Security News

The DarkSide takedown sent shockwaves through other underground forums, many of which deleted all ransomware topics. That's likely a reference to "Deshirfrator," or "Decryptor" in Russian: The tools that typically are as far from free as ransomware attackers can make them.

The DarkSide ransomware affiliate program responsible for the six-day outage at Colonial Pipeline this week that led to fuel shortages and price spikes across the country is running for the hills. The crime gang announced it was closing up shop after its servers were seized and someone drained the cryptocurrency from an account the group uses to pay affiliates.

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and CDN servers due to law enforcement action.

The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet. In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and DoS servers due to law enforcement action.

QNAP warns customers of an actively exploited Roon Server zero-day bug and eCh0raix ransomware attacks targeting their Network Attached Storage devices. "The eCh0raix ransomware has been reported to affect QNAP NAS devices," the company said.

Microsoft has launched a new open-source project that aims to add to Windows the benefits of eBPF, a technology first implemented in Linux that allows attaching programs in both kernel and user applications. Microsoft's effort builds on the work of the eBPF community by adding a compatibility layer that turns existing eBPF open-source projects into submodules that can work on top of Windows 10 and Windows Server 2016 and later.

The Redmond-based firm's Office and Windows flagships house many of the identified vulnerabilities, alongside Internet Explorer, Visual Studio, Visual Studio Code, Skype, and other software. Those who recall the slew of Exchange Server fixes in March and April may experience a sense of deja vu: May brings still more Exchange Server fixes, for Exchange Server 2013 CU23, Exchange Server 2016 CU19 and CU20, and Exchange Server 2019 CU8 and CU9.

Exim is a popular mail transfer agent used on Unix-like operating systems, with over 60% of the publicly reachable mail servers on the Internet running the software. A Shodan search reveals nearly four million Exim servers that are exposed online.

Security researchers Thursday disclosed a new critical vulnerability affecting Domain Name System resolvers that could be exploited by adversaries to carry out reflection-based denial-of-service attacks against authoritative nameservers. "TsuNAME occurs when domain names are misconfigured with cyclic dependent DNS records, and when vulnerable resolvers access these misconfigurations, they begin looping and send DNS queries rapidly to authoritative servers and other resolvers," the researchers said.

Some DNS resolvers are affected by a vulnerability that can be exploited to launch distributed denial-of-service attacks against authoritative DNS servers, a group of researchers warned this week. Google and Cisco, both of which provide widely used DNS services, have deployed patches for TsuNAME, but the researchers believe many servers are still vulnerable to attacks.