Archive for the ‘server security’ Category

Libssh Releases Update to Patch 9 New Security Vulnerabilities

March 19th, 2019
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library

Posted in hacking linux, hacking news, libssh, libssh2, linux security, memory corruption vulnerability, secure shell, server security, ssh exploit, ssh hacking, Vulnerability | Comments (0)

Unprotected Government Server Exposes Years of FBI Investigations

January 17th, 2019
A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the

Posted in Cyber Attack, Database Security, FBI, FBI investigation, government computers hacking, Oklahoma Securities Commission, server hacked, server security | Comments (0)

NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws

November 23rd, 2016

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet.

The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and

Posted in ddos attack, Denial of Service, DoS vulnerability, exploit code, hacking news, network security, Network Time Protocol, NTP Server, Security patch, server security | Comments (0)

Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack

November 14th, 2016

Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service (DoS) attacks in order to bring down major Internet servers and modern-day firewalls.

Researchers at TDC Security Operations Center have discovered a new attack technique that lone attackers with limited resources (in this case, a laptop and at least 15Mbps

Posted in ddos attack, DDoS Botnet, ddos protection, ddos tool, denial-of-service attacks, dos attack, hacking news, server security | Comments (0)

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

November 3rd, 2016

Over a month ago we reported about two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL:

MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)

At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit

Posted in hacking database, hacking mysql, hacking news, MariaDB, MySQL, PerconaDB, privilege escalation, Remote code execution vulnerability, server hacking, server security, Vulnerability | Comments (0)

4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

August 3rd, 2016

If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.

HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as

Posted in ddos attack, HTTP/2 Protocol, HTTPS, HTTPS encryption, network security, server security, SPDY Protocol, website security, Whats is HTTP/2 Protocol | Comments (0)

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

January 15th, 2016

A ‘Serious’ security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol.

The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks.

What Causes the Flaw to occur?

Posted in encryption keys, hacking news, hacking server, man-in-the-middle attack, OpenSSH, patch update, server security, steal crypto keys, Vulnerability | Comments (0)

Juniper Firewalls with ScreenOS Backdoored Since 2012

December 18th, 2015

Juniper Networks has announced that it has discovered “unauthorized code” in ScreenOS, the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs).

It’s not clear what caused the code to get there or how long it has been there, but the release notes posted by Juniper suggest the earliest buggy versions of

Posted in backdoor malware, firewall, Firewall Security Manager, hacking news, hardware firewall, network security, server security, VPN Software, Vulnerability | Comments (0)

USB Defense: Stop Data Walking Out The Door

April 17th, 2015

The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices.

In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than

Posted in log management tool, network security, network security audit software, network security manager, Pendrive Malware, server security, SolarWinds Log & Event Manager, USB Security | Comments (0)