Security News

Public print server gives anyone Windows admin privileges
2021-07-31 18:23

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that allowed remote code execution and elevation of privileges.

Here's 30 servers Russian intelligence uses to fling malware at the West, beams RiskIQ
2021-07-30 16:24

Details of 30 servers thought to be used by Russia's SVR spy agency as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia's Foreign Intelligence Service "Is actively serving malware previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada," according to threat intel firm. "We were unable to locate any malware which communicated with this infrastructure, but we suspect it is likely similar to previously identified samples."

Microsoft shares mitigation for recent Windows Server printing issues
2021-07-30 12:00

Microsoft has released temporary mitigation info for a known issue that might cause print and scan failures on multiple Windows Server versions after installing July 2021 security updates on domain controllers. If the known issue still appears on up-to-date devices, affected customers should contact the device manufacturer and ask for setting changes or updates to make the printer or scanner compliant with CVE-2021-33764 hardenings deployed via July Windows 10 security updates.

Experts Uncover Several C&C Servers Linked to WellMess Malware
2021-07-30 03:00

Cybersecurity researchers on Friday unmasked new command-and-control infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said in a report shared with The Hacker News.

Zimbra Server Bugs Could Lead to Email Plundering
2021-07-27 17:30

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say.

Three Zero-Day Bugs Plague Kaseya Unitrends Backup Servers
2021-07-27 15:43

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution and authenticated privilege escalation on the client-side. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that's delivered as either disaster recovery-as-a-service or as an add-on for the Kaseya Virtual System/Server Administrator remote management platform.

Vulnerabilities Allow Hacking of Zimbra Webmail Servers With Single Email
2021-07-27 15:09

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.

New Bug Could Let Attackers Hijack Zimbra Server by Sending Malicious Email
2021-07-27 08:46

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization," said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses.

Oracle Warns of Critical Remotely Exploitable Weblogic Server Flaws
2021-07-22 01:21

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication.

Bosch upgrades its Dicentis system server with new hardware from HP
2021-07-21 00:45

The Dicentis system server from Bosch has become very popular since its launch in 2019, with more than 60% of Dicentis Conference System installations now including the device. This solution has now been upgraded with new hardware from HP and an enhanced operating system.