Archive for the ‘server security’ Category

Over 202 Million Chinese Job Seekers’ Details Exposed On the Internet

January 10th, 2019
Cybersecurity researcher has discovered online a massive database containing records of more than 202 million Chinese citizens that remained accessible to anyone on the Internet without authentication until last week. The unprotected 854.8 gigabytes of the database was stored in an instance of MongoDB, a NoSQL high performance and cross-platform document-oriented database, hosted by an

Posted in Chinese, cyber security, database leaked, Database Security, database server, Hosting provider, MongoDB database, secure mongodb, server security | Comments (0)

NTP DoS Exploit Released — Update Your Servers to Patch 10 Flaws

November 23rd, 2016

A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet.

The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and

Posted in ddos attack, Denial of Service, DoS vulnerability, exploit code, hacking news, network security, Network Time Protocol, NTP Server, Security patch, server security | Comments (0)

Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack

November 14th, 2016

Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service (DoS) attacks in order to bring down major Internet servers and modern-day firewalls.

Researchers at TDC Security Operations Center have discovered a new attack technique that lone attackers with limited resources (in this case, a laptop and at least 15Mbps

Posted in ddos attack, DDoS Botnet, ddos protection, ddos tool, denial-of-service attacks, dos attack, hacking news, server security | Comments (0)

Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)

November 3rd, 2016

Over a month ago we reported about two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL:

MySQL Remote Root Code Execution (CVE-2016-6662)
Privilege Escalation (CVE-2016-6663)

At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit

Posted in hacking database, hacking mysql, hacking news, MariaDB, MySQL, PerconaDB, privilege escalation, Remote code execution vulnerability, server hacking, server security, Vulnerability | Comments (0)

4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers

August 3rd, 2016

If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.

HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as

Posted in ddos attack, HTTP/2 Protocol, HTTPS, HTTPS encryption, network security, server security, SPDY Protocol, website security, Whats is HTTP/2 Protocol | Comments (0)

Critical OpenSSH Flaw Leaks Private Crypto Keys to Hackers

January 15th, 2016

A ‘Serious’ security vulnerability has been discovered and fixed in OpenSSH – one of the most widely used open-source implementations of the Secure Shell (SSH) Protocol.

The critical vulnerability could be exploited by hackers to force clients to leak their secret private cryptographic keys, potentially exposing users to Man-in-the-Middle (MITM) attacks.

What Causes the Flaw to occur?

Posted in encryption keys, hacking news, hacking server, man-in-the-middle attack, OpenSSH, patch update, server security, steal crypto keys, Vulnerability | Comments (0)

Juniper Firewalls with ScreenOS Backdoored Since 2012

December 18th, 2015

Juniper Networks has announced that it has discovered “unauthorized code” in ScreenOS, the operating system for its NetScreen firewalls, that could allow an attacker to decrypt traffic sent through Virtual Private Networks (VPNs).

It’s not clear what caused the code to get there or how long it has been there, but the release notes posted by Juniper suggest the earliest buggy versions of

Posted in backdoor malware, firewall, Firewall Security Manager, hacking news, hardware firewall, network security, server security, VPN Software, Vulnerability | Comments (0)

USB Defense: Stop Data Walking Out The Door

April 17th, 2015

The bad news is that internal data breaches are on the rise. And one of the biggest culprits? USB devices.

In the past few years, there has been many organizations tracking down the loss of sensitive/confidential information due to the usage of USB drives and other mass storage media. Cyber-security breaches and data theft are making more and more IT leaders paranoid about security than

Posted in log management tool, network security, network security audit software, network security manager, Pendrive Malware, server security, SolarWinds Log & Event Manager, USB Security | Comments (0)