Archive for the ‘server security’ Category

Baltimore City Shuts Down Most of Its Servers After Ransomware Attack

May 8th, 2019
For the second time in just over a year, the city of Baltimore has been hit by a ransomware attack, affecting its computer network and forcing officials to shut down a majority of its computer servers as a precaution. Ransomware works by encryption files and locking them up so users can't access them. The attackers then demand a ransom amount, typically in Bitcoin digital currency, in

Posted in Baltimore, computer virus, cyber security, Malware attack, ransomware, ransomware attack, server security | Comments (0)

Hackers Found Exploiting Oracle WebLogic RCE Flaw to Spread Ransomware

May 1st, 2019
Taking advantage of newly disclosed and even patched vulnerabilities has become common among cybercriminals, which makes it one of the primary attack vectors for everyday-threats, like crypto-mining, phishing, and ransomware. As suspected, a recently-disclosed critical vulnerability in the widely used Oracle WebLogic Server has now been spotted actively being exploited to distribute a

Posted in Cyber Attack, GandCrab ransomware, Malware attack, oracle, Oracle WebLogic Server, ransomware, ransomware attack, server hacking, server security | Comments (0)

Over 100 Million JustDial Users’ Personal Data Found Exposed On the Internet

April 17th, 2019
An unprotected database belonging to JustDial, India's largest local search service, is leaking personally identifiable information of its every customer in real-time who accessed the service via its website, mobile app, or even by calling on its fancy "88888 88888" customer care number, The Hacker News has learned and independently verified. Founded over two decades ago, JustDial (JD) is the

Posted in API Security, cyber security, data breach, data leaked, Database Security, hacking news, Just dial, mobile api security, server security, unprotected database, website security | Comments (0)

Apache Tomcat Patches Important Remote Code Execution Flaw

April 15th, 2019
The Apache Software Foundation (ASF) has released new versions of its Tomcat application server to address an important security vulnerability that could allow a remote attacker to execute malicious code and take control of an affected server. Developed by ASF, Apache Tomcat is an open source web server and servlet system, which uses several Java EE specifications such as Java Servlet,

Posted in Apache, Apache exploit, Apache Server, Apache Tomcat, cyber security, hacking news, server security, Vulnerability | Comments (0)

Libssh Releases Update to Patch 9 New Security Vulnerabilities

March 19th, 2019
Libssh2, a popular open source client-side C library implementing the SSHv2 protocol, has released the latest version of its software to patch a total of nine security vulnerabilities. The Libssh2 library is available for all major distributors of the Linux operating systems, including Ubuntu, Red Hat, Debian, and also comes bundled within some distributions and software as a default library

Posted in hacking linux, hacking news, libssh, libssh2, linux security, memory corruption vulnerability, secure shell, server security, ssh exploit, ssh hacking, Vulnerability | Comments (0)

Unprotected Government Server Exposes Years of FBI Investigations

January 17th, 2019
A massive government data belonging to the Oklahoma Department of Securities (ODS) was left unsecured on a storage server for at least a week, exposing a whopping 3 terabytes of data containing millions of sensitive files. The unsecured storage server, discovered by Greg Pollock, a researcher with cybersecurity firm UpGuard, also contained decades worth of confidential case files from the

Posted in Cyber Attack, Database Security, FBI, FBI investigation, government computers hacking, Oklahoma Securities Commission, server hacked, server security | Comments (0)

NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws

November 23rd, 2016

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet.

The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and

Posted in ddos attack, Denial of Service, DoS vulnerability, exploit code, hacking news, network security, Network Time Protocol, NTP Server, Security patch, server security | Comments (0)

Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack

November 14th, 2016

Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service (DoS) attacks in order to bring down major Internet servers and modern-day firewalls.

Researchers at TDC Security Operations Center have discovered a new attack technique that lone attackers with limited resources (in this case, a laptop and at least 15Mbps

Posted in ddos attack, DDoS Botnet, ddos protection, ddos tool, denial-of-service attacks, dos attack, hacking news, server security | Comments (0)

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

November 3rd, 2016

Over a month ago we reported about two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL:

MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)

At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit

Posted in hacking database, hacking mysql, hacking news, MariaDB, MySQL, PerconaDB, privilege escalation, Remote code execution vulnerability, server hacking, server security, Vulnerability | Comments (0)

4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

August 3rd, 2016

If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.

HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as

Posted in ddos attack, HTTP/2 Protocol, HTTPS, HTTPS encryption, network security, server security, SPDY Protocol, website security, Whats is HTTP/2 Protocol | Comments (0)