Server Security - Page 3 - Results from #40

Discover Server Security News

UChecker tool scans Linux servers for outdated libraries

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

Security teams running Linux servers now have access to UChecker, a new tool offered as part of CloudLinux’s TuxCare security services that runs scans on Linux servers to detect outdated shared libraries on both disk and in memory.

LinuxSecurity.com Team
Jun 16, 2021

Docker malware is now common, so devs need to take Docker security seriously

Three years after the first malware attacks targeting Docker, developers are still misconfiguring and exposing their Docker servers online. Docker malware is now common, making this lackadaisical attitude toward Docker security increasingly problematic.

LinuxSecurity.com Team
Dec 01, 2020

SELinux changes for KVM-separated (Kata) containers

Learn about SELinux types that improve container security in engines such as Podman and CRI-O.

LinuxSecurity.com Team
Aug 19, 2020

New Kaiji malware targets IoT devices via SSH brute-force attacks

Another dangerous strain of malware targeting Linux servers has been identified. Dubbed Kaiji, this variant was developed for the sole purpose of launching DDoS attacks.

LinuxSecurity.com Team
May 07, 2020

New Roboto botnet emerges targeting Linux servers running Webmin

A cybercrime group is enslaving Linux servers running vulnerable Webmin apps into a new botnet that security researchers are currently tracking under the name of Roboto. The botnet's main function is the ability to conduct DDoS attacks, a feature it has not used yet. Learn more:

LinuxSecurity.com Team
Nov 22, 2019

Thousands of servers infected with new Lilocked (Lilu) ransomware

Researchers have identified a new strain of ransomware (Lilu) targeting Linux-based servers. Get the details in this article:

LinuxSecurity.com Team
Sep 06, 2019

Do VPNs Have a Place in Container Security?

Learn about the critical role that VPNs can play in container security in this informative Container Journal article:

LinuxSecurity.com Team
Aug 26, 2019

NCSC in DNS Warning as Hijackers Focus on Home Routers

Have you heard that the NCSC has warned about DNS hijacking threats focusing on home routers? These attacks aim to modify the settings on home routers, potentially via cross-site request forgery (CSRF) web-based attacks, so that they use rogue DNS servers. The end goal is to secretly redirect the user to a phishing page or one capable of installing malware on their machine.

LinuxSecurity.com Team
Jul 16, 2019

New Brute-Force Botnet Targeting Over 1.5 Million RDP Servers Worldwide

Security researchers have discovered an ongoing sophisticated botnet campaign that is currently brute-forcing more than 1.5 million publicly accessible Windows RDP servers on the Internet.

LinuxSecurity.com Team
Jun 07, 2019

Russian Nation-State Group Employs Custom Backdoor for Microsoft Exchange Server

A well-known Russian nation-state hacking group has been infiltrating the Microsoft Exchange email servers of its targeted victims since at least 2014 via a custom backdoor.

LinuxSecurity.com Team
May 07, 2019

A dozen US web servers are spreading 10 malware families, Necurs link suspected

Researchers have uncovered over a dozen servers, unusually registered in the United States, which are hosting ten different malware families spread through phishing campaigns potentially tied to the Necurs bonnet.

LinuxSecurity.com Team
Apr 04, 2019

Apache web server bug grants root access on shared hosting environments

This week, the Apache Software Foundation has patched a severe vulnerability in the Apache (httpd) web server project that could --under certain circumstances-- allow rogue server scripts to execute code with root privileges and take over the underlying server.

LinuxSecurity.com Team
Apr 03, 2019

Targeted malware attacks against Elasticsearch servers surge

Unsecured Elasticsearch clusters are being targeted in a fresh wave of attacks designed to drop both malware and cryptocurrency mining software.

LinuxSecurity.com Team
Feb 28, 2019

LibSSH Flaw Allows Hackers to Take Over Servers Without Password

A four-year-old severe vulnerability has been discovered in the Secure Shell (SSH) implementation library known as Libssh that could allow anyone to completely bypass authentication and gain unfettered administrative control over a vulnerable server without requiring a password.

LinuxSecurity.com Team
Oct 17, 2018

What is a Linux server and why does your business need one?

IT organizations strive to deliver business value by increasing productivity and delivering services faster while remaining flexible enough to incorporate innovations like cloud, containers, and configuration automation. Modern workloads, whether they run on bare metal, virtual machines, containers, or private or public clouds, are expected to be portable and scalable. Supporting all this requires a modern, secure platform.

LinuxSecurity.com Team
Oct 08, 2018

Fitness app PumpUp left users' personal data exposed on server

While it's not at the catastrophic level of MyFitnessPal's 150 million-user data breach , the company behind the workout app PumpUp left information for 6 million of its members exposed. The Amazon cloud-hosted back-end server holding the data didn't have a password set up for an uncertain lenght of time, enabling anyone to observe sign-ins and exchanged messages.

LinuxSecurity.com Team
Jun 02, 2018

Open Redis Servers Infected with Malware

After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot.

LinuxSecurity.com Team
Jun 01, 2018

GoScanSSH Malware Avoids US Military, South Korea Targets

A new strain of malware that targets vulnerable Linux-based systems is loose in the wild, with an interesting habit of avoiding government and military networks.

LinuxSecurity.com Team
Apr 03, 2018

How to configure multiple websites with Apache web server

In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache.

LinuxSecurity.com Team
Mar 30, 2018

Administrator's Password Bad Practice

Just a quick reminder about some bad practices while handling Windows Administrator credentials. I'm constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec[1].

LinuxSecurity.com Team
Mar 20, 2018

Server Security - Page 3

Securing Your Linux Server: Understanding and Mitigating Modern Threats

Essential Server Security Security Strategies for Administrators

Ensuring Linux Server Security: A Comprehensive Guide