Security News

How to Use an SSH Config File on macOS for Easier Connections to Your Data Center Servers Jack Wallen shows you how to make SSH connections even easier from your macOS machine. The only thing you'll need is a MacBook or iMac that includes SSH and some remote servers to connect to.

Mastodon, the free and open-source decentralized social networking platform, has patched four vulnerabilities, one of them critical that allows hackers to create arbitrary files on the server using specially crafted media files. Mastodon has about 8.8 million users spread across 13,000 separate servers hosted by volunteers to support distinct yet inter-connected communities.

Mastodon, a popular decentralized social network, has released a security update to fix critical vulnerabilities that could expose millions of users to potential attacks. Mastodon is known for its federated model, consisting of thousands of separate servers called "Instances," and it has over 14 million users across more than 20,000 instances.

Attackers behind an ongoing series of proxyjacking attacks are hacking into vulnerable SSH servers exposed online to monetize them through proxyware services that pay for sharing unused Internet bandwidth. Like cryptojacking, which allows attackers to use hacked systems to mine for cryptocurrency, proxyjacking is a low-effort and high-reward tactic of leeching compromised devices' resources.

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer proxy network, such as Peer2Profit or Honeygain," Akamai researcher Allen West said in a Thursday report.

The Akira ransomware operation uses a Linux encryptor to encrypt VMware ESXi virtual machines in double-extortion attacks against companies worldwide. BleepingComputer's analysis of the Linux encryptor shows it has a project name of 'Esxi Build Esxi6,' indicating the threat actors designed it specifically to target VMware ESXi servers.

VMware has addressed multiple high-severity security flaws in vCenter Server, which can let attackers gain code execution and bypass authentication on unpatched systems. vCenter Server is the control center for VMware's vSphere suite and a server management solution that helps admins manage and monitor virtualized infrastructure.

Researchers at Korean anti-malware business AhnLab are warning about an old-school attack that they say they're seeing a lot of these days, where cybercriminals guess their way into Linux shell servers and use them as jumping-off points for further attacks, often against innocent third parties. These attackers are using the not-very-secret and not-at-all-complicated trick of finding Linux shell servers that are accepting SSH connections over the internet, and then simply guessing at common username/password combinations in the hope that at least one user has a poorly-secured account.

An unknown threat actor is brute-forcing Linux SSH servers to install a wide range of malware, including the Tsunami DDoS bot, ShellBot, log cleaners, privilege escalation tools, and an XMRig coin miner. Network administrators typically use SSH to manage Linux devices remotely, performing tasks such as running commands, changing the configuration, updating software, and troubleshooting problems.

A threat group tracked as APT28 and linked to Russia's General Staff Main Intelligence Directorate has breached Roundcube email servers belonging to multiple Ukrainian organizations, including government entities. In these attacks, the cyber-espionage group leveraged news about the ongoing conflict between Russia and Ukraine to trick recipients into opening malicious emails that would exploit Roundcube Webmail vulnerabilities to hack into unpatched servers.