Archive for the ‘server security’ Category
If your web server is running on Apache Tomcat, you should immediately install the latest available version of the server application to prevent hackers from taking unauthorized control over it.
Yes, that's possible because all versions (9.x/8.x/7.x/6.x) of the Apache Tomcat released in the past 13 years have been found vulnerable to a new high-severity (CVSS 9.8) 'file read and inclusion bug'
Posted in Apache, Apache exploit, Apache Tomcat, hacking news, local file inclusion, remote code execution, remote file inclusion, server security, server vulnerability, Tomcat Server | Comments (0)
OpenSMTPD has been found vulnerable to yet another critical vulnerability that could allow remote attackers to take complete control over email servers running BSD or Linux operating systems.
OpenSMTPD, also known as OpenBSD SMTP Server, is an open-source implementation of the Simple Mail Transfer Protocol (SMTP) to deliver messages on a local machine or to relay them to other SMTP servers.
Posted in cyber security, email server, linux, OpenBSD, OpenSMTPD, remote code execution, server security, Vulnerability | Comments (0)
Cybersecurity researchers at Check Point today disclosed details of two recently patched potentially dangerous vulnerabilities in Microsoft Azure services that, if exploited, could have allowed hackers to target several businesses that run their web and mobile apps on Azure.
Azure App Service is a fully-managed integrated service that enables users to create web and mobile apps for any
Posted in Azure Cloud, Cloud computing, Cloud security, cloud server, cyber security, microsoft, Microsoft Azure, remote code execution, server security, Vulnerability | Comments (0)
If you have ever contacted Microsoft for support in the past 14 years, your technical query, along with some personally identifiable information might have been compromised.
Microsoft today admitted a security incident that exposed nearly 250 million "Customer Service and Support" (CSS) records on the Internet due to a misconfigured server containing logs of conversations between its support
Posted in cyber security, data breach, data leaked, microsoft, server security, tech support scams | Comments (0)
Citrix has finally started rolling out security patches for a critical vulnerability in ADC and Gateway software that attackers started exploiting in the wild earlier this month after the company announced the existence of the issue without releasing any permanent fix.
I wish I could say, "better late than never," but since hackers don't waste time or miss any opportunity to exploit
Posted in Citrix ADC, Citrix Gateway, citrix software, Citrix vulnerability, cyber security, server security, Vulnerability | Comments (0)
It's now or never to prevent your enterprise servers running vulnerable versions of Citrix application delivery, load balancing, and Gateway solutions from getting hacked by remote attackers.
Why the urgency? Earlier today, multiple groups publicly released weaponized proof-of-concept exploit code [1, 2] for a recently disclosed remote code execution vulnerability in Citrix's NetScaler ADC
Posted in Citrix Gateway, citrix software, Cyber Attack, exploit code, Proof of Concept, remote code execution, server security | Comments (0)
Four popular open-source VNC remote desktop applications have been found vulnerable to a total of 37 security vulnerabilities, many of which went unnoticed for the last 20 years and most severe could allow remote attackers to compromise a targeted system.
VNC (virtual network computing) is an open source graphical desktop sharing protocol based on RFB (Remote FrameBuffer) that allows users to
Posted in cyber security, hacking news, remote code execution, server security, virtual network computing, VNC protocol, vnc viewer, Vulnerability | Comments (0)
Mozilla, in partnership with Facebook, Cloudflare, and other IETF community members, has announced technical specifications for a new cryptographic protocol called "Delegated Credentials for TLS."
Delegated Credentials for TLS is a new simplified way to implement "short-lived" certificates without sacrificing the reliability of secure connections.
In short, the new TLS protocol extension aims
Posted in browser security, cyber security, Delegated Credentials, Delegated Credentials for TLS, server security, ssl security, SSL TLS security, TLS encryption, website encryption, website security | Comments (0)
A team of German cybersecurity researchers has discovered a new cache poisoning attack against web caching systems that could be used by an attacker to force a targeted website into delivering error pages to most of its visitors instead of legitimate content or resources.
The issue could affect sites running behind reverse proxy cache systems like Varnish and some widely-used Content
Posted in cache poisoning attack, CDN Network, CDN Service, cyber security, ddos attack, ddos protection, Denial of Service, server security, website security | Comments (0)