Security News
Ukrainian law enforcement arrested cybercriminals associated with the Clop ransomware gang and shut down infrastructure used in attacks targeting victims worldwide since at least 2019. Cybersecurity company Intel 471 told BleepingComputer that the Ukrainian authorities arrested only individuals involved in laundering money for the Clop gang since its core members are likely out of harm's way in Russia.
CloudLinux announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.
Cisco's Talos team said 35% of incidents led back to Microsoft Exchange Server vulnerabilities reported early in 2021, but new ransomware families have been appearing to fill the Emotet hole, too. Cisco's Talos Intelligence Group has released its incident response trends report for spring 2021, and found that Microsoft Exchange Server vulnerabilities reported in early 2021 were the most detected incident over the past three months.
Intel has pushed out a raft of security advisories for June, bringing its total discovered "Potential vulnerabilities" for the year to date to 132, only a quarter of which were reported by external contributors and the company's bug bounty programme. "Today we released 29 security advisories addressing 73 vulnerabilities," Intel's Jerry Bryant said of the company's latest updates.
With that in mind, FileCloud 21.1, the latest version of the cloud-agnostic enterprise file sync, sharing and data governance platform, places speed and security at the heart of its new update. FileCloud 21.1 is 66% faster than the previous version, with increased efficiency and the ability to handle higher loads.
A newly identified piece of malware that targets Windows Server containers can execute code on the underlying node and then spread in the Kubernetes cluster, according to a warning from security researchers at Palo Alto Networks. Dubbed Siloscape, the heavily obfuscated malware was designed to install a backdoor into Kubernetes clusters, which can then be used to run malicious containers and perform various other nefarious activities.
Malicious actors are actively mass scanning the internet for vulnerable VMware vCenter servers that are unpatched against a critical remote code execution flaw, which the company addressed late last month. "Mass scanning activity detected from 104.40.252.159 checking for VMware vSphere hosts vulnerable to remote code execution," tweeted Troy Mursch, chief research officer at Bad Packets.
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
Threat actors are actively scanning for Internet-exposed VMware vCenter servers unpatched against a critical remote code execution vulnerability impacting all vCenter deployments and patched by VMware ten days ago. Attackers have previously mass scanned for unpatched vCenter servers after security researchers published PoC exploit code for another critical RCE security flaw also affecting all default vCenter installs.
Application and network performance management company NETSCOUT warned organizations this week that STUN servers have been increasingly abused for distributed denial-of-service attacks, and there are tens of thousands of servers that could be abused for such attacks by malicious actors. While the amplification rate is only 2.32 to 1, UDP reflection/amplification attacks abusing STUN services can be more difficult to mitigate without overblocking legitimate traffic.