We have thousands of posts on a wide variety of open source and security topics, conveniently organized for searching or just browsing.
Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs bonnet.
This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server.
Unsecured Elasticsearch clusters are being targeted in a fresh wave of attacks designed to drop both malware and cryptocurrency mining software.
A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.
IT organizations strive to deliver business value by increasing productivity and delivering services faster while remaining flexible enough to incorporate innovations like cloud, containers, and configuration automation. Modern workloads, whether they run on bare metal, virtual machines, containers, or private or public clouds, are expected to be portable and scalable. Supporting all this requires a modern, secure platform.
While it's not at the catastrophic level of MyFitnessPal's 150 million-user data breach , the company behind the workout app PumpUp left information for 6 million of its members exposed. The Amazon cloud-hosted back-end server holding the data didn't have a password set up for an uncertain lenght of time, enabling anyone to observe sign-ins and exchanged messages.
After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot.
A new strain of malware that targets vulnerable Linux-based systems is loose in the wild, with an interesting habit of avoiding government and military networks.
In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache.
Just a quick reminder about some bad practices while handling Windows Administrator credentials. I'm constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec[1].
How valuable is your data? If your storage drive crashed, would it ruin your day? Your week? Your entire career? Only you can answer those questions for yourself and your organization. But I'll tell you, personally, I need my files -- not only to get my day-to-day job done, but to reference older information and even look at personal keepsakes (like all my digital photos).
Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba.
Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly.
Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.
The recent tests on Linux security solutions by AV-Test Lab indicate a worrisome situation
Concerns over Malcolm Turnbull using his own private email server have been rebuked by the Australian Prime Minister, who said that all parliamentarians use insecure communication methods all the time, most notably, SMS messaging.
Unless you haven't been on the net for a year, you know Transport Layer Security/Secure Socket Layer (TLS/SSL) software, such as OpenSSL, have had numerous serious security problems. Now, Amazon, is introducing a new TLS implementation: "Signal to noise," s2n.
The cracks in the armor of most enterprise websites are many including recurring holes in OpenSSL, PHP, and WordPress and are largely due to a combination of extensive customizations paired with a shortage of testing and fixing of vulnerabilities when compared with that of long-standing commercial OS software.
UK domain registrar Nominet has shown off a striking new visualisation tool called
Like staying secure? So do we.
Sign up for updates, tips, and alerts!
