All articles tagged with #windows servers
Cybersecurity researchers uncovered GhostRedirector, a threat group targeting at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam, using a passive backdoor called Rungan and an IIS module named Gamshen to conduct SEO fraud and maintain long-term access, with suspected links to China.
ESET researchers uncovered GhostRedirector, a China-aligned threat actor that compromised at least 65 Windows servers mainly in Brazil, Thailand, and Vietnam, using custom tools like the passive backdoor Rungan and the malicious IIS module Gamshen to facilitate SEO fraud and maintain persistent access, with activities dating back to at least August 2024.
PaperCut's NG/MF print management software has fixed a critical security vulnerability (CVE-2023-39143) that allows unauthenticated attackers to execute remote code on unpatched Windows servers. The flaw stems from two path traversal weaknesses, enabling threat actors to manipulate files on compromised systems. While the vulnerability only affects non-default server configurations, it is estimated that most PaperCut installations have the affected setting enabled. Admins are advised to install security updates promptly or restrict access through IP allowlisting. Previously, PaperCut servers were targeted by ransomware gangs exploiting other vulnerabilities, leading to data theft and attacks by state-backed hacking groups.