Security News

Threat actors are generating revenue by using adware bundles, malware, or even hacking into Microsoft SQL servers, to convert devices into proxies rented through online proxy services. To steal a device's bandwidth, the threat actors install software called 'proxyware' that allocates a device's available internet bandwidth as a proxy server that remote users can use for various tasks, like testing, intelligence collection, content distribution, or market research.

Threat actors have been adopting a less common method to generate revenue and are leveraging payloads to install proxyware services on target systems. Proxyware is a program that allows allocating available internet bandwidth over a proxy to users that need it for various tasks, like testing, intelligence collection, content distribution, or market research.

Microsoft says attackers increasingly use malicious Internet Information Services web server extensions to backdoor unpatched Exchange servers as they have lower detection rates compared to web shells. Microsoft previously saw custom IIS backdoors installed after threat actors exploited ZOHO ManageEngine ADSelfService Plus and SolarWinds Orion vulnerabilities.

Cyber resiliency is now an essential requirement for any business. Given the threat to data and IT servers, businesses must invest in cyber-resiliency strategies to reduce operational risk.

Microsoft has reminded customers once again that Windows Server, version 20H2, will be reaching its End of Service in less than a month, on August 9. "On August 9, 2022, all editions of Windows Server, version 20H2 will reach end of servicing. The upcoming August 2022 security update, to be released on August 9, 2022, will be the last update available for this version," Microsoft said in a Windows message center update this week.

SSH is a tool I use every single day to log into remote Linux servers and take care of my admin tasks. Here are my five most straightforward tips for securing SSH on your Linux machines.

VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host system," Palo Alto Networks Unit 42 said in a Friday report.

A batch of updates to X.org's suite of X11 servers and components just appeared. Among the new features, there were also fixes for two security holes mentioned in an X.org Foundation security advisory, which covers CVE-2022-2319 and CVE-2022-2320.

Eight months after disclosing a high-severity privilege escalation flaw in vCenter Server's IWA mechanism, VMware has finally released a patch for one of the affected versions. Successful exploitation enables attackers with non-administrative access to unpatched vCenter Server deployments to elevate privileges to a higher privileged group.

Microsoft reminded customers today that Windows Server, version 20H2 will be reaching its End of Service next month, on August 9. This comes after a May 2022 reminder that Windows Server 20H2 will reach the mainstream support end date for Standard Core and Datacenter Core users.