Security News

Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose.

Japanese games giant Capcom, the company behind the 33-year-old Street Fighter franchise, has issued "Deepest apologies" to customers and other stakeholders whose details may have been accessed by miscreants during a ransomware infection. Capcom was able to confirm this was a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers.

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops. There's a new DNS cache poisoning threat in town and it goes by the name of Side-channel AttackeD DNS. This new attack works like so: SAD DNS makes it possible for hackers to reroute traffic destined to a specific domain to a server under their control.

Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things devices. Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules available - leading researchers to call it "Gitpaste-12." It was first detected by Juniper Threat Labs in attacks on Oct. 15, 2020.

AppViewX has recognized and responded to wide-spread customer demand for full lifecycle management of symmetric data encryption keys, by adding Cryptsoft's KMIP Server to their platform. Cryptsoft's market proven KMIP server and KMIP client technology has been licensed by AppViewX to provide the technical foundation for their platform's key management capability.

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol servers. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."

The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a security alert.