Security News

Players' managers looking to lift salaries by a couple of million pounds or so better check their email read receipts: a full week after Manchester United was hit by hackers, many of its systems remain offline, with at least one report claiming the club is being shaken down for ransom. In a statement, the football club told The Register: "Following the recent cyber attack on the club, our IT team and external experts secured our networks and have conducted forensic investigations. This attack was by nature disruptive, but we are not currently aware of any fan data being compromised."

An unpatched local privilege escalation vulnerability affecting all Windows 7 and Server 2008 R2 devices received a free and temporary fix today through the 0patch platform. 0patch's free micropatch is targeting Windows 7 and Server 2008 R2 computers without ESU and those with ESU. At the moment, only small-and-midsize businesses or organizations with volume-licensing agreements can get an ESU license until January 2023.

A threat group tracked as Stantinko was observed using a new version of a Linux proxy Trojan that poses as Apache servers to remain undetected. Previously, the Stantinko group was mainly known for the targeting of Windows systems, but recent attacks show that they are also focusing on evolving their Linux malware, with a new proxy Trojan that masquerades as httpd, the Apache Hypertext Transfer Protocol Server found on many Linux servers.

An adware and coin-miner botnet targeting Russia, Ukraine, Belarus, and Kazakhstan at least since 2012 has now set its sights on Linux servers to fly under the radar. According to a new analysis published by Intezer today and shared with The Hacker News, the trojan masquerades as HTTPd, a commonly used program on Linux servers, and is a new version of the malware belonging to a threat actor tracked as Stantinko.

Looking for an easy to use encryption tool to protect data on your Linux servers? Jack Wallen shows you how to install and use gocryptfs to serve that very purpose.

Japanese games giant Capcom, the company behind the 33-year-old Street Fighter franchise, has issued "Deepest apologies" to customers and other stakeholders whose details may have been accessed by miscreants during a ransomware infection. Capcom was able to confirm this was a targeted attack against the company using ransomware, which destroyed and encrypted data on its servers.

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Plundervolt is a software-based attack on recent Intel processors running SGX enclaves that lowers the voltage to induce faults or errors that allow the recovery of secrets like encryption keys. Half the point of SGX is to protect sensitive code and data from rogue server administrators when said servers are out of reach and in someone else's data center - such as a cloud provider's - and yet it is possible for someone at a cloud provider with physical access to a box to jolt an Intel processor into breaking its SGX protections.

Jack Wallen walks you through the process of putting in place a temporary fix against SAD DNS for your Linux servers and desktops. There's a new DNS cache poisoning threat in town and it goes by the name of Side-channel AttackeD DNS. This new attack works like so: SAD DNS makes it possible for hackers to reroute traffic destined to a specific domain to a server under their control.

Researchers have uncovered a new worm targeting Linux based x86 servers, as well as Linux internet of things devices. Of note, the malware utilizes GitHub and Pastebin for housing malicious component code, and has at least 12 different attack modules available - leading researchers to call it "Gitpaste-12." It was first detected by Juniper Threat Labs in attacks on Oct. 15, 2020.