Security News

If two-factor authentication logins on your Linux servers are giving you fits, Jack Wallen has the solution for you. Recently, I had an incident where a two-factor authentication-enabled Linux server wouldn't allow me in via SSH. Fortunately, I had physical access to the server, so it wasn't a complete disaster.

Palo Alto Networks' global threat intelligence team, Unit 42, has detailed the tactics ransomware group REvil has employed to great impact so far this year - along with an estimation of the multimillion-dollar payouts it's receiving. REvil threat actors often encrypted the environment within seven days of the initial compromise.

The Cybersecurity and Infrastructure Security Agency has issued a notification regarding the critical PrintNightmare zero-day vulnerability and advises admins to disable the Windows Print Spooler service on servers not used for printing. "CISA encourages administrators to disable the Windows Print spooler service in Domain Controllers and systems that do not print," the US federal agency said.

A Nevada hospital confirmed its data servers had been breached after a hacking group posted images of personal information online it apparently acquired in a cyber theft. The Las Vegas Review-Journal reported that University Medical Center issued a statement confirming that cybercriminals in mid-June accessed a hospital server used to store data and that law enforcement was investigating.

Law enforcement has seized the servers and customer logs for DoubleVPN, a double-encryption service commonly used by threat actors to evade detection while performing malicious activities. DoubleVPN is a Russian-based VPN service that double-encrypts data sent through their service.

Jack Wallen shows you just how easy it is to join an existing AlmaLinux server to an Active Directory domain via a web-based GUI. If you've begun deploying AlmaLinux into your data center or your cloud-hosted services, you might have a reason to join those servers to your existing Active Directory domain. To make this work, you'll need an instance of AlmaLinux, a running Active Directory Domain Controller, and a user with sudo privileges.

MariaDB announced the general availability of MariaDB Community Server 10.6, a major new release that brings significant advancements to the open source MariaDB community. MariaDB Community Server 10.6 adds important features for developers with JSON table functionality, frees users from expensive proprietary ties with expanded PL/SQL compatibility and adds powerful insurance for bad database days with atomic DDL that supports MariaDB's multiple storage engine architecture.

The worldwide server market grew 12% year over year to $20.9 billion during the first quarter of 2021, according to IDC. Worldwide server shipments grew 8.3% year over year to nearly 2.8 million units in 1Q21. Sales of volume servers were up 15.4% to $17.3 billion during the quarter, while midrange server sales declined 2.7% to $2.4 billion. "The first quarter 2021 server market performance benefited from a comparison against the most difficult quarter of last year's pandemic stricken year, but this fact doesn't tell a complete story," said Paul Maguranis, senior research analyst, Infrastructure Platforms and Technologies at IDC. "The considerable increase of server investments during the quarter were also buoyed by global economic tailwinds along with increased investments targeting the modernization of business applications, datacenter infrastructure, and IT operations."

Ukrainian law enforcement arrested cybercriminals associated with the Clop ransomware gang and shut down infrastructure used in attacks targeting victims worldwide since at least 2019. Cybersecurity company Intel 471 told BleepingComputer that the Ukrainian authorities arrested only individuals involved in laundering money for the Clop gang since its core members are likely out of harm's way in Russia.

CloudLinux announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.