Recent Security News

  • Exploit available for new critical TeamCity auth bypass bug, patch now

    March 4, 2024 at 05:44PM A critical vulnerability in JetBrains’ TeamCity On-Premises CI/CD solution (CVE-2024-27198) allows remote attackers to gain administrative control. Exploits are available, prompting urgent updates to the latest product version or installation of a security patch. Another vulnerability (CVE-2024-27199) permits unauthorized system settings modification. Administrators must prioritize addressing these issues. Rapid7 discovered…

    Read More

  • ScreenConnect flaws exploited to drop new ToddleShark malware

    March 4, 2024 at 05:44PM North Korean APT group Kimsuky is exploiting ScreenConnect vulnerabilities CVE-2024-1708 and CVE-2024-1709 to distribute the new ToddleShark malware. This polymorphic variant aims for long-term espionage, using legitimate Microsoft tools and scheduled tasks for persistent access. Kroll’s upcoming report will share further details and indicators of compromise for ToddleShark. From the…

    Read More

  • Amex Customer Data Exposed in Third-Party Breach

    March 4, 2024 at 05:25PM American Express notified customers of a breach involving a third-party service provider. The company’s own systems were not compromised, but credit card information such as account numbers and names are at risk. Potentially affected users are advised to monitor their accounts for fraudulent activity and enable notifications on the American…

    Read More

  • Hackers steal Windows NTLM authentication hashes in phishing attacks

    March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound…

    Read More

  • Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison

    March 4, 2024 at 04:21PM Massachusetts Air National Guard member Jack Teixeira pleaded guilty to leaking highly classified military documents about the war in Ukraine and other national security secrets. He faces at least 11 years in prison after admitting to illegally collecting and sharing sensitive information on the social media platform Discord. Teixeira’s sentencing…

    Read More