Security News

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

Dubbed NXNSAttack, the flaw [PDF] can be abused to pull off a classic amplification attack: you send a small amount of specially crafted data to a DNS server, which responds by sending a lot of data to a victim's server. The recursive server contacts your DNS server for your dot.com for that information.

Mayo? Mustard? Creep who takes your sandwich order plus the personal details you handed over for contact tracing? You may well ask how you do contact tracing without collecting people's PII. Countries have certainly asked, and they've found what will hopefully turn out to be an approach that leaves people's privacy intact.

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.

Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework, a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. In a separate development, the Salt vulnerability was used to hack into DigiCert certificate authority as well.

Hosting biz GoDaddy has admitted a hacker tampered with an SSH file on its servers, leading to the theft of 28,000 users' SSH credentials. The intrusion, which took place last month, involved one or more malicious persons "Alter" an SSH file on GoDaddy's infrastructure, the US giant told The Register.

A threat actor managed to compromise more than 75% of the devices within a company by distributing their malware through a mobile device management server, Check Point reports. As part of the attack, cybercriminals were distributing a new variant of the Cerberus Android malware that was designed to collect large amounts of sensitive data and exfiltrate it to a remote command and control server.

Oracle is urging customers to fast-track a patch for a critical flaw in its WebLogic Server under active attack. Oracle WebLogic Server is a popular application server used in building and deploying enterprise Java EE applications.

Over the past several days, hackers have exploited two recently disclosed Salt vulnerabilities to compromise the servers of LineageOS, Ghost and DigiCert. Last week, F-Secure security researchers disclosed two vulnerabilities in Salt that could allow remote attackers to execute commands as root on "Master" and connected minions.

The open-source Salt management framework contains high-severity security vulnerabilities that allow full remote code execution as root on servers in data centers and cloud environments. "The ClearFuncs class also exposes the method prep auth info(), which returns the root key used to authenticate commands from the local root user on the master server. This root key can then be used to remotely call administrative commands on the master server. This unintentional exposure provides a remote un-authenticated attacker with root-equivalent access to the salt master."