Security News

Oracle on Tuesday released its quarterly Critical Patch Update for July 2021 with 342 fixes spanning across multiple products, some of which could be exploited by a remote attacker to take control of an affected system. Chief among them is CVE-2019-2729, a critical deserialization vulnerability via XMLDecoder in Oracle WebLogic Server Web Services that's remotely exploitable without authentication.

The Dicentis system server from Bosch has become very popular since its launch in 2019, with more than 60% of Dicentis Conference System installations now including the device. This solution has now been upgraded with new hardware from HP and an enhanced operating system.

Publicly owned rail operator Northern Trains has an excuse somewhat more technical than "Leaves on the line" for its latest service disruption: a ransomware attack that has left its self-service ticketing booths out for the count. A representative for Northern Trains referred further questions on to Flowbird Transport, which provides the ticketing system in question, telling us "It's their system that's been affected."

The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said. Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."

Another zero day vulnerability in Windows Print Spooler can give a threat actor administrative privileges on a Windows machine through a remote server under the attacker's control and the 'Queue-Specific Files' feature. Since the incomplete fix, security researchers have been heavily scrutinizing the Windows printing APIs and have found further vulnerabilities affecting the Windows print spooler.

For the first time, researchers have publicly spotted a Linux encryptor used by the HelloKitty ransomware gang: the outfit behind the February attack on videogame developer CD Projekt Red. On Wednesday, MalwareHunterTeam disclosed its discovery of numerous Linux ELF-64 versions of the HelloKitty ransomware targeting VMware ESXi servers and virtual machines running on them.

If you've already spent the time learning SELinux, but have to deploy Ubuntu as a server operating system, you can install SELinux and be on familiar ground. Ubuntu Server has its own Mandatory Access Control system, called AppArmor, which is similar to SELinux, in that they both provide tools to isolate applications from one another, to protect the host system.

The ransomware gang behind the highly publicized attack on CD Projekt Red uses a Linux variant that targets VMware's ESXi virtual machine platform for maximum damage. Yesterday, security researcher MalwareHunterTeam found numerous Linux ELF64 versions of the HelloKitty ransomware targeting ESXi servers and the virtual machines running on them.

Microsoft has reminded Windows Server 2012 and SQL Server 2012 users that the products will reach their extended support end dates during the next two years, urging them to update to avoid security and compliance gaps. Even though Windows Server 2012 has reached its mainstream support end date in September 2018, the end date for extended support was pushed back five years for this exact reason: to allow organizations to migrate to newer, under-support Windows Server versions.

There is a lot of attention being paid to continuously updating servers to patch security vulnerabilities on Linux servers running in data centers - a basic step underpinning technology infrastructure in every industry. The survey finds 76% are deploying automated patching procedures and that live patching to fix vulnerabilities is commonly used to avoid downtime that is normally associated with patching.