Security News

The distributed denial-of-service botnets named XORDDoS and Kaiji recently started targeting exposed Docker servers, Trend Micro warned on Monday. Trend Micro has recently spotted variants that also target Docker servers.

To explain: SSRF is a way that someone with possibly very limited access to your network can send a legitimate looking query to one of your servers. If you can trick the vulnerable server into calling outside its own network by sending it an otherwise legimitate request, you may be able to capture server data such as secret authentication tokens or special HTTP headers that are usually only visible if you are already inside the network.

Updates released this week by Drupal patch several vulnerabilities, including a flaw that could allow an attacker to execute arbitrary PHP code. The code execution vulnerability, tracked as CVE-2020-13664, can be exploited against Drupal 8 and 9 installations, but only in certain circumstances.

Vendor revenue in the worldwide server market declined 6.0% year over year to $18.6 billion during the first quarter of 2020. Worldwide server shipments declined 0.2% year over year to just under 2.6 million units in 1Q20, IDC reveals.

Cybersecurity firm Trustwave on Wednesday disclosed the details of several vulnerabilities found by its researchers in SAP Adaptive Server Enterprise. SAP ASE is a relational database management system that is used by many major organizations, particularly in the financial sector.

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.

A new set of critical vulnerabilities uncovered in SAP's Sybase database software can grant unprivileged attackers complete control over a targeted database and even the underlying operating system in certain scenarios. A second vulnerability concerns ASE Cockpit, a web-based administrative console that's used for monitoring the status and availability of ASE servers.

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.

Cybersecurity researchers today disclosed details for a new vulnerability in VMware's Cloud Director platform that could potentially allow an attacker to gain access to sensitive information and control private clouds within an entire infrastructure. VMware Cloud Director is a popular deployment, automation, and management software that's used to operate and manage cloud resources, allowing businesses to data centers distributed across different geographical locations into virtual data centers.

Six Cisco-operated servers were hacked via SaltStack security vulnerabilities, the networking giant revealed this week. The compromised systems act as the salt-master servers for releases 1.2 and 1.3 of Cisco's Virtual Internet Routing Lab Personal Edition product, and customer installations connect to these Cisco-maintained backend boxes.