servers
-
Blog
Outdated Exchange servers fail to auto-mitigate security bugs
Microsoft says outdated Exchange servers cannot receive new emergency mitigation definitions because an Office Configuration Service certificate type is being deprecated. Emergency mitigations (also known as EEMS mitigations) are delivered via the Exchange Emergency Mitigation Service(EEMS), introduced three years ago in September 2021. EEMS automatically applies interim mitigations for high-risk (and likely actively exploited) security flaws to secure on-premises Exchange…
Read More » -
Blog
SAP fixes critical vulnerabilities in NetWeaver application servers
SAP has fixed two critical vulnerabilities affecting NetWeaver web application server that could be exploited to escalate privileges and access restricted information. As part of the January Security Patch Day, the vendor also released updates for other products to patch 12 additional issues rated with medium and high severity. “SAP strongly recommends that the customer visits the Support Portal and applies…
Read More » -
Blog
Over 3 million mail servers without encryption exposed to sniffing attacks
Over three million POP3 and IMAP mail servers without TLS encryption are currently exposed on the Internet and vulnerable to network sniffing attacks. IMAP and POP3 are two methods for accessing email on mail servers. IMAP is recommended for checking emails from multiple devices, such as phones and laptops because it keeps your messages on the server and synchronizes them…
Read More » -
Blog
Hackers exploit ProjectSend flaw to backdoor exposed servers
Threat actors are using public exploits for a critical authentication bypass flaw in ProjectSend to upload webshells and gain remote access to servers. The flaw, tracked as CVE-2024-11680, is a critical authentication bug impacting ProjectSend versions before r1720, allowing attackers to send specially crafted HTTP requests to ‘options.php’ to change the application’s configuration. Successful exploitation allows the creation of rogue…
Read More » -
Blog
Steps to Secure Your Servers
In today’s interconnected world, where data breaches and cyber threats are increasingly prevalent, securing server environments has become a top priority. Implementing server hardening is a proactive approach to enhancing security by minimizing vulnerabilities and protecting critical assets from unauthorized access and attacks. This guide will explore the various aspects of IT security hardening, including cybersecurity hardening, OS hardening, device…
Read More » -
Blog
New NachoVPN attack uses rogue VPN servers to install malicious updates
A set of vulnerabilities dubbed “NachoVPN” allows rogue VPN servers to install malicious updates when unpatched Palo Alto and SonicWall SSL-VPN clients connect to them. AmberWolf security researchers found that threat actors can trick potential targets into connecting their SonicWall NetExtender and Palo Alto Networks GlobalProtect VPN clients to attacker-controlled VPN servers using malicious websites or documents in social engineering…
Read More » -
Blog
Meet Interlock — The new ransomware targeting FreeBSD servers
Image: Midjourney A relatively new ransomware operation named Interlock attacks organizations worldwide, taking the unusual approach of creating an encryptor to target FreeBSD servers. Launched at the end of September 2024, Interlock has since claimed attacks on six organizations, publishing stolen data on their data leak site after a ransom was not paid. One of the victims is Wayne County,…
Read More » -
Blog
Exploitation of Docker remote API servers has reached a “critical level”
Hackers are exploiting unprotected Docker remote API servers to deploy malware, with researchers stating the threat has reached a “critical level” and warning organizations to act now. A report from Trend Micro published on 21 October details how researchers observed an unknown threat actor abusing exposed docker remote API servers to deploy the ‘perfctl’ malware. The attack sequence begins with…
Read More » -
Blog
Finland seizes servers of ‘Sipultie’ dark web drugs market
The Finnish Customs office took down the website and seized the servers for the darknet marketplace ‘Sipulitie’ where criminals sold illegal narcotics anonymously. The agency’s announcement earlier today says that the site catered to both Finnish and English-speaking users, and that its operator claimed a turnover of 1.3 million Euros (approximately $1.42 million). The operation was possible thanks to an international collaboration…
Read More » -
Blog
Hackers abuse F5 BIG-IP cookies to map internal servers
CISA is warning that threat actors have been observed abusing unencrypted persistent F5 BIG-IP cookies to identify and target other internal devices on the targeted network. By mapping out internal devices, threat actors can potentially identify vulnerable devices on the network as part of the planning stages in cyberattacks. “CISA has observed cyber threat actors leveraging unencrypted persistent cookies managed by…
Read More »