Security News

Researchers from the Microsoft Threat Intelligence Center have observed the APT it calls Nobelium using a post-exploitation backdoor dubbed FoggyWeb, to attack Active Directory Federation Services servers. Once a server is compromised, the threat group deploys FoggyWeb "To remotely exfiltrate the configuration database of compromised AD FS servers, decrypted token-signing certificates and token-decryption certificates," he said, which can be used to penetrate into users' cloud accounts.

Microsoft on Monday revealed new malware deployed by the hacking group behind the SolarWinds supply chain attack last December to deliver additional payloads and steal sensitive information from Active Directory Federation Services servers. "Once Nobelium obtains credentials and successfully compromises a server, the actor relies on that access to maintain persistence and deepen its infiltration using sophisticated malware and tools," MSTIC researchers said.

The global server market size is expected to reach $145.31 billion by 2028, according to ResearchAndMarkets. Such developments are expected to cause an increase in the average selling prices of servers, which is expected to subsequently benefit the market growth.

VMware has released a security update that includes patches for 19 CVE-numbered vulnerabilities that affect the company's vCenter Server virtualization management platform and its hybrid Cloud Foundation platform for managing VMs and orchestrating containers. "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," said Bob Plankers, Technical Marketing Architect at VMware.

VMware has fixed 19 vulnerabilities affecting VMware vCenter Server and VMware Cloud Foundation, the most critical of which is CVE-2021-22005. "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server," the company noted.

The most urgent among them is an arbitrary file upload vulnerability in the Analytics service that impacts vCenter Server 6.7 and 7.0 deployments. "A malicious actor with network access to port 443 on vCenter Server may exploit this issue to execute code on vCenter Server by uploading a specially crafted file," the company noted, adding "This vulnerability can be used by anyone who can reach vCenter Server over the network to gain access, regardless of the configuration settings of vCenter Server."

VMware warns customers to immediately patch a critical arbitrary file upload vulnerability in the Analytics service, impacting all appliances running default vCenter Server 6.7 and 7.0 deployments.vCenter Server is a server management solution that helps IT admins manage virtualized hosts and virtual machines in enterprise environments via a single console.

The Republican Governors Association revealed in data breach notification letters sent last week that its servers were breached during an extensive Microsoft Exchange hacking campaign that hit organizations worldwide in March 2021. Following an investigation started after March 10, "RGA determined that the threat actors accessed a small portion of RGA's email environment between February 2021 and March 2021, and that personal information may have been accessible to the threat actor(s) as a result."

Two legacy IBM System x server models, retired in 2019, are open to attack and will not receive security patches, according to hardware maker Lenovo. The two models, IBM System x 3550 M3 and IBM System x 3650 M3, are both vulnerable to command injection attacks.

Worldwide server market revenue declined 2.5% year over year to $23.6 billion during the second quarter of 2021, according to the International Data Corporation. "Broadly speaking, server market performance was muted in the second quarter as the market shifted slightly towards single socket server configurations," said Paul Maguranis, senior research analyst, Infrastructure Platforms and Technologies at IDC. "While servers purchased directly from ODMs declined year over year, some past backlog recovery within the hyperscale datacenter community contributed to a large jump in this segment when compared to the first quarter of this year."