Security News

A new highly capable and persistent threat actor has been targeting major high-profile public and private entities in the U.S. as part of a series of targeted cyber intrusion attacks by exploiting internet-facing Microsoft Internet Information Services servers to infiltrate their networks. "TG1021 uses a custom-made malware framework, built around a common core, tailor-made for IIS servers. The toolset is completely volatile, reflectively loaded into an affected machine's memory and leaves little-to-no trace on infected targets," the researchers said.

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that allowed remote code execution and elevation of privileges.

A researcher has created a remote print server allowing any Windows user with limited privileges to gain complete control over a device simply by installing a print driver. In June, a security researcher accidentally revealed a zero-day Windows print spooler vulnerability known as PrintNightmare that allowed remote code execution and elevation of privileges.

Details of 30 servers thought to be used by Russia's SVR spy agency as part of its ongoing campaigns to steal Western intellectual property were made public today by RiskIQ. Russia's Foreign Intelligence Service "Is actively serving malware previously used in espionage campaigns targeting COVID-19 research in the UK, US, and Canada," according to threat intel firm. "We were unable to locate any malware which communicated with this infrastructure, but we suspect it is likely similar to previously identified samples."

Microsoft has released temporary mitigation info for a known issue that might cause print and scan failures on multiple Windows Server versions after installing July 2021 security updates on domain controllers. If the known issue still appears on up-to-date devices, affected customers should contact the device manufacturer and ask for setting changes or updates to make the printer or scanner compliant with CVE-2021-33764 hardenings deployed via July Windows 10 security updates.

Cybersecurity researchers on Friday unmasked new command-and-control infrastructure belonging to the Russian threat actor tracked as APT29, aka Cozy Bear, that has been spotted actively serving WellMess malware as part of an ongoing attack campaign. More than 30 C2 servers operated by the Russian foreign intelligence have been uncovered, Microsoft-owned cybersecurity subsidiary RiskIQ said in a report shared with The Hacker News.

Two bugs, now patched except in older versions, could be chained to allow attackers to hijack Zimbra server by simply sending a malicious email. Zimbra webmail server has two flaws that could let an attacker paw through the inbox and outbox of all the employees in all the enterprises that use the immensely popular collaboration tool, researchers say.

There are three new, unpatched zero-day vulnerabilities in Kaseya Unitrends that include remote code execution and authenticated privilege escalation on the client-side. Kaseya Unitrends is a cloud-based enterprise backup and disaster recovery technology that's delivered as either disaster recovery-as-a-service or as an add-on for the Kaseya Virtual System/Server Administrator remote management platform.

Vulnerabilities in the Zimbra enterprise webmail solution could allow an attacker to gain unrestricted access to an organization's sent and received email messages, software security firm SonarSource reveals. In June, Zimbra released patches for multiple security issues in the webmail solution, including two bugs identified by Simon Scannell, a security researcher with SonarSource.

Cybersecurity researchers have discovered multiple security vulnerabilities in Zimbra email collaboration software that could be potentially exploited to compromise email accounts by sending a malicious message and even achieve a full takeover of the mail server when hosted on a cloud infrastructure. "A combination of these vulnerabilities could enable an unauthenticated attacker to compromise a complete Zimbra webmail server of a targeted organization," said SonarSource vulnerability researcher, Simon Scannell, who identified the security weaknesses.