Security News

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines running on them.

If you've already spent the time learning SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground. Ubuntu Server has its own Mandatory Access Control system, called AppArmor, which is similar to SELinux, in that they both provide tools to isolate applications from one another, to protect the host system.

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.

Microsoft has reminded Windows Server 2012 and SQL Server 2012 users that the products will reach their extended support end dates during the next two years, urging them to update to avoid security and compliance gaps. Even though Windows Server 2012 has reached its mainstream support end date in September 2018, the end date for extended support was pushed back five years for this exact reason: to allow organizations to migrate to newer, under-support Windows Server versions.

There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers - a basic step underpinning technology infrastructure in every industry. The survey finds 76% are deploying automated patching procedures and that live patching to fix vulnerabilities is commonly used to avoid downtime that is normally associated with patching.

If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you. Recently, I had an incident where a two-factor authentication-enabled Linux server wouldn't allow me in via SSH. Fortunately, I had physical access to the server, so it wasn't a complete disaster.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. "CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.

A Nevada hospital confirmed its data servers had been breached after a hacking group posted images of personal information online it apparently acquired in a cyber theft. The Las Vegas Review-Journal reported that University Medical Center issued a statement confirming that cybercriminals in mid-June accessed a hospital server used to store data and that law enforcement was investigating.

Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. DoubleVPN is a Russian-based VPN service that double-encrypts data sent through their service.