Security News

The Internet Systems Consortium has released updates for the BIND DNS software to patch several vulnerabilities that can be exploited for denial-of-service attacks and one possibly even for remote code execution. Only servers using a certain feature with non-default configurations are vulnerable to attacks, but ISC suggested these types of servers may not be uncommon.

Samsung announced its launch of the 24G SAS SSD the PM1653. The PM1653 is also the industry's first 24G SAS SSD made with sixth-generation V-NAND chips, enabling storage capacities from 800GB to 30.72TB for advanced enterprise server systems.

Attackers are exploiting the ProxyLogon Microsoft Exchange Server flaws to co-opt vulnerable machines to a cryptocurrency botnet named Prometei, according to new research. "Prometei exploits the recently disclosed Microsoft Exchange vulnerabilities associated with the HAFNIUM attacks to penetrate the network for malware deployment, credential harvesting and more," Boston-based cybersecurity firm Cybereason said in an analysis summarizing its findings.

Unpatched Microsoft Exchange servers are being targeted by the Prometei botnet and added to its operators' army of Monero cryptocurrency mining bots. Based on new malware samples recently found by Cybereason during recent incident responses, the botnet has also been updated to exploit Exchange Server vulnerabilities patched by Microsoft in March.

Crystal Group announced their new family of next-gen Crystal Group FORCE PCIe Gen4-enabled rugged servers. The FG2 family also includes two new GPU-ready servers designed to enable AI and machine learning.

The login names and passwords for 1.3 million current and historically compromised Windows Remote Desktop servers have been leaked by UAS, the largest hacker marketplace for stolen RDP credentials. Due to its prevalent use in corporate networks, cybercriminals have built a thriving economy around selling the stolen credentials for RDP servers.

Microsoft has partially fixed a local privilege escalation vulnerability impacting all Windows 7 and Server 2008 R2 devices. Security researcher Clément Labro discovered that insecure permissions on the registry keys of the RpcEptMapper and DnsCache services enable attackers to trick the RPC Endpoint Mapper service to load malicious DLLs on Windows 7 and Windows Server 2008R2.

An ongoing malvertising campaign tracked as "Tag Barnakle" has been behind the breach of more than 120 ad servers over the past year to sneakily inject code in an attempt to serve malicious advertisements that redirect users to rogue websites, thus exposing victims to scamware or malware. Unlike other operators who set about their task by infiltrating the ad-tech ecosystem using "Convincing personas" to buy space on legitimate websites for running the malicious ads, Tag Barnakle is "Able to bypass this initial hurdle completely by going straight for the jugular - mass compromise of ad serving infrastructure," said Confiant security researcher Eliya Stein in a Monday write-up.

Microsoft Edge's update server is suffering a worldwide outage preventing users from updating to the newly released version 90 of the web browser. In tests conducted by BleepingComputer just now, the update server still has problems, as shown below.

U.S. authorities revealed this week that the FBI executed a court-authorized cyber operation to remove malicious web shells from hundreds of compromised Microsoft Exchange servers located in the United States. "The effort by the FBI, as described in the Justice Department press release, amounts to the FBI gaining access to private servers. Just that should be a full stop that the action is not ok. While I understand the good intention - the FBI wants to remove the backdoor - this sets a dangerous precedent where law enforcement is given broad permission to access private servers."