Microsoft will roll out MFA-enforcing policies for admin portal access
Microsoft will soon start rolling out Conditional Access policies requiring multifactor authentication (MFA) from administrators when signing into Microsoft admin
Hackers exploit Looney Tunables Linux bug, steal cloud creds
The operators of the Kinsing malware are targeting cloud environments with systems vulnerable to “Looney Tunables,” a Linux security issue identified
Veeam warns of critical bugs in Veeam ONE monitoring platform
Veeam released hotfixes today to address four vulnerabilities in the company’s Veeam ONE IT infrastructure monitoring and analytics platform, two
Critical Atlassian Confluence bug exploited in Cerber ransomware attacks
Attackers are exploiting a recently patched and critical severity Atlassian Confluence authentication bypass flaw to encrypt victims’ files using Cerber
US sanctions Russian who laundered money for Ryuk ransomware affiliate
The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) has sanctioned Russian national Ekaterina Zhdanova for laundering millions
TellYouThePass ransomware joins Apache ActiveMQ RCE attacks
Internet-exposed Apache ActiveMQ servers are also targeted in TellYouThePass ransomware attacks targeting a critical remote code execution (RCE) vulnerability previously
Cybercrime service bypasses Android security to install malware
A new dropper-as-a-service (DaaS) cybercrime operation named ‘SecuriDropper’ has emerged, using a method that bypasses the ‘Restricted Settings’ feature in Android
QNAP warns of critical command injection flaws in QTS OS, apps
QNAP Systems published security advisories for two critical command injection vulnerabilities that impact multiple versions of the QTS operating system