Server Security - Page 3 - Results from #40

Discover Server Security News

4b745635 129c 4ef2 94c9 Ba4a7483d57c Esm H200

NCSC in DNS Warning as Hijackers Focus on Home Routers

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Have you heard that the NCSC has warned about DNS hijacking threats focusing on home routers? These attacks aim to modify the settings on home routers, potentially via cross-site request forgery (CSRF) web-based attacks, so that they use rogue DNS servers. The end goal is to secretly redirect the user to a phishing page or one capable of installing malware on their machine.

LinuxSecurity.com Team
Jul 16, 2019

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet.

LinuxSecurity.com Team
Jun 07, 2019

Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server

A well-known Russian nation-state hacking group has been infiltrating the Microsoft Exchange email servers of its targeted victims since at least 2014 via a custom backdoor.

LinuxSecurity.com Team
May 07, 2019

A dozen US web servers are spreading 10 malware families, Necurs link suspected

Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs bonnet.

LinuxSecurity.com Team
Apr 04, 2019

Apache web server bug grants root access on shared hosting environments

This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server.

LinuxSecurity.com Team
Apr 03, 2019

Targeted malware attacks against Elasticsearch servers surge

Unsecured Elasticsearch clusters are being targeted in a fresh wave of attacks designed to drop both malware and cryptocurrency mining software.

LinuxSecurity.com Team
Feb 28, 2019

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.

LinuxSecurity.com Team
Oct 17, 2018

What is a Linux server and why does your business need one?

IT organizations strive to deliver business value by increasing productivity and delivering services faster while remaining flexible enough to incorporate innovations like cloud, containers, and configuration automation. Modern workloads, whether they run on bare metal, virtual machines, containers, or private or public clouds, are expected to be portable and scalable. Supporting all this requires a modern, secure platform.

LinuxSecurity.com Team
Oct 08, 2018

Fitness app PumpUp left users' personal data exposed on server

While it's not at the catastrophic level of MyFitnessPal's 150 million-user data breach , the company behind the workout app PumpUp left information for 6 million of its members exposed. The Amazon cloud-hosted back-end server holding the data didn't have a password set up for an uncertain lenght of time, enabling anyone to observe sign-ins and exchanged messages.

LinuxSecurity.com Team
Jun 02, 2018

Open Redis Servers Infected with Malware

After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot.

LinuxSecurity.com Team
Jun 01, 2018

GoScanSSH Malware Avoids US Military, South Korea Targets

A new strain of malware that targets vulnerable Linux-based systems is loose in the wild, with an interesting habit of avoiding government and military networks.

LinuxSecurity.com Team
Apr 03, 2018

How to configure multiple websites with Apache web server

In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache.

LinuxSecurity.com Team
Mar 30, 2018

Administrator's Password Bad Practice

Just a quick reminder about some bad practices while handling Windows Administrator credentials. I'm constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec[1].

LinuxSecurity.com Team
Mar 20, 2018

Why a hard drive RAID array can save your bacon

How valuable is your data? If your storage drive crashed, would it ruin your day? Your week? Your entire career? Only you can answer those questions for yourself and your organization. But I'll tell you, personally, I need my files -- not only to get my day-to-day job done, but to reference older information and even look at personal keepsakes (like all my digital photos).

LinuxSecurity.com Team
Mar 15, 2018

Samba settings SNAFU lets any user change admin passwords

Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba.

LinuxSecurity.com Team
Mar 14, 2018

Web Application Firewalls: Choosing the Right WAF for Server Security

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly.

LinuxSecurity.com Team
Mar 05, 2018

New attacks on Network Time Protocol can defeat HTTPS and create chaos

Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.

LinuxSecurity.com Team
Oct 27, 2015

AV-TEST tests Linux security solutions against Linux and Windows threats

The recent tests on Linux security solutions by AV-Test Lab indicate a worrisome situation

LinuxSecurity.com Team
Oct 12, 2015

Turnbull: Don't assume government email is more secure than private email

Concerns over Malcolm Turnbull using his own private email server have been rebuked by the Australian Prime Minister, who said that all parliamentarians use insecure communication methods all the time, most notably, SMS messaging.

LinuxSecurity.com Team
Oct 09, 2015

10 Most Common Web Security Vulnerabilities

For all too many companies, it

LinuxSecurity.com Team
Sep 17, 2015

Server Security - Page 3

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

New Bifrost Malware Evades Detection, Threatens Linux Server Security

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers