Recent Security News
-
Exploit available for new critical TeamCity auth bypass bug, patch now
March 4, 2024 at 05:44PM A critical vulnerability in JetBrains’ TeamCity On-Premises CI/CD solution (CVE-2024-27198) allows remote attackers to gain administrative control. Exploits are available, prompting urgent updates to the latest product version or installation of a security patch. Another vulnerability (CVE-2024-27199) permits unauthorized system settings modification. Administrators must prioritize addressing these issues. Rapid7 discovered…
-
ScreenConnect flaws exploited to drop new ToddleShark malware
March 4, 2024 at 05:44PM North Korean APT group Kimsuky is exploiting ScreenConnect vulnerabilities CVE-2024-1708 and CVE-2024-1709 to distribute the new ToddleShark malware. This polymorphic variant aims for long-term espionage, using legitimate Microsoft tools and scheduled tasks for persistent access. Kroll’s upcoming report will share further details and indicators of compromise for ToddleShark. From the…
-
Amex Customer Data Exposed in Third-Party Breach
March 4, 2024 at 05:25PM American Express notified customers of a breach involving a third-party service provider. The company’s own systems were not compromised, but credit card information such as account numbers and names are at risk. Potentially affected users are advised to monitor their accounts for fraudulent activity and enable notifications on the American…
-
Hackers steal Windows NTLM authentication hashes in phishing attacks
March 4, 2024 at 04:46PM TA577 hacking group has shifted to using phishing emails to steal NTLM authentication hashes for account hijacks. They launched campaigns targeting employees’ NTLM hashes, using unique ZIP archives containing HTML files to trigger automatic connections, stealing the hashes. Proofpoint advises specific security measures to counter this threat, including blocking outbound…
-
Pentagon Leaker Jack Teixeira Pleads Guilty Under a Deal That Calls for at Least 11 Years in Prison
March 4, 2024 at 04:21PM Massachusetts Air National Guard member Jack Teixeira pleaded guilty to leaking highly classified military documents about the war in Ukraine and other national security secrets. He faces at least 11 years in prison after admitting to illegally collecting and sharing sensitive information on the social media platform Discord. Teixeira’s sentencing…