exposed Docker REST API. TeamTNT then uses compromised, or actor-controlled Docker Hub accounts to host malicious images and deploy them on a targeted host.

Attackers are actively exploiting an "Old" vulnerability to take over on-premise GitLab servers, Rapid7 researcher Jacob Baines warns. The additional bad news is that at least half of the 60,000 internet-facing GitLab installations the company detects are not patched against this issue.

A new bad actor called Tortilla is running the campaign, and most affected users are in the U.S. Cisco Talos has a warning out for U.S. companies about a new variant of the Babuk ransomware. Security researchers Chetan Raghuprasad, Vanja Svajcer and Caitlin Huey describe the new threat in a Talos Intelligence blog post.

A new-ish threat actor sometimes known as "Tortilla" is launching a fresh round of ProxyShell attacks on Microsoft Exchange servers, this time with the aim of inflicting vulnerable servers with variants of the Babuk ransomware. ProxyShell is a name given to an attack that chains a trio of vulnerabilities together, to enable unauthenticated attackers to perform remote code execution and to snag plaintext passwords.

A critical unauthenticated, remote code execution GitLab flaw fixed on April 14, 2021, remains exploitable, with over 50% of deployments remaining unpatched. Hackers first started exploiting internet-facing GitLab servers in June 2021 to create new users and give them admin rights.

Cybersecurity researchers on Wednesday took the wraps off a "simple yet remarkable" malware loader for malicious Windows binaries targeting Central Europe, North America and the Middle East....

There have been rumblings about REvil getting sucker-punched for a while: Last week, Flashpoint reported that on Oct. 17, a REvil operator announced that the ransomware group was shutting down its presence on the high-tier Russian language forum XSS after their domain had been "Hijacked." "The REvil operation stated that the REvil domain was accessed using Unknown's keys, confirming their concerns that a third-party has backups with their service keys," according to Flashpoint's writeup.

Taiwanese PC maker Acer has not only admitted servers it operates in India and and Taiwan were compromised but that only those systems in India contained customer data. The miscreants who claimed to be behind the network breaches boasted they stole gigabytes of information from the servers, and suggested other Acer operations around the world are also vulnerable to information theft.

The latest version of the world's most popular Linux distribution, Ubuntu 21.10, codenamed 'Impish Indy', has landed on Canonical's download channels. The 'Server' edition of Ubuntu 21.10 comes with 'needrestart' enabled by default, includes certified NVIDIA GPU drivers, and offers a 'minimal' installation option to accommodate IoT or container installations.

Interactive livestreaming platform Twitch acknowledged a "Breach" after an anonymous poster on the 4chan messaging board leaked its source code, an unreleased Steam competitor from Amazon Game Studios, details of creator payouts, proprietary software development kits, and other internal tools. The Amazon-owned service said it's "Working with urgency to understand the extent of this," adding the data was exposed "Due to an error in a Twitch server configuration change that was subsequently accessed by a malicious third party."