Vulnerable servers of all kinds are being targeted, compromised and made to mine cryptocurrencies for the attackers. Apache Solr servers under attack SANS ISC handler Renato Marihno warns about an active campaign aimed at compromising Apache Solr servers. The campaign infected 1777 victims from February 28 to March 8. Of those, 1416 are Solr servers. The attackers are exploiting CVE-2017-12629 for gaining access to the...
Read More
Data protection has never been more important, and keeping up to date on your requirements as business is becoming a vital part of your business management. With the introduction of the General Data Protection Regulation (GDPR) that comes into effect in May 2018, it’s vital to ensure that you are protecting the data that your customers trust you with. As online security becomes increasingly important to businesses...
Read More
This is actually where I came in, nearly 30 years ago. The first malware outbreak for which I provided consultancy was Dr. Popp’s extraordinary AIDS Trojan, which rendered a victim’s data inaccessible until a ‘software lease renewal’ payment was made. And for a long time afterwards, there was not much else that could be called ransomware, unless you count threats made against organizations of persistent DDoS (Distributed Denial...
Read More
SonicWall recorded 9.32 billion malware attacks in 2017 and saw more than 12,500 new Common Vulnerabilities and Exposures (CVE) reported for the year. “The cyber arms race affects every government, business, organization and individual. It cannot be won by any one of us,” said SonicWall CEO Bill Conner. “Our latest proprietary data and findings show a series of strategic attacks and countermeasures as the cyber...
Read More
প্রযুক্তির এই যুগে সবচেয়ে জনপ্রিয় যোগাযোগমাধ্যম হচ্ছে ফেসবুক। পরিবার, বন্ধুবান্ধবসহ বিভিন্ন জনের সঙ্গে যোগাযোগের জন্য, বিশেষ করে যারা দেশের বাইরে অবস্থান করেন, তাদের জন্য ফেসবুকে যোগাযোগের বিকল্প নেই। কিন্তু অনেকের কাছে এই ফেসবুক কখনো কখনো হয়ে ওঠে আতঙ্কের নাম। পুরুষদের পাশাপাশি নিয়মিত ফেবসুক ব্যবহার করেন অনেক নারী। পুরুষদের চেয়ে ফেসবুক ব্যবহারের ক্ষেত্রে নারীদের সবচেয়ে বেশি সচেতন হতে হয়। সামান্য অসাবধানতার কারণে যে কোনো মুহূর্তে হ্যাক...
Read More
The Asia Pacific Computer Emergency Response Team (APCERT) today has successfully completed its annual drill to test the response capability of leading Computer Security Incident Response Teams (CSIRT) within the Asia Pacific economies. For the fifth time, APCERT involved the participation of members from the Organisation of the Islamic Cooperation – Computer Emergency Response Team (OIC-CERT) in this annual drill. The theme of this year’s...
Read More
Description: Multiple vulnerabilities have been discovered in PHP, the most severe of which could allow an attacker to execute arbitrary code. PHP is a programming language originally designed for use in web-based applications with HTML content. PHP supports a wide variety of platforms and is used by numerous web-based software applications. Impact: Successfully exploiting the most severe of these vulnerabilities could allow for arbitrary code...
Read More
Environment Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Issue memcached is being used in DDoS amplification attacks I’m concerned about news of DDoS attacks using memcached Resolution Red Hat is aware of DDoS (Distributed Denial of Service) amplification attacks being performed by exploiting memcached servers exposed to the public Internet. These attacks take advantage of memcached communication using the UDP protocol for...
Read More
UPDATE: As of 2018-03-02 ( Afternoon Update), more attack using the memcached reflection vector have been unleashed on the Internet. As shared by Akamai Technologies “memcached-fueled 1.3 Tbps Attacks,” the application factors are “Internet Impacting.” Mitigation and Remediation Efforts are reducing the number of potential memcached reflectors. Please keep up the good work. Operators are asked to port filter (Exploitable Port Filters), rate limits the port 11211 UDP traffic (ingress and...
Read More
ON WEDNESDAY, AT about 12:15 pm ET, 1.35 terabits per second of traffic hit the developer platform GitHub all at once. It was the most powerful distributed denial of service attack recorded to date—and it used an increasingly popular DDoS method, no botnet required. GitHub briefly struggled with intermittent outages as a digital system assessed the situation. Within 10 minutes it had automatically called for help from its...
Read More
