Security News

Analyzing data from the U.S. Department of Health and Human Services, threat protection company Bitglass found that the count of healthcare breaches reported in 2020 increased to 599, a jump of more than 50% compared to the previous year. Most of the breaches were caused by hacking and IT incidents, which exposed data from 24.1 million individuals, making them vulnerable to identity theft and phishing attacks.

The servers of British cryptocurrency exchange EXMO were taken offline temporarily after being targeted in a distributed denial-of-service attack. "We are currently experiencing a DDoS attack on our platform," the exchange said in a notification published earlier today.

Media company Plex has fixed a vulnerability in its media server that could have been used by hackers to strengthen DDoS attacks. In an announcement released last Friday and updated on Saturday, Plex said that it has issued hotfix 66 for Plex Media Server to address the flaw in its product.

A new distributed denial-of-service attack vector has ensnared Plex Media Server systems to amplify malicious traffic against targets to take them offline. "Plex's startup processes unintentionally expose a Plex UPnP-enabled service registration responder to the general Internet, where it can be abused to generate reflection/amplification DDoS attacks," Netscout researchers said in a Thursday alert.

Malicious actors have been abusing Plex Media Server to amplify distributed denial-of-service attacks, according to application and network performance management company Netscout. A popular personal media library and streaming solution, Plex Media Server can be used on Windows, macOS, and Linux systems, to stream content, including that from network-attached storage devices, RAID storage, and the like.

Enterprises average 2.5 root access keys per server analyzed. Root access keys provide the highest levels of access to machines; if a threat actor gains access to root privileges, they can access anything on a remote server, or on multiple servers if the server has been cloned.

Jack Wallen walks you through the manual process of installing ModSecurity for NGINX on Ubuntu Server 20.04. ModSecurity cannot be enabled with an instance of NGINX installed with apt-get, so you must do it manually.

Plex Media Server systems are actively being abused by DDoS-for-hire services as a UDP reflection/amplification vector in Distributed Denial of Service attacks. "We've seen its use as far back as November when activity ramped up, but most of the time, we see its use is in multi-vector attacks rather than as a primary vector, which can result in some uncertainty in finding an exact day it began to be used," Hummel said when asked of the first time PMSSDP was observed as a DDoS attack amplification vector.

Advanced persistent threat group Lebanese Cedar has compromised at least 250 public-facing servers since early 2020, researchers said, with its latest malware. The group has added new features to its custom "Caterpillar" webshell and the "Explosive RAT" remote access trojan, both of which researchers at ClearSky Security said they linked to the compromise of the public servers [PDF], which allowed widespread espionage.

A financially-motivated threat actor notorious for its cryptojacking attacks has leveraged a revised version of their malware to target cloud infrastructures using vulnerabilities in web server technologies, according to new research. Deployed by the China-based cybercrime group Rocke, the Pro-Ocean cryptojacking malware now comes with improved rootkit and worm capabilities, as well as harbors new evasion tactics to sidestep cybersecurity companies' detection methods, Palo Alto Networks' Unit 42 researchers said in a Thursday write-up.