Security News

A new ransomware operation called RedAlert, or N13V, encrypts both Windows and Linux VMWare ESXi servers in attacks on corporate networks. The Linux encryptor is created to target VMware ESXi servers, with command-line options that allow the threat actors to shut down any running virtual machines before encrypting files.

You don't want that, but how do you prevent such a reality? One way is to enable two-factor authentication on the server. How do you set up SSH 2FA on your Ubuntu Server? Let me show you.

The Privacy Protection Authority in Israel seized servers hosting multiple travel booking websites because their operator failed to address security issues that enabled data breaches affecting more than 300,000 individuals. On Thursday, Israel's The Privacy Protection Authority on Thursday confirmed the cyberattack, which is believed to be the work of an Iranian threat actor, The Times of Israel reports.

Microsoft has reminded customers that Windows Server 2012/2012 R2 will reach its extended end-of-support date next year, on October 10, 2023. Released in October 2012, Windows Server 2012 has entered its tenth year of service and has already reached the mainstream end date over three years ago, on October 9, 2018.

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services, a web server software for Windows systems, after exploiting one of the ProxyLogon flaws within Exchange servers.

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

Attackers used a newly discovered malware to backdoor Microsoft Exchange servers belonging to government and military organizations from Europe, the Middle East, Asia, and Africa. In late April 2022, while still investigating the attacks, Kaspersky found that most of the malware samples identified earlier were still deployed on 34 servers of 24 organizations.

One of the common techniques used by these threat actors to try to add a strong layer of anonymity consists of using The Onion Router network to hide the location of their servers. It is important to note that servers hosted on the Tor network are just typical servers hosted on the Internet - users are merely accessing them via a special network.

A new security vulnerability has been disclosed in RARlab's UnRAR utility that, if successfully exploited, could permit a remote attacker to execute arbitrary code on a system that relies on the binary. The flaw, assigned the identifier CVE-2022-30333, relates to a path traversal vulnerability in the Unix versions of UnRAR that can be triggered upon extracting a maliciously crafted RAR archive.

The Cybersecurity and Infrastructure Security Agency and Coast Guard Cyber Command released a joint advisory warning the Log4Shell flaw is being abused by threat actors that are compromising public-facing VMware Horizon and Unified Access Gateway servers. The VMware Horizon is a platform used by administrators to run and deliver virtual desktops and apps in the hybrid cloud, while UAG provides secure access to the resources residing inside a network.