Security News

AvosLocker is the latest ransomware gang that has added support for encrypting Linux systems to its recent malware variants, specifically targeting VMware ESXi virtual machines. While we couldn't find what targets were targeted using this AvosLocker ransomware Linux variant, BleepingComputer knows of at least one victim that got hit with a $1 million ransom demand.

A previously unknown rootkit has been found setting its sights on Hewlett-Packard Enterprise's Integrated Lights-Out server management technology to carry out in-the-wild attacks that tamper with the firmware modules and completely wipe data off the infected systems. The discovery, which is the first instance of real-world malware in iLO firmware, was documented by Iranian cybersecurity firm Amnpardaz this week.

Microsoft has released an emergency out-of-band update to address a Windows Server bug leading to Remote Desktop connection and performance issues. Affected platforms include Windows Server 2022, Windows Server 2019, Windows Server 2016, and Windows Server 2012 R2. The updates that address this issue are not available from Windows Update and will not install automatically on affected systems.

Pritunl is an open source VPN server you can easily install on your Linux servers to virtualize your private networks. I've walked you through the process of installing Pritunl on Ubuntu Server 20.04 and now I want to do the same with AlmaLinux 8.5.

Are you looking to deploy an in-house password manager server? Jack Wallen shows you how with Bitwarden and Docker. If you're seriously concerned about security and would rather not save your password database on a third-party server, you might want to consider deploying your own Bitwarden server.

Don't duck at the latest mention of Apache: Two critical bugs in its HTTP web server - HTTPD - need to be patched pronto, lest they lead to attackers triggering denial of service or bypassing your security policies. Both vulnerabilities are found in Apache HTTP Server 2.4.51 and earlier.

The credentials were a mixed bag in terms of sources, and it's not clear how these passwords became compromised. He added, "A compromised password goes well beyond the initial compromise as it facilitates password spraying and with the help of AI based analytical tools, the bad actors can start to identify patterns of how a person creates passwords. This is possible as the userID in question is an email address for the majority of the cases."

With more than 3000 files totalling close to a million line of source code, Apache httpd is a large and capable server, with myriad combinations of modules and options making it both powerful and dangerous at the time. Apache just published an httpd update that fixes two CVE-numbered security bugs.

Conti ransomware operation is using the critical Log4Shell exploit to gain rapid access to internal VMware vCenter Server instances and encrypt virtual machines. Among the first to leverage the bug were cryptocurrency miners, botnets, and a new ransomware strain called Khonsari.

Microsoft urges admins of self-hosted Minecraft servers to upgrade to the latest release to defend against Khonsari ransomware attacks exploiting the critical Log4Shell security vulnerability. While there was no mention of attacks targeting Minecraft servers using Log4Shell exploits at the time, Redmond's security experts updated their CVE-2021-44228 guidance today to warn of ongoing exploitation to deliver ransomware on non-Microsoft hosted Minecraft servers.