Category: Security News

Microsoft has officially disclosed that it is investigating two zero-day security vulnerabilities affecting Exchange Server 2013, 1016, and 2019 after reports of exploits in the wild. The first vulnerability, CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second vulnerability, CVE-2022-41082, allows when PowerShell to be available to an attacker, the tech giant said. Enables remote code execution (RCE). The company also confirmed that it is aware of “limited targeted attacks” that weaponize flaws to gain basic access to targeted systems, but stressed that authentication access to the vulnerable…

Read More

Several high-severity flaws have been discovered in the open-source OpenLiteSpeed web server, as well as its enterprise variant, which could be used for remote code execution. OpenLiteSpeed is the open-source version of LiteSpeed Web Server, the sixth most popular web server with 1.9 million unique servers worldwide. The first of the three flaws is a directory traversal flaw (CVE-2022-0072, CVSS score: 5.8), which can be exploited to access forbidden files in the main web directory. The remaining two vulnerabilities (CVE-2022-0073 and CVE-2022-0074, CVSS scores: 8.8) are related to an elevation…

Read More

A version of an open-source ransomware toolkit called Kryptonite has been spotted in the wild with wiping capabilities due to its “poor architecture and programming.” Unlike other ransomware variants, Kryptonite is not available to cybercriminal underground markets and was instead offered for free by an actor named CYBERDEVILZ through a GitHub repository until recently. The source code and its sub-branches have since been removed. Written in Python, this malware uses the Fernet module from the cryptographic package to encrypt files with the “.cryptn8” extension. But a new sample analyzed by…

Read More

A version of an open-source ransomware toolkit called Kryptonite has been spotted in the wild with wiping capabilities due to its “poor architecture and programming.” Unlike other ransomware variants, Kryptonite is not available to cybercriminal underground markets and was instead offered for free by an actor named CYBERDEVILZ through a GitHub repository until recently. The source code and its sub-branches have since been removed.   Written in Python, this malware uses the Fernet module from the crypto package to encrypt files with the “.cryptn8” extension. But a new sample analyzed…

Read More

Several high-severity flaws have been discovered in the open-source OpenLiteSpeed web server, as well as its enterprise variant, which could be used for remote code execution. “By chaining and exploiting the vulnerabilities, adversaries could compromise a web server and achieve fully privileged remote code execution,” 42 said in a report Thursday. OpenLiteSpeed is the open source version of LiteSpeed Web Server, the sixth most popular web server with 1.9 million unique servers worldwide.   The first of the three flaws is a directory traversal flaw (CVE-2022-0072, CVSS score: 5.8), which…

Read More

Microsoft has officially disclosed that it is investigating two zero-day security vulnerabilities affecting Exchange Server 2013, 1016 and 2019 after reports of exploitation in the wild. The first vulnerability, CVE-2022-41040, is a Server-Side Request Forgery (SSRF) vulnerability, while the second vulnerability, CVE-2022-41082, allows when Powershell is available to an attacker, the tech giant said. Enables remote code execution (RCE). The company also confirmed that it is aware of “limited targeted attacks” that weaponize flaws to gain basic access to targeted systems, but stressed that authentication access to the vulnerable Exchange…

Read More

A recently discovered Linux-based ransomware known as Cheerscrypt has been released as the handiwork of a Chinese cyber-espionage group known for executing short-lived ransomware schemes. Emperor Dragonfly uses open source tools written by Chinese developers for Chinese users, the company said in a report shared with The Hacker News. This confirms the claim that the users of Emperor Dragonfly ransomware are located in China. The use of Cheerscrypt is the latest addition to a long list of ransomware families already used by the group in just over a year, including…

Read More