Security News

Old-school security hole perfect for worms and remote hijackings found lurking in Windows Server DNS code
2020-07-15 00:40

Microsoft on Tuesday patched a wormable hole in its Windows Server software that can be exploited remotely to completely commandeer the machine without any authorization. Some 18 of those CVE-listed security flaws are considered critical, meaning remote code execution is possible without user interaction.

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers
2020-07-14 00:17

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server Java platform, allowing an unauthenticated attacker to take control of SAP applications. "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency said in an advisory.

New Highly-Critical SAP Bug Could Let Attackers Take Over Corporate Servers
2020-07-14 00:17

SAP has patched a critical vulnerability impacting the LM Configuration Wizard component in NetWeaver Application Server Java platform, allowing an unauthenticated attacker to take control of SAP applications. "If successfully exploited, a remote, unauthenticated attacker can obtain unrestricted access to SAP systems through the creation of high-privileged users and the execution of arbitrary operating system commands with the privileges of the SAP service user account, which has unrestricted access to the SAP database and is able to perform application maintenance activities, such as shutting down federated SAP applications," the US Cybersecurity and Infrastructure Security Agency said in an advisory.

Germany Seizes Server Hosting Pilfered U.S. Police Files
2020-07-09 18:22

The data, dating back to 1996, include emails, audio and video files and police and FBI intelligence reports. Some of the files offer insights into the police response to those protests, they said.

BlueLeaks Server Seized By German Police: Report
2020-07-09 14:09

German authorities have reportedly seized a server hosting the massive BlueLeaks data dump, which was released earlier in June and exposed thousands of sensitive police department and law enforcement files. "We have received official confirmation that #DDoSecrets' primary public download server was seized by German authorities," said Emma Best, founder of DDoSecrets, in a Tuesday Twitter post.

Microsoft Releases Emergency Security Updates for Windows 10, Server
2020-07-01 12:39

Microsoft has quietly pushed out two emergency security updates to fix remote code execution bugs in Microsoft Windows Codecs Library. The out-of-band updates, addressing a critical-severity flaw and important-severity vulnerability, were sent out via Windows Update Tuesday night and affect several versions of Windows 10 and Windows Server 2019.

How attackers target and exploit Microsoft Exchange servers
2020-06-25 10:38

Microsoft Exchange servers are an ideal target for attackers looking to burrow into enterprise networks, says Microsoft, as "They provide a unique environment that could allow attackers to perform various tasks using the same built-in tools or scripts that admins use for maintenance." According to Microsoft, April was the month when multiple campaigns began to target Exchange servers.

The state of OpenPGP key servers: Kristian, can you renew my certificate? A month later: Kristian? Ten days later: Too late, it’s expired
2020-06-24 00:05

"Hi all, Has anyone seen or heard from Kristian in the last month or so?" asked Todd Fleisher earlier this month - in fact, 11 June - on the main mailing list for an important cluster of OpenPGP key servers. Fiskerstrand, who had seemingly gone AWOL, issues cryptographic certificates to servers that join the SKS keyserver pools, allowing these volunteer machines to share the load in securely handling key lookup requests.

Inspur eleases NF5468M6 and NF5468A5 AI servers supporting NVIDIA A100 PCIe Gen 4 GPU at ISC20
2020-06-24 00:00

Thanks to its agile and strong product design and development capabilities, Inspur is one of the first in the industry to support the NVIDIA A100 Tensor Core GPU and build up a comprehensive and competitive next-generation AI computing platform. The NVIDIA A100 offers multi-instance GPU technology, which enables a single GPU to be partitioned into seven hardware-isolated instances to work on multiple networks simultaneously.

XORDDoS, Kaiji DDoS Botnets Target Docker Servers
2020-06-23 12:06

The distributed denial-of-service botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday. Trend Micro has recently spotted variants that also target Docker servers.