Security News
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
Cybersecurity researchers today uncovered a completely undetectable Linux malware that exploits undocumented techniques to stay under the radar and targets publicly accessible Docker servers hosted with popular cloud platforms, including AWS, Azure, and Alibaba Cloud. According to the latest research Intezer shared with The Hacker News, an ongoing Ngrok mining botnet campaign scanning the Internet for misconfigured Docker API endpoints and has already infected many vulnerable servers with new malware.
Tracked as CVE-2020-1147 and considered critical severity, the bug occurs when the software doesn't check the source markup of XML file input. "The vulnerability is found in the DataSet and DataTable types which are.NET components used to manage data sets," the software giant revealed in an advisory published last week.
The U.S. Cybersecurity and Infrastructure Security Agency is ordering all federal executive branch offices to apply a patch for a wormable Windows Server bug within 24 hours, warning of a "High potential for compromise of agency information systems." "CISA has determined that this vulnerability poses unacceptable significant risk to the Federal Civilian Executive Branch and requires an immediate and emergency action," the agency said in the directive.
If you're looking for a platform to help with the collection and sharing of cybersecurity events, you need not look any further than MISP. Jack Wallen shows you how to install this tool. Malware Information Sharing Platform is a tool for the collection, storing, distributing, and sharing of cybersecurity indicators and threats.
The US Cybersecurity and Infrastructure Security Agency has instructed government agencies to immediately address a vulnerability affecting Windows DNS servers. The flaw, which impacts Windows Server versions released in the past 17 years, allows a remote, unauthenticated attacker to run arbitrary code on affected Windows DNS servers using specially crafted requests.
The good news for most of us, at least in terms of patching, is that this vulnerability only affects Windows servers, because the bug is in the Windows DNS server code, not in the Windows DNS client code. DNS servers often need to perform client-like functions, for example by passing on requests that they can't answer themselves to other servers that can, reading in the replies and reformatting them to reply to the original client request that came in.
Cybersecurity researchers today issued a security advisory warning enterprises and governments across the globe to immediately patch a highly-critical remote code execution vulnerability affecting F5's BIG-IP networking devices running application security servers. According to Mikhail Klyuchnikov, a security researcher at Positive Technologies who discovered the flaw and reported it to F5 Networks, the issue resides in a configuration utility called Traffic Management User Interface for BIG-IP application delivery controller.
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.
A threat actor can exploit SigRed vulnerability by sending crafted malicious DNS queries to a Windows DNS server and achieve arbitrary code execution, enabling the hacker to intercept and manipulate users' emails and network traffic, make services unavailable, harvest users' credentials and much more. Crafting Malicious DNS Responses Stating that the objective was to identify a vulnerability that would let an unauthenticated attacker compromise a Windows Domain environment, Check Point researchers said they focused on Windows DNS, specifically taking a closer look at how a DNS server parses an incoming query or a response for a forwarded query.