hosting web server | Breaking Cybersecurity News | The Hacker News

If you're running any PHP based website on NGINX server and have PHP-FPM feature enabled for better performance, then beware of a newly disclosed vulnerability that could allow unauthorized attackers to hack your website server remotely. The vulnerability, tracked as CVE-2019-11043 , affects websites with certain configurations of PHP-FPM that is reportedly not uncommon in the wild and could be exploited easily as a proof-of-concept (PoC) exploit for the flaw has already been released publicly. PHP-FPM is an alternative PHP FastCGI implementation that offers advanced and highly-efficient processing for scripts written in PHP programming language. The main vulnerability is an "env_path_info" underflow memory corruption issue in the PHP-FPM module, and chaining it together with other issues could allow attackers to remotely execute arbitrary code on vulnerable web servers. The vulnerability was spotted by Andrew Danau, a security researcher at Wallarm while hun

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation's top intelligence contractor without a password, according to a new report. UpGuard cyber risk analyst Chris Vickery discovered  a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access. The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country's top defense contractors. Although there wasn't any top secret file in the cache Vickery discovered, the documents included credentials to log into code repositories that could contain classified files and other credentials. Master Credentials to a Highly-Protected Pentagon System were Exposed Roughly 28GB of exposed documents included the privat

Identities now transcend human boundaries. Within each line of code and every API call lies a non-human identity. These entities act as programmatic access keys, enabling authentication and facilitating interactions among systems and services, which are essential for every API call, database query, or storage account access. As we depend on multi-factor authentication and passwords to safeguard human identities, a pressing question arises: How do we guarantee the security and integrity of these non-human counterparts? How do we authenticate, authorize, and regulate access for entities devoid of life but crucial for the functioning of critical systems? Let's break it down. The challenge Imagine a cloud-native application as a bustling metropolis of tiny neighborhoods known as microservices, all neatly packed into containers. These microservices function akin to diligent worker bees, each diligently performing its designated task, be it processing data, verifying credentials, or