Security News

Adventures in SQL Server 2019: Microsoft updates the update that broke the update
2020-10-02 19:06

There was good news for administrators of Microsoft's SQL Server 2019 last night as Cumulative Update 8 emerged, fixing the borkage of its predecessor. Things haven't been going well for the SQL Server 2019 servicing model: Cumulative Update 2 left the SQL Agent a bit unhappy.

Aussie telco Telstra says soz after accidentally diverting traffic meant for encrypted email biz through its servers
2020-10-02 18:01

Aussie telco Telstra has apologised after a Border Gateway Protocol routing oddity caused traffic destined for encrypted email service ProtonMail to wrongly pass through Telstra's servers. Switzerland-headquartered ProtonMail raged in a blog post that Telstra had engaged in "BGP hijacking" through what it described as "Incompetence and not malice", complaining that "Around 30 per cent of the global internet looking for us got pointed to Telstra instead".

Microsoft Exchange Servers Still Open to Actively Exploited Flaw
2020-09-30 14:34

Over half of exposed Exchange servers are still vulnerable to a severe bug that allows authenticated attackers to execute code remotely with system privileges - even eight months after Microsoft issued a fix. The flaw, which stems from the server failing to properly create unique keys at install time, was fixed as part of Microsoft's February Patch Tuesday updates - and admins in March were warned that unpatched servers are being exploited in the wild by unnamed advanced persistent threat actors.

FYI: If you're running HP Device Manager, anyone on your network can get admin on your server via backdoor
2020-09-30 08:32

HP Device Manager, software that allows IT administrators to manage HP Thin Client devices, comes with a backdoor database user account that undermines network security, a UK-based consultant has warned. Nicky Bloor, founder of Cognitous Cyber Security, reports that an HP Inc programmer appears to have set up an insecure user account in a database within HP Device Manager.

FYI: If you're running HP Device Manager, anyone on your network can get admin on your server via backdoor
2020-09-30 08:32

HP Device Manager, software that allows IT administrators to manage HP Thin Client devices, comes with a backdoor database user account that undermines network security, a UK-based consultant has warned. Nicky Bloor, founder of Cognitous Cyber Security, reports that an HP Inc programmer appears to have set up an insecure user account in a database within HP Device Manager.

Source Code of Windows XP, Server 2003 Allegedly Leaked
2020-09-25 14:34

Someone has leaked what appear to be source code files for the Windows XP and Windows Server 2003 operating systems. The source code files for Windows XP and Windows Server 2003 appear to have been made public for the first time.

How to install the Graylog system log manager on Ubuntu Server 20.04
2020-09-24 16:41

SEE: Pro tips: Ubuntu 20.04.What you'll needAn instance of Ubuntu Server 20.04.A user with sudo privileges. Sudo apt-get update sudo apt-get upgrade -y How to install Java.

Microsoft leaks 6.5TB in Bing search data via unsecured Elastic server. *Insert 'Wow... that much?' joke here*
2020-09-23 13:51

Microsoft earlier this month exposed a 6.5TB Elastic server to the world that included search terms, location coordinates, device ID data, and a partial list of which URLs were visited. The data appears to be generated by the Bing mobile app, which promises users "Getting rewarded is easy, just search with the Bing," and has been downloaded more than 10 million times from Google's Play Store at least.

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability
2020-09-23 11:09

If you're administrating Windows Server, make sure it's up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed 'Zerologon' and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers to establish a connection to the targeted domain controller over Netlogon Remote Protocol.

As you're scrambling to patch the scary ZeroLogon hole in Windows Server, don't forget Samba – it's also affected
2020-09-22 21:49

Administrators running Samba as their domain controllers should update their installations as the open-source software suffers from the same ZeroLogon hole as Microsoft's Windows Server. We're told Samba running as an Active Directory or classic NT4-style domain controller is at risk, and although file-server-only installations are not directly affected, "They may need configuration changes to continue to talk to domain controllers."