Security News

Owners of Gigaset Android phones have been repeatedly infected with malware since the end of March after threat actors compromised the vendor's update server in a supply-chain attack. Gigaset is a German manufacturer of telecommunications devices, including a series of smartphones running the Android operating system.

Microsoft has revealed that Thursday's worldwide outage was caused by a code defect that allowed the Azure DNS service to become overwhelmed and not respond to DNS queries. Last night, Microsoft published a root cause analysis for this week's outage and explained that it was caused by their Azure DNS service becoming overloaded.

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.

The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warn of advanced persistent threat actors targeting Fortinet FortiOS servers using multiple exploits. In the Joint Cybersecurity Advisory published today, the agencies warn admins and users that the state-sponsored hacking groups are "Likely" exploiting Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency has issued a supplemental directive requiring all federal agencies to identify vulnerable Microsoft Exchange servers. Providing additional direction on the implementation of CISA Emergency Directive 21-02, which on March 3 requested federal agencies to take the necessary steps to disconnect and update Exchange servers, the new directive demands agencies to accelerate the mitigation process.

The Cybersecurity and Infrastructure Security Agency has ordered federal agencies to scan their networks again for any signs of compromised on-premises Microsoft Exchange servers and report their findings within five days. CISA issued another directive ordering federal agencies to urgently update or disconnect their Exchange on-premises servers after Microsoft released security updates for zero-day bugs collectively dubbed ProxyLogon.

The Harris Federation, a not-for-profit charity responsible for running 50 primary and secondary academies in London and Essex, has become the latest UK education body to fall victim to ransomware. In a message to pupils and parents, the group, which is led and run by teachers, admitted that criminals had meddled with its servers.

Two high-ranked Apex Legends players have been banned from the platform for cheating by launching distributed denial-of-service attacks on an Xbox server. Top ranked 'Apex Legends' players banned over DDoS attack on Xbox.

The Black Kingdom/Pydomer ransomware operators have joined the ranks of threat actors targeting the Exchange Server vulnerabilities that Microsoft disclosed in early March. "As of today, we have seen a significant decrease in the number of still-vulnerable servers - more than 92% of known worldwide Exchange IPs are now patched or mitigated. We continue to work with our customers and partners to mitigate the vulnerabilities," Microsoft noted in a March 25 blog post.

In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.