Server Security - Page 3Server Security - Page 3.4 - Results from #48

Discover Server Security News

Fitness app PumpUp left users' personal data exposed on server

data:image/svg+xml,%3Csvg%20xmlns=%22http://www.w3.org/2000/svg%22%20viewBox=%220%200%20100%20100%22%3E%3C/svg%3E

While it's not at the catastrophic level of MyFitnessPal's 150 million-user data breach , the company behind the workout app PumpUp left information for 6 million of its members exposed. The Amazon cloud-hosted back-end server holding the data didn't have a password set up for an uncertain lenght of time, enabling anyone to observe sign-ins and exchanged messages.

LinuxSecurity.com Team
Jun 02, 2018

Open Redis Servers Infected with Malware

After scanning 72,000 publicly available Redis (REmote DIctionary Server) servers with attack keys garnered through honeypot traffic, Imperva today reported that 75% of the publicly available Redis servers were hosting the attacks registered in the honeypot.

LinuxSecurity.com Team
Jun 01, 2018

GoScanSSH Malware Avoids US Military, South Korea Targets

A new strain of malware that targets vulnerable Linux-based systems is loose in the wild, with an interesting habit of avoiding government and military networks.

LinuxSecurity.com Team
Apr 03, 2018

How to configure multiple websites with Apache web server

In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache.

LinuxSecurity.com Team
Mar 30, 2018

Administrator's Password Bad Practice

Just a quick reminder about some bad practices while handling Windows Administrator credentials. I'm constantly changing my hunting filters on VT. A few days ago, I started to search for files/scripts that use the Microsoft SysInternals tool psexec[1].

LinuxSecurity.com Team
Mar 20, 2018

Why a hard drive RAID array can save your bacon

How valuable is your data? If your storage drive crashed, would it ruin your day? Your week? Your entire career? Only you can answer those questions for yourself and your organization. But I'll tell you, personally, I need my files -- not only to get my day-to-day job done, but to reference older information and even look at personal keepsakes (like all my digital photos).

LinuxSecurity.com Team
Mar 15, 2018

Samba settings SNAFU lets any user change admin passwords

Samba admins: get patching and/or updating. Unless you’re content to have your admin passwords overwritten by, well, anyone else using Samba.

LinuxSecurity.com Team
Mar 14, 2018

Web Application Firewalls: Choosing the Right WAF for Server Security

Web applications pose a significant security risk to servers, and having a web application firewall (WAF) in place is vital to keeping your servers and your business running smoothly.

LinuxSecurity.com Team
Mar 05, 2018

New attacks on Network Time Protocol can defeat HTTPS and create chaos

Serious weaknesses in the Internet's time-synchronization mechanism can be exploited to cause debilitating outages, snoop on encrypted communications, or tamper with Bitcoin transactions, computer scientists warned Wednesday.

LinuxSecurity.com Team
Oct 27, 2015

AV-TEST tests Linux security solutions against Linux and Windows threats

The recent tests on Linux security solutions by AV-Test Lab indicate a worrisome situation

LinuxSecurity.com Team
Oct 12, 2015

Turnbull: Don't assume government email is more secure than private email

Concerns over Malcolm Turnbull using his own private email server have been rebuked by the Australian Prime Minister, who said that all parliamentarians use insecure communication methods all the time, most notably, SMS messaging.

LinuxSecurity.com Team
Oct 09, 2015

10 Most Common Web Security Vulnerabilities

For all too many companies, it

LinuxSecurity.com Team
Sep 17, 2015

Amazon introduces new open-source TLS implementation 's2n'

Unless you haven't been on the net for a year, you know Transport Layer Security/Secure Socket Layer (TLS/SSL) software, such as OpenSSL, have had numerous serious security problems. Now, Amazon, is introducing a new TLS implementation: "Signal to noise," s2n.

LinuxSecurity.com Team
Jun 30, 2015

Why are there still so many website vulnerabilities?

The cracks in the armor of most enterprise websites are many including recurring holes in OpenSSL, PHP, and WordPress and are largely due to a combination of extensive customizations paired with a shortage of testing and fixing of vulnerabilities when compared with that of long-standing commercial OS software.

LinuxSecurity.com Team
Jun 22, 2015

Who's afraid of DNS? Nominet's new 'turing' tool visualises hidden security threats

UK domain registrar Nominet has shown off a striking new visualisation tool called

LinuxSecurity.com Team
Jun 11, 2015

Top security tools in the fight against cybercrime

Cybercrime is a massive global threat, and U.S. businesses are the No.1 target. For tips and advice about how best to defend against cyberattacks, Network World asked security pros to name their No.1, most valuable security tool.

LinuxSecurity.com Team
May 19, 2015

Two NTP Key Authentication Vulnerabilities Patched

NTP, the much maligned protocol abused in a number of high volume DDoS attacks a year ago, is suffering from newly patched vulnerabilities that could allow an attacker to send unauthenticated packets to a client that would be executed.

LinuxSecurity.com Team
Apr 09, 2015

Vast majority of organizations are still vulnerable to Heartbleed

According to research from Venafi, a vast majority of the world's top businesses are still vulnerable to Heartbleed, which was disclosed a year ago this month. The OpenSSL flaw impacted organizations both large and small, but the latest figures show that 74-percent of the Global 2000 remain vulnerable.

LinuxSecurity.com Team
Apr 08, 2015

OpenSSL Patch to Plug Severe Security Holes

The world is about to get another reminder about just how much of the Internet runs on technology maintained by a handful of coders working on a shoestring budget. OpenSSL

LinuxSecurity.com Team
Mar 19, 2015

Clinton's Homebrew E-Mail Server: Risky or Genius?

No, it's not always a room filled with wires and glowing blue lights. It's probably not even the size of your furnace. The personal email server used by Hillary Rodham Clinton during her time as secretary of state was probably about the size of your office desktop computer and could have been tucked quietly in a corner somewhere.

LinuxSecurity.com Team
Mar 09, 2015

Server Security - Page 3.4

Magnet Goblin Hackers Exploit One-Day Flaws to Deploy Custom Linux Malware

New Bifrost Malware Evades Detection, Threatens Linux Server Security

Cryptocurrency Mining Migo Malware Attacks Linux Redis Servers