#1 Trusted Cybersecurity News Platform
The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: Data Center

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners

Atlassian Confluence Flaw Being Used to Deploy Ransomware and Crypto Miners
June 18, 2022Ravie Lakshmanan
A recently patched  critical security flaw  in Atlassian Confluence Server and Data Center products is being actively weaponized in real-world attacks to drop cryptocurrency miners and ransomware payloads. In at least two of the Windows-related incidents observed by cybersecurity vendor Sophos, adversaries exploited the vulnerability to deliver Cerber ransomware and a  crypto miner  called z0miner on victim networks. The bug ( CVE-2022-26134 , CVSS score: 9.8), which was  patched  by Atlassian on June 3, 2022, enables an unauthenticated actor to inject malicious code that paves the way of remote code execution (RCE) on affected installations of the collaboration suite. All supported versions of Confluence Server and Data Center are affected. Other notable malware pushed as part of disparate instances of attack activity include Mirai and Kinsing bot variants, a rogue package called  pwnkit , and Cobalt Strike by way of a web shell deployed after gaining an initial foothold into the

From Pet Systems to Cattle Farm — What Happened to the Data Center?

From Pet Systems to Cattle Farm — What Happened to the Data Center?
February 24, 2022The Hacker News
There's something about craftsmanship. It's personal, its artistry, and it can be incredibly effective in achieving its goals. On the other hand, mass-market production can be effective in other ways, through speed, efficiency, and cost savings. The story of data centers is one of going from craftsmanship – where every individual machine is a pet project, maintained with great care – to mass production with big server farms where individual units are completely disposable. In this article, we take a look at how data centers have changed shape over the decades. We examine the implications for data center workloads, and for the people that run them – who have now lost their pet systems. We'll also review the cybersecurity implications of the new data center landscape. Pet system with a big purpose For any sysadmin who started their career before the advent of virtualization and other cloud and automation technologies, systems were finely crafted pieces of hardware – and

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability

Hackers Breach LineageOS, Ghost, DigiCert Servers Using SaltStack Vulnerability
May 04, 2020Ravie Lakshmanan
Days after cybersecurity researchers sounded the alarm over two critical vulnerabilities in the SaltStack configuration framework , a hacking campaign has already begun exploiting the flaws to breach servers of LineageOS, Ghost, and DigiCert. Tracked as CVE-2020-11651 and CVE-2020-11652 , the disclosed flaws could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The issues were fixed by SaltStack in a release published on April 29th. "We expect that any competent hacker will be able to create 100% reliable exploits for these issues in under 24 hours," F-Secure researchers had previously warned in an advisory last week. LineageOS, a maker of an open-source operating system based on Android, said it detected the intrusion on May 2nd at around 8 pm Pacific Time. "Around 8 pm PST on May 2nd, 2020, an attacker used a CVE in our SaltStack master to gain access to our infrastructure," the company n

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers

Critical SaltStack RCE Bug (CVSS Score 10) Affects Thousands of Data Centers
May 01, 2020Ravie Lakshmanan
Two severe security flaws have been discovered in the open-source SaltStack Salt configuration framework that could allow an adversary to execute arbitrary code on remote servers deployed in data centers and cloud environments. The vulnerabilities were identified by F-Secure researchers earlier this March and disclosed on Thursday, a day after SaltStack released a patch (version 3000.2) addressing the issues , rated with CVSS score 10. "The vulnerabilities, allocated CVE IDs CVE-2020-11651 and CVE-2020-11652 , are of two different classes," the cybersecurity firm said . "One being authentication bypass where functionality was unintentionally exposed to unauthenticated network clients, the other being directory traversal where untrusted input (i.e., parameters in network requests) was not sanitized correctly allowing unconstrained access to the entire filesystem of the master server." The researchers warned that the flaws could be exploited in the wild imm

NSA Data Center Experiencing 300 Million Hacking Attempts Per Day

NSA Data Center Experiencing 300 Million Hacking Attempts Per Day
February 23, 2016Unknown
Utah State computer systems are experiencing a massive cyber attack on up to 300 Million Hacking attempts per day due to National Security Agency's (NSA) data center in the state. Yes, 300,000,000 hacking attempts in a day! According to the statistical survey, it is evident that the computer systems in the US State of Utah began to experience the hacking attack a few years back, precisely, soon after the NSA revelations by global surveillance whistleblower Edward Snowden. It is a less-known fact that the NSA has built its new data center near the city of Bluffdale, Utah. However, a couple of years back, when Snowden revealed the presence of the data center, the attacks have constantly been going on. The PRISM spying program by Big Brothers at NSA might have shifted the attention of hackers for the retaliation against mass-surveillance and flared up this heightened cyber attacks against the spying agency. According to Utah Commissioner of public safety, Keith S

Here's Why Microsoft Drops a Cloud Data Center Under the Ocean

Here's Why Microsoft Drops a Cloud Data Center Under the Ocean
February 03, 2016Swati Khandelwal
Where tech companies like Facebook and Google prefer to move their data centers to colder countries to reduce their air conditioning bill, Microsoft has come up with an even better home for data centers while cutting high energy costs for cooling them: Under the Sea . Here's what Microsoft says: "50% of us live near the coast. Why doesn't our data?" Building massive data centers underwater might sound crazy, but it is exactly something Microsoft is testing with its first submarine data center, dubbed Leona Philpot . World's First Underwater Data Center The testing is part of Microsoft's plan dubbed Project Natick — an ongoing research project to build and run a data center that is submerged in the ocean, which the company believes, could make data centers faster, cost-effective, environmentally friendly and easier to set up. Leona Philpot (named after the Halo character from Microsoft's Xbox) was tested last August, when engineer

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks

Venom Vulnerability Exposes Most Data Centers to Cyber Attacks
May 14, 2015Swati Khandelwal
Just after a new security vulnerability surfaced Wednesday, many tech outlets started comparing it with HeartBleed, the serious security glitch uncovered last year that rendered communications with many well-known web services insecure, potentially exposing Millions of plain-text passwords. But don't panic. Though the recent vulnerability has a more terrific name than HeartBleed , it is not going to cause as much danger as HeartBleed did. Dubbed VENOM , stands for Virtualized Environment Neglected Operations Manipulation , is a virtual machine security flaw uncovered by security firm CrowdStrike that could expose most of the data centers to malware attacks, but in theory. Yes, the risk of Venom vulnerability is theoretical as there is no real-time exploitation seen yet, while, on the other hand, last year's HeartBleed bug was practically exploited by hackers unknown number of times, leading to the theft of critical personal information. Now let's know more about Ven

Google engineers over surveillance scandal: 'Fuck you NSA'

Google engineers over surveillance scandal: 'Fuck you NSA'
November 07, 2013Mohit Kumar
On Tuesday, the Washington Post revealed a few more NSA slides released by Edward Snowden, which revealed that the spy agency NSA was infiltrating the private data links between Google and Yahoo data centers as part of a program called MUSCULAR . Chairman and former CEO of Google Eric Schmidt says the company's executives are shocked by allegations that the National Security Agency has been collecting data from the search engine's servers. " It's really outrageous that the NSA was looking between the Google data centers, if that's true ," he said. Overnight, Two Google's Security engineers -  Mike Hearn and   Brandon Downey expressed reasonable anger about the news on Google+, said " Fuck these guys ", where these represent NSA and GCHQ. I've spent the last ten years of my life trying to keep Google's users safe and secure from the many diverse threats Google faces. Fuck You to the people who made these slides. I am not American, I am a Brit, but i
Deals — IT Courses and Software

Sign up for our cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.