Archive for the ‘server security’ Category

Let’s Encrypt Revoking 3 Million TLS Certificates Issued Incorrectly Due to a Bug

March 4th, 2020
The most popular free certificate signing authority Let's Encrypt is going to revoke more than 3 million TLS certificates within the next 24 hours that may have been issued wrongfully due to a bug in its Certificate Authority software. The bug, which Let's Encrypt confirmed on February 29 and was fixed two hours after discovery, impacted the way it checked the domain name ownership before

Posted in certificate authority, cyber security, Free SSL TLS Certificate, Lets Encrypt, server security, SSL Certificate, TSL Server, website security | Comments (0)

GhostCat: New High-Risk Vulnerability Affects Servers Running Apache Tomcat

February 28th, 2020
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it. Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) 'file read and inclusion bug'

Posted in Apache, Apache exploit, Apache Tomcat, hacking news, local file inclusion, remote code execution, remote file inclusion, server security, server vulnerability, Tomcat Server | Comments (0)

New OpenSMTPD RCE Flaw Affects Linux and OpenBSD Email Servers

February 25th, 2020
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems. OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.

Posted in cyber security, email server, linux, OpenBSD, OpenSMTPD, remote code execution, server security, Vulnerability | Comments (0)

Microsoft Azure Flaws Could Have Let Hackers Take Over Cloud Servers

January 30th, 2020
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure. Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any

Posted in Azure Cloud, Cloud computing, Cloud security, cloud server, cyber security, microsoft, Microsoft Azure, remote code execution, server security, Vulnerability | Comments (0)

250 Million Microsoft Customer Support Records Exposed Online

January 22nd, 2020
If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised. Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support

Posted in cyber security, data breach, data leaked, microsoft, server security, tech support scams | Comments (0)

Citrix Releases Patches for Critical ADC Vulnerability Under Active Attack

January 20th, 2020
Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix. I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit

Posted in Citrix ADC, Citrix Gateway, citrix software, Citrix vulnerability, cyber security, server security, Vulnerability | Comments (0)

PoC Exploits Released for Citrix ADC and Gateway RCE Vulnerability

January 11th, 2020
It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers. Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC

Posted in Citrix Gateway, citrix software, Cyber Attack, exploit code, Proof of Concept, remote code execution, server security | Comments (0)

Dozens of Severe Flaws Found in 4 Popular Open Source VNC Software

November 23rd, 2019
Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system. VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to

Posted in cyber security, hacking news, remote code execution, server security, virtual network computing, VNC protocol, vnc viewer, Vulnerability | Comments (0)

Explained: How New ‘Delegated Credentials’ Boosts TLS Protocol Security

November 6th, 2019
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS." Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections. In short, the new TLS protocol extension aims

Posted in browser security, cyber security, Delegated Credentials, Delegated Credentials for TLS, server security, ssl security, SSL TLS security, TLS encryption, website encryption, website security | Comments (0)

New Cache Poisoning Attack Lets Attackers Target CDN Protected Sites

October 23rd, 2019
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources. The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content

Posted in cache poisoning attack, CDN Network, CDN Service, cyber security, ddos attack, ddos protection, Denial of Service, server security, website security | Comments (0)