Security News

The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said. Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."

Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. Since the incomplete fix, security researchers have been heavily scrutinizing the Windows printing APIs and have found further vulnerabilities affecting the Windows print spooler.

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines running on them.

If you've already spent the time learning SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground. Ubuntu Server has its own Mandatory Access Control system, called AppArmor, which is similar to SELinux, in that they both provide tools to isolate applications from one another, to protect the host system.

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.

Microsoft has reminded Windows Server 2012 and SQL Server 2012 users that the products will reach their extended support end dates during the next two years, urging them to update to avoid security and compliance gaps. Even though Windows Server 2012 has reached its mainstream support end date in September 2018, the end date for extended support was pushed back five years for this exact reason: to allow organizations to migrate to newer, under-support Windows Server versions.

There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers - a basic step underpinning technology infrastructure in every industry. The survey finds 76% are deploying automated patching procedures and that live patching to fix vulnerabilities is commonly used to avoid downtime that is normally associated with patching.

If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you. Recently, I had an incident where a two-factor authentication-enabled Linux server wouldn't allow me in via SSH. Fortunately, I had physical access to the server, so it wasn't a complete disaster.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. "CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.