Security News

Linux servers: How to encrypt files with gocryptfs
2020-11-19 18:06

Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose.

Street Fighter maker says soz after ransomware hadoukens servers, puts 350,000 folks' data at risk of theft
2020-11-16 15:30

Japanese games giant Capcom, the company behind the 33-year-old Street Fighter franchise, has issued "Deepest apologies" to customers and other stakeholders whose details may have been accessed by miscreants during a ransomware infection. Capcom was able to confirm this was a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers.

Intel's SGX cloud-server security defeated by $30 chip, electrical shenanigans
2020-11-14 10:13

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Stick a fork in SGX, it's done: Intel's cloud-server security defeated by $30 chip and electrical shenanigans
2020-11-14 10:13

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

SAD DNS cache poisoning: A temporarily fix for Linux servers and desktops
2020-11-13 15:51

Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops. There's a new DNS cache poisoning threat in town and it goes by the name of Side-channel AttackeD DNS. This new attack works like so: SAD DNS makes it possible for hackers to reroute traffic destined to a specific domain to a server under their control.

Gitpaste-12 Worm Targets Linux Servers, IoT Devices
2020-11-06 17:34

Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things devices. Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules available - leading researchers to call it "Gitpaste-12." It was first detected by Juniper Threat Labs in attacks on Oct. 15, 2020.

AppViewX selects Cryptsoft KMIP server to enhance its NetOps and SecOps products capabilities
2020-11-06 00:30

AppViewX has recognized and responded to wide-spread customer demand for full lifecycle management of symmetric data encryption keys, by adding Cryptsoft's KMIP Server to their platform. Cryptsoft's market proven KMIP server and KMIP client technology has been licensed by AppViewX to provide the technical foundation for their platform's key management capability.

Critical bug actively used to deploy Cobalt Strike on Oracle servers
2020-11-05 12:55

Threat actors are actively exploiting Oracle WebLogic servers unpatched against CVE-2020-14882 to deploy Cobalt Strike beacons which allow for persistent remote access to compromised devices. Cobalt Strike is a legitimate penetration testing tool also used by threat actors in post-exploitation tasks and to deploy so-called beacons that enable them to gain persistent remote access.

Premium-Rate Phone Fraudsters Hack VoIP Servers of 1200 Companies
2020-11-05 02:19

According to findings published by Check Point Research, the threat actors - believed to be located in the Palestinian Gaza Strip - have targeted Sangoma PBX, an open-sourced user interface that's used to manage and control Asterisk VoIP phone systems, particularly the Session Initiation Protocol servers. "One of the more complex and interesting ways is abusing the servers to make outgoing phone calls, which are also used to generate profits. Making calls is a legitimate feature, therefore it's hard to detect when a server has been exploited."

Oracle patches severe flaw in WebLogic Server that could be exploited 'without the need for a username and password'
2020-11-03 14:12

The security alert addresses CVE-2020-14750, a remote code execution vulnerability in Oracle WebLogic Server. "This vulnerability is related to CVE-2020-14882, which was addressed in the October 2020 Critical Patch Update. It is remotely exploitable without authentication, i.e. may be exploited over a network without the need for a username and password," Oracle said in a security alert.