Security News

Researchers have uncovered a previously unknown malicious IIS module, dubbed Owowa, that steals credentials when users log into Microsoft Outlook Web Access."The particular danger with Owowa is that an attacker can use the module to passively steal credentials from users who are legitimately accessing web services," he explained.

Microsoft has addressed a known issue that plagued Windows Server customers for weeks, preventing the Defender for Endpoint enterprise security platform from launching on some systems. The issue only impacts devices where customers installed Windows Server 2019 and Windows Server 2022 security updates issued during last month's Patch Tuesday.

Here's a single command you can run to test and see if you have any vulnerable packages installed. Are you using it as part of a Java project, is it rolled into a container, did you install it with your distribution package manager, and which log4j packages did you install? Or did you install it from source? Because of this, you might not even know if your server is vulnerable.

A serious security vulnerability in a popular product from Apache has opened the floodgates for cybercriminals to try to attack susceptible servers. Hackers know that organizations are often slow to patch even critical security flaws, which is why attackers are frantically hunting for unpatched systems.

The bug, now officially denoted CVE-2021-44248, involves sending a request to a vulnerable server in which you include some data - for example, an HTTP header - that you expect the server will write to its logfile. Not just any old download: if the data that comes back is a valid Java program, then the server runs that file to "Help" it generate the logging data.

Need to lock down that Linux server so certain remote users can only access a specific directory and only for file upload and download purposes? Jack Wallen shows you how. When you have a server with SSH access, unless you've configured it otherwise, any user with an account on that system can log in and, if they have the permissions and skill, wreak havoc on your server.

At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to grab Discord access tokens and environment variables from users' computers as well as gain full control over a victim's system.

A series of malicious packages in the Node.js package manager code repository are looking to harvest Discord tokens, which can be used to take over unsuspecting users' accounts and servers. Js, which enables interaction with the Discord API. "The malware's author took the original discord.js library as the base and injected obfuscated malicious code into the file src/client/actions/UserGet.js," according to JFrog, which added, "In classic trojan manner, the packages attempt to misdirect the victim by copying the README.md from the original package."

Microsoft says the first Secured-core certified Windows Server and Microsoft Azure Stack HCI devices are now available to protect customers' networks from security threats, including ransomware attacks. The newly certified Secured-core servers use Secure boot and the Trusted Platform Module 2.0 to ensure that only trusted will be able to load on boot.

NASA has upgraded its near-Earth asteroid monitoring algorithm to model hazardous space rocks more accurately after nearly two decades, it announced on Tuesday. Astronomers working at the space agency's Center for Near Earth Object Studies can now automatically calculate thermal influences that nudge an asteroid's orbit, potentially sending it hurtling towards our home planet.