Security News

The first Patch Tuesday of 2022 is upon us, and Microsoft has delivered patches for 96 CVE-numbered vulnerabilities, including a wormable RCE flaw in Windows Server. Among the publicly known flaws are a "Critical" RCE in curl and "Important" RCE in libarchive open source libraries, which have now been "Fixed" in Windows 10, 11 and Server with the inclusion of the most recent versions of the libraries.

The Night Sky ransomware gang has started to exploit the critical CVE-2021-44228 vulnerability in the Log4j logging library, also known as Log4Shell, to gain access to VMware Horizon systems. Spotted in late December 2021 by security researcher MalwareHunterTeam, Night Sky ransomware focuses on locking enterprise networks.

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. While we couldn't find what targets were targeted using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity firm Amnpardaz this week.

Microsoft has released an emergency out-of-band update to address a Windows Server bug leading to Remote Desktop connection and performance issues. Affected platforms include Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. The updates that address this issue are not available from Windows Update and will not install automatically on affected systems.

Pritunl is an open source VPN server you can easily install on your Linux servers to virtualize your private networks. I've walked you through the process of installing Pritunl on Ubuntu Server 20.04 and now I want to do the same with AlmaLinux 8.5.

Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker. If you're seriously concerned about security and would rather not save your password database on a third-party server, you might want to consider deploying your own Bitwarden server.

Don't duck at the latest mention of Apache: Two critical bugs in its HTTP web server - HTTPD - need to be patched pronto, lest they lead to attackers triggering denial of service or bypassing your security policies. Both vulnerabilities are found in Apache HTTP Server 2.4.51 and earlier.

The credentials were a mixed bag in terms of sources, and it's not clear how these passwords became compromised. He added, "A compromised password goes well beyond the initial compromise as it facilitates password spraying and with the help of AI based analytical tools, the bad actors can start to identify patterns of how a person creates passwords. This is possible as the userID in question is an email address for the majority of the cases."

With more than 3000 files totalling close to a million line of source code, Apache httpd is a large and capable server, with myriad combinations of modules and options making it both powerful and dangerous at the time. Apache just published an httpd update that fixes two CVE-numbered security bugs.