Security News

cross-posted from: https://midwest.social/post/10338366

The German national cybersecurity authority warned on Tuesday that it found at least 17,000 Microsoft Exchange servers in Germany exposed online and

• CSI: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar [pdf]

• CSI: Use Secure Cloud Identity and Access Management Practices [pdf]

• CSI: Account for Complexities Introduced by Hybrid Cloud and Multi-Cloud Environments [pdf]

• CSI: Manage Cloud Logs for Effective Threat Hunting [pdf]

• CSI: Uphold the Cloud Shared Responsibility Model [pdf]

• CSI: Secure Data in the Cloud [pdf]

• CSI: Implement Network Segmentation and Encryption in Cloud Environments [pdf]

• CSI: NSA’s Top Ten Cloud Security Mitigation Strategies [pdf]

• CSI: Mitigate Risks from Managed Service Providers in Cloud Environments [pdf]

• CSI: Use Secure Cloud Key Management Practices [pdf]

• CSI: Enforce Secure Automated Deployment Practices through Infrastructure as Code [pdf]

One of the vulnerabilities (identified as CVE-2024-27198) has a near-maximum severity CVSS rating of 9.8 out of 10 and is an authentication bypass issue in TeamCity's Web component. Researchers from Rapid7 who discovered the vulnerability and reported it to JetBrains have described it as enabling a remote unauthenticated attacker to execute arbitrary code to take complete control of affected instances.

NIST is a US government org that produces industry guidlines on best practices for cybersecurity, and they've just released a massive update to their framework.

"On February 21, 2024, Cencora, Inc. (the "Company"), learned that data from its information systems had been exfiltrated, some of which may contain personal information," reads the SEC filing.

Cencora says they have not determined if the incident will materially impact their finances or operations.

After negotiations failed when the game studio refused to pay the $2 million ransom, Rhysida dumped 1,67 TB of documents on its dark web leak site.

"We are aware that the stolen data includes personal information belonging to our employees, former employees, and independent contractors."

"SSH-Snake is a self-modifying worm that leverages SSH credentials discovered on a compromised system to start spreading itself throughout the network," Sysdig researcher Miguel Hernández said.

The five malicious apps are:

1. Phone Cleaner - File Explorer (com.volabs.androidcleaner)
2. PDF Viewer - File Explorer (com.xolab.fileexplorer)
3. PDF Reader - Viewer & Editor (com.jumbodub.fileexplorerpdfviewer)
4. Phone Cleaner: File Explorer (com.appiclouds.phonecleaner)
5. PDF Reader: File Manager (com.tragisoap.fileandpdfmanager)

However, this bug caused some DNS queries to be sent to the DNS server configured on the computer, usually a server at the user's ISP, allowing the server to track a user's browsing habits.